Skip to content

inso fifth pass #7601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
filfreire merged 20 commits into from
Jul 9, 2024
Merged

inso fifth pass #7601

filfreire merged 20 commits into from
Jul 9, 2024

Conversation

@jackkav
Copy link
Contributor

@jackkav jackkav commented Jun 27, 2024
edited
Loading

  • add some e2e tests whch are easy to repro and test with debugging
  • flatten lint export and run tests to identify common patterns
  • experiment with extracting the request phases in the send-request abstraction, what if they don't run in node?

issues found in experiment

  • rendering uses exceptions for control flow, while blocks us from reliably reusing the code
  • scripts require a nodejs execution environment
  • how to control serial/parallel?
  • db code is duplicated

ref INS-4021

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 27, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 28, 2024
View reviewed changes
packages/insomnia-inso/src/cli.test.ts

function cli(input) {
return new Promise(resolve => {
exec(input,

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process

Detected calls to child_process from a function argument `input`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 1, 2024
View reviewed changes
@jackkav jackkav force-pushed the inso-fifth-pass branch from ba68a58 to 929295a Compare July 1, 2024 13:18
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 4, 2024
View reviewed changes
packages/insomnia-inso/src/commands/lint-specification.ts
const rulesetFileName = filesInSpecFolder.find(file => file.startsWith('.spectral'));
if (rulesetFileName) {
logger.trace(`Loading ruleset from \`${rulesetFileName}\``);
return path.resolve(path.dirname(filePath), rulesetFileName);

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
packages/insomnia-inso/src/commands/lint-specification.ts
const rulesetFileName = filesInSpecFolder.find(file => file.startsWith('.spectral'));
if (rulesetFileName) {
logger.trace(`Loading ruleset from \`${rulesetFileName}\``);
return path.resolve(path.dirname(filePath), rulesetFileName);

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
@filfreire filfreire marked this pull request as ready for review July 9, 2024 10:23
filfreire
filfreire previously approved these changes Jul 9, 2024
View reviewed changes
gatzjames
gatzjames previously approved these changes Jul 9, 2024
View reviewed changes
@jackkav jackkav force-pushed the inso-fifth-pass branch from e91a6f7 to 1d8330d Compare July 9, 2024 10:25
@filfreire filfreire merged commit 8c729ec into Kong:develop Jul 9, 2024
CurryYangxx pushed a commit that referenced this pull request Jul 11, 2024
@jackkav @filfreire @CurryYangxx
inso fifth pass (#7601)
2cecfd9 
* extract lint and export logic

* add test and update doc

* some thoughts

* add test each

* notes

* comments

* add more cases

* improve types, flatten send request

* collection runner poc

* verbose

* flatten

* add bail

* stabilise pathing

* add test

* fix type check

* improve testing experience

* fix tests

* tidy up package.json

* tidy up package and test.yml

* remove old smoke test

---------

Co-authored-by: Filipe Freire <filipe.freire@konghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gatzjames gatzjames gatzjames left review comments

+1 more reviewer

@filfreire filfreire filfreire approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jackkav @filfreire @gatzjames