From 5bb8bc470a2ff341a615b8d4fb1705d97144a4c0 Mon Sep 17 00:00:00 2001 From: Yoshiyuki Watanabe <32473622+yoshwata@users.noreply.github.com> Date: Sat, 13 Nov 2021 10:02:12 +0900 Subject: [PATCH] fix: do not show private pipeline from another scm user (#194) --- index.js | 5 ++++ test/index.test.js | 75 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 79 insertions(+), 1 deletion(-) diff --git a/index.js b/index.js index 2cea90f..0f78ef7 100644 --- a/index.js +++ b/index.js @@ -227,6 +227,11 @@ class GithubScm extends Scm { privateRepo = scmRepo.privateRepo || false; } else { try { + if (scmHost !== this.config.gheHost) { + throw new Error( + `Pipeline's scmHost ${scmHost} does not match with user's scmHost ${this.config.gheHost}` + ); + } // https://github.com/octokit/rest.js/issues/163 const repo = await this.breaker.runCommand({ scopeType: 'request', diff --git a/test/index.test.js b/test/index.test.js index 25cc1f6..308649e 100644 --- a/test/index.test.js +++ b/test/index.test.js @@ -115,7 +115,8 @@ describe('index', function() { oauthClientId: 'abcdefg', oauthClientSecret: 'hijklmno', secret: 'somesecret', - commentUserToken: 'sometoken' + commentUserToken: 'sometoken', + gheHost: 'github.com' }); }); @@ -723,6 +724,33 @@ describe('index', function() { } ); }); + + it('rejects when scm settings is mismatch', () => { + const scmUriNotMatch = 'notmatching.com:23498:targetBranch'; + const [scmHost] = scmUriNotMatch.split(':'); + const loginContext = scm.getScmContexts(); + const loginHost = loginContext[0].split(':')[1]; + + const testError = new Error( + `Pipeline's scmHost ${scmHost} does not match with user's scmHost ${loginHost}` + ); + + githubMock.request.rejects(testError); + + return scm + .lookupScmUri({ + scmUri: scmUriNotMatch, + token: 'sometoken' + }) + .then( + () => { + assert.fail('This should not fail the test'); + }, + error => { + assert.strictEqual(error.message, testError.message); + } + ); + }); }); describe('updateCommitStatus', () => { @@ -1859,6 +1887,20 @@ jobs: } }); + scm = new GithubScm({ + fusebox: { + retry: { + minTimeout: 1 + } + }, + readOnly: {}, + oauthClientId: 'abcdefg', + oauthClientSecret: 'hijklmno', + secret: 'somesecret', + commentUserToken: 'sometoken', + gheHost: 'internal-ghe.mycompany.com' + }); + return scm .decorateCommit({ scmUri, @@ -1907,6 +1949,20 @@ jobs: }); githubMock.users.getByUsername.resolves(); + scm = new GithubScm({ + fusebox: { + retry: { + minTimeout: 1 + } + }, + readOnly: {}, + oauthClientId: 'abcdefg', + oauthClientSecret: 'hijklmno', + secret: 'somesecret', + commentUserToken: 'sometoken', + gheHost: 'internal-ghe.mycompany.com' + }); + return scm .decorateCommit({ scmUri, @@ -1946,6 +2002,20 @@ jobs: githubMock.repos.getCommit.rejects(testError); + scm = new GithubScm({ + fusebox: { + retry: { + minTimeout: 1 + } + }, + readOnly: {}, + oauthClientId: 'abcdefg', + oauthClientSecret: 'hijklmno', + secret: 'somesecret', + commentUserToken: 'sometoken', + gheHost: 'internal-ghe.mycompany.com' + }); + return scm .decorateCommit({ scmUri, @@ -2119,6 +2189,9 @@ jobs: 'github:github.com': { clientId: 'abcdefg', clientSecret: 'hijklmno', + config: { + uri: 'https://github.com' + }, forceHttps: false, isSecure: false, provider: 'github',