Conversation
✅ Deploy Preview for modelina canceled.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
feat: support non-object model types for rust Those model types are common when using GET parameters in an OpenAPI document. Typescript already has a TypeRenderer. This adds an equivalent for Rust. However, instead of using a Rust type aliases, this PR uses the New Type Idiom. There are two main advantages to using the New Type idiom: compile-time value type validation and a bypass of the rust orphan rule (see https://effective-rust.com/newtype.html). The second advantage will be needed to implement model validation. Likely this validation will come from an external trait. Rust only allows adding external trait implementations to types that are internal to the crate (type aliases do not count).
| const sanitized = schemaId | ||
| .replace('<', '') | ||
| .replace(/-/g, '_') | ||
| .replace('>', ''); |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To ensure that all occurrences of the < and > characters within schemaId are removed (not just the first one), the .replace method should be called with a regular expression using the global flag /g. That is, replace .replace('<', '') with .replace(/</g, ''), and similarly for >. Only edit the lines of code where this occurs, maintaining the rest of the code unchanged. No new imports or auxiliary methods are needed, as regular expressions are natively supported in JavaScript/TypeScript.
| @@ -582,9 +582,9 @@ | ||
| // Priority 7: Fallback to sanitized anonymous ID | ||
| if (schemaId?.includes(AsyncAPIInputProcessor.ANONYMOUS_PREFIX)) { | ||
| const sanitized = schemaId | ||
| .replace('<', '') | ||
| .replace(/</g, '') | ||
| .replace(/-/g, '_') | ||
| .replace('>', ''); | ||
| .replace(/>/g, ''); | ||
| Logger.debug(`Using sanitized anonymous ID: ${sanitized}`); | ||
| return sanitized; | ||
| } |
| const sanitized = schemaId | ||
| .replace('<', '') |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
The best way to fix this issue is to ensure that all occurrences of the problematic meta-characters (specifically < and >) are removed from the string, not just the first occurrence. This should be done using a global regular expression in the .replace method.
In src/processors/AsyncAPIInputProcessor.ts, locate the code block on line 584 where schemaId.replace('<', '').replace(/-/g, '_').replace('>', '') appears, and modify the code to use .replace(/</g, '') and .replace(/>/g, ''). This ensures every occurrence of < and > in schemaId is removed correctly (and all -s are replaced with _). No additional imports are needed; this is built-in JavaScript functionality. No changes to functionality beyond proper sanitization will occur.
| @@ -582,9 +582,9 @@ | ||
| // Priority 7: Fallback to sanitized anonymous ID | ||
| if (schemaId?.includes(AsyncAPIInputProcessor.ANONYMOUS_PREFIX)) { | ||
| const sanitized = schemaId | ||
| .replace('<', '') | ||
| .replace(/</g, '') | ||
| .replace(/-/g, '_') | ||
| .replace('>', ''); | ||
| .replace(/>/g, ''); | ||
| Logger.debug(`Using sanitized anonymous ID: ${sanitized}`); | ||
| return sanitized; | ||
| } |
|
🎉 This PR is included in version 6.0.0-next.5 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
| test: | ||
| name: Runtime testing Go Models | ||
| if: "github.event.pull_request.draft == false &&!((github.actor == 'asyncapi-bot' && startsWith(github.event.pull_request.title, 'ci: update global workflows')) || (github.actor == 'asyncapi-bot' && startsWith(github.event.pull_request.title, 'chore(release):')) || (github.actor == 'allcontributors' && startsWith(github.event.pull_request.title, 'docs: add')))" | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v3 | ||
| - name: Check package-lock version | ||
| uses: asyncapi/.github/.github/actions/get-node-version-from-package-lock@master | ||
| id: lockversion | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: "${{ steps.lockversion.outputs.version }}" | ||
| cache: 'npm' | ||
| cache-dependency-path: '**/package-lock.json' | ||
| - name: Build Library | ||
| run: npm install && npm run build:prod | ||
| - name: Setup Go | ||
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version: '1.22' | ||
| - name: Generate Go Models | ||
| run: npm run generate:runtime:go | ||
| - name: Run runtime Tests |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
In general, the fix is to explicitly declare a permissions block in the workflow (at the root level or per job) that grants only the scopes required. This workflow just checks out code and runs Node.js and Go commands, so it only needs read access to repository contents; no write scopes are required.
The best fix with minimal functional impact is to add a root-level permissions block directly under the name: declaration so it applies to all jobs. In .github/workflows/runtime-go-testing.yml, add:
permissions:
contents: readon new lines after line 1 (name: Runtime Testing Go Models). No other changes, imports, or additional configuration are needed.
| @@ -1,4 +1,6 @@ | ||
| name: Runtime Testing Go Models | ||
| permissions: | ||
| contents: read | ||
| on: | ||
| push: | ||
| pull_request: |
|
🎉 This PR is included in version 6.0.0-next.6 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
4 participants
Placeholder for v6 release