Reduce the RAW url resolver to yaml content check only (#803) (#804)

vinokurig · web-flow · commit 8b63e255e0a5 · 2025-05-09T12:35:14.000+03:00
Remove the RAW url pattern check from the RAW devfile url resolver, to have only the yaml content check. This is needed to revert the resolver priority to highest, and do not accept urls like https://github.com/vinokurig/test/blob/master/path/devfile.yaml. See #793
diff --git a/.ci/openshift-ci/test-azure-no-pat-oauth-flow-raw-devfile-url.sh b/.ci/openshift-ci/test-azure-no-pat-oauth-flow-raw-devfile-url.sh
@@ -29,7 +29,7 @@ trap "catchFinish" EXIT SIGINT
 
 setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME}
 testFactoryResolverResponse ${PUBLIC_REPO_RAW_PATH_URL} 200
-testFactoryResolverResponse ${PRIVATE_REPO_RAW_PATH_URL} 500
+testFactoryResolverResponse ${PRIVATE_REPO_RAW_PATH_URL} 400
 
 testCloneGitRepoNoProjectExists ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_RAW_PATH_URL} ${USER_CHE_NAMESPACE}
 deleteTestWorkspace ${PUBLIC_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}
diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2012-2024 Red Hat, Inc.
+# Copyright (c) 2012-2025 Red Hat, Inc.
 # This program and the accompanying materials are made
 # available under the terms of the Eclipse Public License 2.0
 # which is available at https://www.eclipse.org/legal/epl-2.0/
diff --git a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/RawDevfileUrlFactoryParameterResolver.java b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/RawDevfileUrlFactoryParameterResolver.java
@@ -13,7 +13,7 @@
 
 import static com.google.common.base.Strings.isNullOrEmpty;
 import static java.lang.String.format;
-import static org.eclipse.che.api.factory.server.FactoryResolverPriority.LOWEST;
+import static org.eclipse.che.api.factory.server.FactoryResolverPriority.HIGHEST;
 import static org.eclipse.che.api.factory.shared.Constants.URL_PARAMETER_NAME;
 
 import com.fasterxml.jackson.databind.JsonNode;
@@ -24,7 +24,7 @@
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Map;
-import java.util.regex.Pattern;
+import java.util.Optional;
 import javax.inject.Inject;
 import org.eclipse.che.api.core.ApiException;
 import org.eclipse.che.api.core.BadRequestException;
@@ -35,7 +35,7 @@
 import org.eclipse.che.api.workspace.server.devfile.DevfileParser;
 import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
 import org.eclipse.che.api.workspace.server.devfile.URLFileContentProvider;
-import org.eclipse.che.api.workspace.server.devfile.exception.DevfileFormatException;
+import org.eclipse.che.api.workspace.server.devfile.exception.DevfileException;
 
 /**
  * {@link FactoryParametersResolver} implementation to resolve factory based on url parameter as a
@@ -45,8 +45,6 @@ public class RawDevfileUrlFactoryParameterResolver extends BaseFactoryParameterR
     implements FactoryParametersResolver {
 
   private static final String PROVIDER_NAME = "raw-devfile-url";
-  private static final Pattern PATTERN =
-      Pattern.compile("^https?://.*\\.ya?ml((\\?token=.*)|(\\?at=refs/heads/.*))?$");
 
   protected final URLFactoryBuilder urlFactoryBuilder;
   protected final URLFetcher urlFetcher;
@@ -71,15 +69,18 @@ public RawDevfileUrlFactoryParameterResolver(
   @Override
   public boolean accept(Map<String, String> factoryParameters) {
     String url = factoryParameters.get(URL_PARAMETER_NAME);
-    return !isNullOrEmpty(url) && (PATTERN.matcher(url).matches() || containsYaml(url));
+    return !isNullOrEmpty(url) && containsYaml(url);
   }
 
   private boolean containsYaml(String requestURL) {
     try {
-      String fetch = urlFetcher.fetch(requestURL);
+      Optional<String> credentials = new DefaultFactoryUrl().withUrl(requestURL).getCredentials();
+      URLFileContentProvider urlFileContentProvider =
+          new URLFileContentProvider(new URL(requestURL).toURI(), urlFetcher);
+      String fetch = urlFileContentProvider.fetchContent(requestURL, credentials.orElse(null));
       JsonNode parsedYaml = devfileParser.parseYamlRaw(fetch);
       return !parsedYaml.isEmpty();
-    } catch (IOException | DevfileFormatException e) {
+    } catch (IOException | URISyntaxException | DevfileException e) {
       return false;
     }
   }
@@ -128,6 +129,6 @@ public RemoteFactoryUrl parseFactoryUrl(String factoryUrl) throws ApiException {
 
   @Override
   public FactoryResolverPriority priority() {
-    return LOWEST;
+    return HIGHEST;
   }
 }
diff --git a/wsmaster/che-core-api-factory/src/test/java/org/eclipse/che/api/factory/server/RawDevfileUrlFactoryParameterResolverTest.java b/wsmaster/che-core-api-factory/src/test/java/org/eclipse/che/api/factory/server/RawDevfileUrlFactoryParameterResolverTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -27,6 +27,7 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import java.io.FileNotFoundException;
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 import org.eclipse.che.api.core.BadRequestException;
@@ -111,7 +112,13 @@ public void shouldThrowExceptionOnInvalidURL(String url, String message) throws
   }
 
   @Test(dataProvider = "devfileUrls")
-  public void shouldAcceptRawDevfileUrl(String url) {
+  public void shouldAcceptRawDevfileUrl(String url) throws Exception {
+    // given
+    JsonNode jsonNode = mock(JsonNode.class);
+    when(urlFetcher.fetch(eq(url), eq(null))).thenReturn(DEVFILE);
+    when(devfileParser.parseYamlRaw(eq(DEVFILE))).thenReturn(jsonNode);
+    when(jsonNode.isEmpty()).thenReturn(false);
+
     // when
     boolean result =
         rawDevfileUrlFactoryParameterResolver.accept(singletonMap(URL_PARAMETER_NAME, url));
@@ -124,7 +131,7 @@ public void shouldAcceptRawDevfileUrl(String url) {
   public void shouldAcceptRawDevfileUrlWithoutExtension(String url) throws Exception {
     // given
     JsonNode jsonNode = mock(JsonNode.class);
-    when(urlFetcher.fetch(eq(url))).thenReturn(DEVFILE);
+    when(urlFetcher.fetch(eq(url), eq(null))).thenReturn(DEVFILE);
     when(devfileParser.parseYamlRaw(eq(DEVFILE))).thenReturn(jsonNode);
     when(jsonNode.isEmpty()).thenReturn(false);
 
@@ -141,7 +148,26 @@ public void shouldAcceptRawDevfileUrlWithYaml() throws Exception {
     // given
     JsonNode jsonNode = mock(JsonNode.class);
     String url = "https://host/path/devfile";
-    when(urlFetcher.fetch(eq(url))).thenReturn(DEVFILE);
+    when(urlFetcher.fetch(eq(url), eq(null))).thenReturn(DEVFILE);
+    when(devfileParser.parseYamlRaw(eq(DEVFILE))).thenReturn(jsonNode);
+    when(jsonNode.isEmpty()).thenReturn(false);
+
+    // when
+    boolean result =
+        rawDevfileUrlFactoryParameterResolver.accept(singletonMap(URL_PARAMETER_NAME, url));
+
+    // then
+    assertTrue(result);
+  }
+
+  @Test
+  public void shouldAcceptRawDevfileUrlWithCredentials() throws Exception {
+    // given
+    JsonNode jsonNode = mock(JsonNode.class);
+    String url = "https://credentials@host/path/devfile";
+    when(urlFetcher.fetch(
+            eq(url), eq("Basic " + Base64.getEncoder().encodeToString("credentials:".getBytes()))))
+        .thenReturn(DEVFILE);
     when(devfileParser.parseYamlRaw(eq(DEVFILE))).thenReturn(jsonNode);
     when(jsonNode.isEmpty()).thenReturn(false);
 
@@ -158,7 +184,7 @@ public void shouldNotAcceptPublicGitRepositoryUrl() throws Exception {
     // given
     JsonNode jsonNode = mock(JsonNode.class);
     String gitRepositoryUrl = "https://host/user/repo.git";
-    when(urlFetcher.fetch(eq(gitRepositoryUrl))).thenReturn("unsupported content");
+    when(urlFetcher.fetch(eq(gitRepositoryUrl), eq(null))).thenReturn("unsupported content");
     when(devfileParser.parseYamlRaw(eq("unsupported content"))).thenReturn(jsonNode);
     when(jsonNode.isEmpty()).thenReturn(true);
 
@@ -175,7 +201,7 @@ public void shouldNotAcceptPublicGitRepositoryUrl() throws Exception {
   public void shouldNotAcceptPrivateGitRepositoryUrl() throws Exception {
     // given
     String gitRepositoryUrl = "https://host/user/private-repo.git";
-    when(urlFetcher.fetch(eq(gitRepositoryUrl))).thenThrow(new FileNotFoundException());
+    when(urlFetcher.fetch(eq(gitRepositoryUrl), eq(null))).thenThrow(new FileNotFoundException());
 
     // when
     boolean result =

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`#`
`2`		`-# Copyright (c) 2012-2024 Red Hat, Inc.`
	`2`	`+# Copyright (c) 2012-2025 Red Hat, Inc.`
`3`	`3`	`# This program and the accompanying materials are made`
`4`	`4`	`# available under the terms of the Eclipse Public License 2.0`
`5`	`5`	`# which is available at https://www.eclipse.org/legal/epl-2.0/`