CR-10360 -- security fixes (#733)

yaroslav-codefresh · web-flow · commit a1750cb70f2a · 2022-03-28T18:14:24.000+03:00
* CR-10360 -- security fixes * fix linter errors * fix Dockerfile * update node version + update pkg + update binary node version + update node-tester-image * check another image * fix node-tester-image * fix test * Revert "fix test" This reverts commit 4e9349b. * fix test * fix jq * fix docker file * update version * add small e2e tests * fix * rearrange e2e * refactor e2e tests * fix * add docker ignore for e2e
diff --git a/.dockerignore b/.dockerignore
@@ -12,3 +12,4 @@ codefresh.yml
 .coveralls.yml
 examples
 dist
+e2e
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # go hub binary
 FROM golang:alpine as go
 RUN apk --update add ca-certificates git
-RUN go get github.com/github/hub
+RUN go install github.com/github/hub@latest
 
 # python yq binary
 FROM six8/pyinstaller-alpine:alpine-3.6-pyinstaller-v3.4 as yq
@@ -11,9 +11,9 @@ RUN pip install yq==${YQ_VERSION}
 RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq)
 
 # Main
-FROM node:10.23.0-alpine3.11
+FROM node:12.22.11-alpine3.15
 
-RUN apk --update add --no-cache ca-certificates git curl bash yarn jq=1.6-r0
+RUN apk --update add --no-cache ca-certificates git curl bash jq
 
 COPY --from=go /go/bin/hub /usr/local/bin/hub
 COPY --from=yq /tmp/yq /usr/local/bin/yq
@@ -31,7 +31,6 @@ RUN yarn install --prod --frozen-lockfile && \
 COPY . /cf-cli
 
 RUN yarn generate-completion
-RUN apk del yarn
 
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 
diff --git a/codefresh.yml b/codefresh.yml
@@ -12,21 +12,30 @@ steps:
 
   install_dependencies:
     title: 'Installing testing dependencies'
-    image: codefresh/node-tester-image:10.15.3
+    image: quay.io/codefresh/node-tester-image:12.21.0
     commands:
         - yarn install --frozen-lockfile
 
-  eslint:
-    title: 'Running linting logic'
-    image: codefresh/node-tester-image:10.15.3
-    commands:
-        - yarn eslint
+  parallel_tests:
+    type: parallel
+    steps:
+      eslint:
+        title: 'Running linting logic'
+        image: quay.io/codefresh/node-tester-image:12.21.0
+        commands:
+          - yarn eslint
 
-  unit-tests:
-    title: 'Running unit tests'
-    image: codefresh/node-tester-image:10.15.3
-    commands:
-        - yarn test
+      unit-tests:
+        title: 'Running unit tests'
+        image: quay.io/codefresh/node-tester-image:12.21.0
+        commands:
+          - yarn test
+
+      e2e-tests:
+        title: 'Running e2e tests'
+        image: quay.io/codefresh/node-tester-image:12.21.0
+        commands:
+          - yarn e2e
 
   extract_version:
     title: "Exporting package.json version"
diff --git a/e2e/e2e.spec.sh b/e2e/e2e.spec.sh
@@ -0,0 +1,30 @@
+# fail if one of the commands returns non-zero code
+set -e
+set -o pipefail
+
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
+CODEFRESH_PATH="$SCRIPT_DIR/../lib/interface/cli/codefresh"
+
+echo "Using $CODEFRESH_PATH"
+function codefresh() {
+    $CODEFRESH_PATH $@
+}
+
+codefresh version
+echo
+
+for executable in $SCRIPT_DIR/scenarios/*.sh
+do
+  source $executable > "$executable.log" &
+  echo "[$!] Executing: $executable"
+done
+echo
+
+for job in `jobs -p`
+do
+    echo "Waiting for $job..."
+    wait $job || exit 1
+done
+
+echo
+echo "All tests executed successfully!"
diff --git a/e2e/scenarios/agents.sh b/e2e/scenarios/agents.sh
@@ -0,0 +1 @@
+codefresh get agents
diff --git a/e2e/scenarios/annotations.sh b/e2e/scenarios/annotations.sh
@@ -0,0 +1,2 @@
+echo "Skipping annotation.sh"
+#codefresh get annotation
diff --git a/e2e/scenarios/boards.sh b/e2e/scenarios/boards.sh
@@ -0,0 +1,3 @@
+codefresh get boards
+echo "Skipping sections.sh"
+#codefresh get sections
diff --git a/e2e/scenarios/builds.sh b/e2e/scenarios/builds.sh
@@ -0,0 +1 @@
+codefresh get builds
diff --git a/e2e/scenarios/clusters.sh b/e2e/scenarios/clusters.sh
@@ -0,0 +1 @@
+codefresh get clusters
diff --git a/e2e/scenarios/compositions.sh b/e2e/scenarios/compositions.sh
@@ -0,0 +1 @@
+codefresh get compositions
diff --git a/e2e/scenarios/contexts.sh b/e2e/scenarios/contexts.sh
@@ -0,0 +1 @@
+codefresh get contexts
diff --git a/e2e/scenarios/environments.sh b/e2e/scenarios/environments.sh
@@ -0,0 +1 @@
+codefresh get environments
diff --git a/e2e/scenarios/helm-repo.sh b/e2e/scenarios/helm-repo.sh
@@ -0,0 +1 @@
+codefresh get helm-repo
diff --git a/e2e/scenarios/images.sh b/e2e/scenarios/images.sh
@@ -0,0 +1 @@
+codefresh get images
diff --git a/e2e/scenarios/pipelines.sh b/e2e/scenarios/pipelines.sh
@@ -0,0 +1 @@
+codefresh get pipelines
diff --git a/e2e/scenarios/projects.sh b/e2e/scenarios/projects.sh
@@ -0,0 +1 @@
+codefresh get projects
diff --git a/e2e/scenarios/registry.sh b/e2e/scenarios/registry.sh
@@ -0,0 +1 @@
+codefresh get registry
diff --git a/e2e/scenarios/repository.sh b/e2e/scenarios/repository.sh
@@ -0,0 +1,2 @@
+codefresh get repository
+codefresh get repository -a
diff --git a/e2e/scenarios/runtime-environment.sh b/e2e/scenarios/runtime-environment.sh
@@ -0,0 +1 @@
+codefresh get runtime-environments
diff --git a/e2e/scenarios/step-types.sh b/e2e/scenarios/step-types.sh
@@ -0,0 +1 @@
+codefresh get step-types
diff --git a/e2e/scenarios/system-runtime-environments.sh b/e2e/scenarios/system-runtime-environments.sh
@@ -0,0 +1 @@
+codefresh get system-runtime-environments
diff --git a/e2e/scenarios/teams.sh b/e2e/scenarios/teams.sh
@@ -0,0 +1 @@
+codefresh get teams
diff --git a/e2e/scenarios/tokens.sh b/e2e/scenarios/tokens.sh
@@ -0,0 +1 @@
+codefresh get tokens
diff --git a/e2e/scenarios/triggers.sh b/e2e/scenarios/triggers.sh
@@ -0,0 +1,3 @@
+codefresh get triggers
+codefresh get trigger-events
+codefresh get trigger-types
diff --git a/lib/interface/cli/completion/completion.spec.js b/lib/interface/cli/completion/completion.spec.js
@@ -1,11 +1,14 @@
 const initCompletion = require('./index');
 const { handleOptions: mockHandleOptions, fileDir: mockFileDir } = require('./helpers');
-const mockPath = require('path');
 
-const completions = initCompletion();
+const mockCompletions = initCompletion();
+
+function mockCwd() {
+    return process.cwd();
+}
 
 function getCompletion(args) {
-    return new Promise(resolve => completions.getCompletion(args, resolve));
+    return new Promise(resolve => mockCompletions.getCompletion(args, resolve));
 }
 
 jest.mock('./tree', () => ({
@@ -67,11 +70,11 @@ jest.mock('./context/create.completion', () => { // eslint-disable-line
 
 jest.mock('fs', () => {
     const existsSync = (p) => {
-        if (p.startsWith(`${process.cwd()}/`)) {
-            p = p.replace(`${process.cwd()}/`, '');
+        if (p.startsWith(`${mockCwd()}/`)) {
+            p = p.replace(`${mockCwd()}/`, '');
         }
-        if (p.startsWith(process.cwd())) {
-            p = p.replace(process.cwd(), '');
+        if (p.startsWith(mockCwd())) {
+            p = p.replace(mockCwd(), '');
         }
         switch (p) {
             case '':
@@ -89,11 +92,11 @@ jest.mock('fs', () => {
     const lstatSync = (p) => {
         let isFile = false;
         let isDir = true;
-        if (p.startsWith(`${process.cwd()}/`)) {
-            p = p.replace(`${process.cwd()}/`, '');
+        if (p.startsWith(`${mockCwd()}/`)) {
+            p = p.replace(`${mockCwd()}/`, '');
         }
-        if (p.startsWith(process.cwd())) {
-            p = p.replace(process.cwd(), '');
+        if (p.startsWith(mockCwd())) {
+            p = p.replace(mockCwd(), '');
         }
         switch (p) {
             case 'some.yaml':
@@ -116,11 +119,11 @@ jest.mock('fs', () => {
     };
 
     const readdirSync = (p) => {
-        if (p.startsWith(`${process.cwd()}/`)) {
-            p = p.replace(`${process.cwd()}/`, '');
+        if (p.startsWith(`${mockCwd()}/`)) {
+            p = p.replace(`${mockCwd()}/`, '');
         }
-        if (p.startsWith(process.cwd())) {
-            p = p.replace(process.cwd(), '');
+        if (p.startsWith(mockCwd())) {
+            p = p.replace(mockCwd(), '');
         }
         switch (p) {
             case '':
diff --git a/lib/logic/cli-config/Manager.js b/lib/logic/cli-config/Manager.js
@@ -82,7 +82,6 @@ class CliConfigManager {
         }, {});
     }
 
-
     static set(propertyName, value) {
         const properties = Model.findProperties(propertyName);
         _validate(properties, propertyName);
@@ -135,9 +134,9 @@ class CliConfigManager {
     static meta(propertyName) {
         const meta = Model.meta();
         return _.keys(meta)
-            .filter(key => !propertyName || !propertyName.length || key.includes(propertyName))
+            .filter((key) => !propertyName || !propertyName.length || key.includes(propertyName))
             .sort()
-            .map(key => Object.assign({ key }, _.get(meta, key)));
+            .map((key) => ({ key, ..._.get(meta, key) }));
     }
 
     static _preloadConfig() {
@@ -168,12 +167,12 @@ class CliConfigManager {
         try {
             Model.validate(CURRENT_CONFIG);
         } catch (e) {
-            const errorPaths = e.errors.map(er => er.dataPath.replace('.', ''));
+            const errorPaths = e.errors.map((er) => er.dataPath.replace('.', ''));
 
             console.warn('---------------');
             console.warn('!!! Some properties are invalid -- replacing with defaults:');
 
-            errorPaths.forEach(ep => {
+            errorPaths.forEach((ep) => {
                 console.warn(ep);
                 _.set(CURRENT_CONFIG, ep, undefined);
             });
diff --git a/lib/logic/cli-config/Model.js b/lib/logic/cli-config/Model.js
@@ -11,12 +11,12 @@ let DEFAULTS;
 let PROPERTIES;
 let PROPERTIES_META;
 
-
 /**
  * Every schema object need to have default set to {} in order to init its properties with default value
  * */
 function _fillSchemaObjectsWithDefault(schema) {
     if (schema.type === 'object') {
+        // eslint-disable-next-line no-param-reassign
         schema.default = schema.default || {};
         if (schema.properties) {
             _.values(schema.properties).forEach((value) => {
@@ -38,13 +38,13 @@ function _compileSchema() {
 
 function _extractMeta(props) {
     return props.reduce((obj, prop) => {
+        // eslint-disable-next-line no-param-reassign
         obj[prop] = prop.split('.')
             .reduce((prev, pathPart) => prev.properties[pathPart], cliConfigSchema);
         return obj;
     }, {});
 }
 
-
 class Model {
     static default() {
         return _.cloneDeep(DEFAULTS);
@@ -55,13 +55,13 @@ class Model {
     }
 
     static findProperties(name) {
-        return PROPERTIES.filter(prop => prop.includes(name));
+        return PROPERTIES.filter((prop) => prop.includes(name));
     }
 
-
     static meta() {
         return _.cloneDeep(PROPERTIES_META);
     }
+
     /**
      * also fills with default values and coerces types
      * */
@@ -79,4 +79,3 @@ PROPERTIES = _.keys(flatten(DEFAULTS));
 PROPERTIES_META = _extractMeta(PROPERTIES);
 
 module.exports = Model;
-
diff --git a/lib/logic/cli-config/manager.spec.js b/lib/logic/cli-config/manager.spec.js
@@ -1,23 +1,22 @@
 const _ = require('lodash');
 const path = require('path');
 
+const fs = require('fs');
 const Manager = require('./Manager');
 const Model = require('./Model');
 
 const { CODEFRESH_PATH: mockCodefreshPath } = require('../../interface/cli/defaults');
+
 const mockDirPath = path.resolve(mockCodefreshPath, 'cli-config');
 const mockFilePath = path.resolve(mockDirPath, 'config.yaml');
 
-
 jest.mock('fs', () => { // eslint-disable-line
     const readFileSync = () => this.configFile;
-    const existsSync = (path) => {
-        return {
-            [mockCodefreshPath]: true,
-            [mockDirPath]: true,
-            [mockFilePath]: this.exists,
-        }[path];
-    };
+    const existsSync = (targetPath) => ({
+        [mockCodefreshPath]: true,
+        [mockDirPath]: true,
+        [mockFilePath]: this.exists,
+    }[targetPath]);
     const openSync = () => null;
     const writeSync = (file, config) => {
         this.configFile = config;
@@ -47,8 +46,8 @@ jest.mock('fs', () => { // eslint-disable-line
 });
 
 jest.mock('js-yaml', () => {
-    const safeLoad = d => d;
-    const safeDump = d => d;
+    const safeLoad = (d) => d;
+    const safeDump = (d) => d;
     return {
         safeLoad,
         safeDump,
@@ -67,7 +66,7 @@ jest.mock('./schema', () => { // eslint-disable-line
                     pretty: {
                         type: 'boolean',
                         default: false,
-                        description: 'Defines whether to show data in table view in pretty mode or not'
+                        description: 'Defines whether to show data in table view in pretty mode or not',
                     },
                     test: {
                         type: 'object',
@@ -92,8 +91,6 @@ jest.mock('./schema', () => { // eslint-disable-line
     };
 });
 
-const fs = require('fs');
-
 describe('CliConfigManager', () => {
     describe('config loading', () => {
         // this test case must be first due to node module cache
diff --git a/lib/logic/entities/Agent.js b/lib/logic/entities/Agent.js
@@ -1,6 +1,6 @@
 const _ = require('lodash');
-const Entity = require('./Entity');
 const chalk = require('chalk');
+const Entity = require('./Entity');
 
 class Agent extends Entity {
     constructor(data) {
@@ -42,11 +42,9 @@ class Agent extends Entity {
         }
     }
 
-
     static fromResponse(response) {
         return new Agent(_.pick(response, 'id', 'name', 'runtimes', 'status', 'lastReported'));
     }
 }
 
 module.exports = Agent;
-
diff --git a/lib/logic/entities/CodefreshRepo.js b/lib/logic/entities/CodefreshRepo.js
@@ -10,7 +10,7 @@ class CodefreshRepo extends Entity {
     }
 
     static fromResponse(response) {
-        const data = Object.assign({}, response);
+        const data = { ...response };
         data.name_id = response.serviceName;
         data.git_context = response.provider;
         data.owner = response.owner.login;
diff --git a/lib/logic/entities/Entity.js b/lib/logic/entities/Entity.js
diff --git a/lib/logic/entities/Environment.js b/lib/logic/entities/Environment.js
diff --git a/lib/logic/entities/GitRepo.js b/lib/logic/entities/GitRepo.js
diff --git a/lib/logic/entities/HelmRepo.js b/lib/logic/entities/HelmRepo.js
diff --git a/lib/logic/entities/Pipeline.js b/lib/logic/entities/Pipeline.js
diff --git a/lib/logic/entities/RuntimeEnvironments.js b/lib/logic/entities/RuntimeEnvironments.js
diff --git a/lib/logic/entities/StepType.js b/lib/logic/entities/StepType.js
diff --git a/lib/logic/entities/StepTypeVersion.js b/lib/logic/entities/StepTypeVersion.js
diff --git a/lib/logic/entities/Team.js b/lib/logic/entities/Team.js
diff --git a/lib/logic/entities/Token.js b/lib/logic/entities/Token.js
diff --git a/lib/logic/entities/Workflow.js b/lib/logic/entities/Workflow.js
diff --git a/lib/logic/index.js b/lib/logic/index.js
diff --git a/package.json b/package.json
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+echo "Skipping annotation.sh"`
	`2`	`+#codefresh get annotation`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+codefresh get boards`
	`2`	`+echo "Skipping sections.sh"`
	`3`	`+#codefresh get sections`