eclipse-che · akurinnoy · Aug 14, 2024 · Jul 8, 2024 · Jul 26, 2024 · Jul 25, 2024
diff --git a/.deps/dev.md b/.deps/dev.md
@@ -50,7 +50,7 @@
 | [`@devfile/api@2.2.2-1715367693`](https://github.com/GIT_USER_ID/GIT_REPO_ID.git) | Apache-2.0 | clearlydefined |
 | [`@discoveryjs/json-ext@0.5.7`](https://github.com/discoveryjs/json-ext.git) | MIT | clearlydefined |
 | `@eclipse-che/api@7.86.0` | EPL-2.0 | ecd.che |
-| [`@eslint-community/eslint-utils@4.4.0`](https://github.com/eslint-community/eslint-utils) | MIT | #8032 |
+| [`@eslint-community/eslint-utils@4.4.0`](https://github.com/eslint-community/eslint-utils) | MIT | #15285 |
 | [`@eslint-community/regexpp@4.10.0`](https://github.com/eslint-community/regexpp) | MIT | clearlydefined |
 | [`@eslint/eslintrc@2.1.3`](https://github.com/eslint/eslintrc.git) | MIT | #9908 |
 | [`@eslint/js@8.53.0`](https://github.com/eslint/eslint.git) | MIT | #11438 |
@@ -303,7 +303,7 @@
 | [`char-regex@1.0.2`](https://github.com/Richienb/char-regex.git) | MIT | clearlydefined |
 | [`chardet@0.7.0`](git@github.com:runk/node-chardet.git) | MIT | clearlydefined |
 | [`chownr@2.0.0`](git://github.com/isaacs/chownr.git) | ISC | clearlydefined |
-| [`chrome-trace-event@1.0.3`](https://github.com/samccone/chrome-trace-event.git) | MIT | #2414 |
+| [`chrome-trace-event@1.0.3`](https://github.com/samccone/chrome-trace-event.git) | MIT | #15406 |
 | [`ci-info@3.9.0`](https://github.com/watson/ci-info.git) | MIT | clearlydefined |
 | [`cjs-module-lexer@1.2.3`](git+https://github.com/nodejs/cjs-module-lexer.git) | MIT | #9069 |
 | [`clean-css@5.3.2`](https://github.com/clean-css/clean-css.git) | MIT | clearlydefined |
@@ -387,7 +387,7 @@
 | [`detect-newline@3.1.0`](https://github.com/sindresorhus/detect-newline.git) | MIT | clearlydefined |
 | [`diff-sequences@29.6.3`](https://github.com/jestjs/jest.git) | MIT | clearlydefined |
 | [`dir-glob@3.0.1`](https://github.com/kevva/dir-glob.git) | MIT | clearlydefined |
-| [`doctrine@2.1.0`](https://github.com/eslint/doctrine.git) | Apache-2.0 | #1987 |
+| [`doctrine@2.1.0`](https://github.com/eslint/doctrine.git) | Apache-2.0 | #15247 |
 | [`dom-accessibility-api@0.5.16`](https://github.com/eps1lon/dom-accessibility-api.git) | MIT | clearlydefined |
 | [`dom-converter@0.2.0`](https://github.com/AriaMinaei/dom-converter) | MIT | clearlydefined |
 | [`dom-serializer@1.4.1`](git://github.com/cheeriojs/dom-renderer.git) | MIT | clearlydefined |
@@ -430,10 +430,10 @@
 | [`eslint-plugin-react@7.33.2`](https://github.com/jsx-eslint/eslint-plugin-react) | MIT | #9877 |
 | [`eslint-plugin-simple-import-sort@10.0.0`](https://github.com/lydell/eslint-plugin-simple-import-sort.git) | MIT | clearlydefined |
 | [`eslint-scope@5.1.1`](https://github.com/eslint/eslint-scope.git) | BSD-2-Clause | clearlydefined |
-| [`eslint-visitor-keys@3.4.3`](https://github.com/eslint/eslint-visitor-keys.git) | Apache-2.0 | #7729 |
+| [`eslint-visitor-keys@3.4.3`](https://github.com/eslint/eslint-visitor-keys.git) | Apache-2.0 | #15274 |
 | [`eslint-webpack-plugin@4.0.1`](https://github.com/webpack-contrib/eslint-webpack-plugin.git) | MIT | clearlydefined |
 | [`eslint@8.53.0`](https://github.com/eslint/eslint.git) | MIT | #11437 |
-| [`espree@9.6.1`](https://github.com/eslint/espree.git) | BSD-2-Clause | #9308 |
+| [`espree@9.6.1`](https://github.com/eslint/espree.git) | BSD-2-Clause | #15293 |
 | [`esprima@4.0.1`](https://github.com/jquery/esprima.git) | BSD-2-Clause | #995 |
 | [`esquery@1.5.0`](https://github.com/estools/esquery.git) | BSD-3-Clause | #7469 |
 | [`esrecurse@4.3.0`](https://github.com/estools/esrecurse.git) | BSD-2-Clause | clearlydefined |
@@ -452,7 +452,7 @@
 | [`fast-diff@1.3.0`](https://github.com/jhchen/fast-diff) | Apache-2.0 | clearlydefined |
 | [`fast-glob@3.3.2`](https://github.com/mrmlnc/fast-glob.git) | MIT | #9307 |
 | [`fast-json-stable-stringify@2.1.0`](git://github.com/epoberezkin/fast-json-stable-stringify.git) | MIT | clearlydefined |
-| [`fast-levenshtein@2.0.6`](https://github.com/hiddentao/fast-levenshtein.git) | MIT | #2428 |
+| [`fast-levenshtein@2.0.6`](https://github.com/hiddentao/fast-levenshtein.git) | MIT | #15236 |
 | [`fastest-levenshtein@1.0.16`](git+https://github.com/ka-weihe/fastest-levenshtein.git) | MIT | clearlydefined |
 | [`fb-watchman@2.0.2`](git@github.com:facebook/watchman.git) | Apache-2.0 | #5379 |
 | [`figures@3.2.0`](https://github.com/sindresorhus/figures.git) | MIT | clearlydefined |
@@ -466,7 +466,7 @@
 | [`find-up@4.1.0`](https://github.com/sindresorhus/find-up.git) | MIT | clearlydefined |
 | [`flat-cache@3.1.1`](https://github.com/jaredwray/flat-cache.git) | MIT | clearlydefined |
 | [`flat@5.0.2`](git://github.com/hughsk/flat.git) | BSD-3-Clause | clearlydefined |
-| [`flatted@3.2.9`](git+https://github.com/WebReflection/flatted.git) | ISC | #2430 |
+| [`flatted@3.2.9`](git+https://github.com/WebReflection/flatted.git) | ISC | #15360 |
 | [`for-each@0.3.3`](git://github.com/Raynos/for-each.git) | MIT | clearlydefined |
 | [`foreground-child@3.1.1`](git+https://github.com/tapjs/foreground-child.git) | ISC | #8232 |
 | [`forever-agent@0.6.1`](https://github.com/mikeal/forever-agent) | Apache-2.0 | clearlydefined |
@@ -645,7 +645,7 @@
 | [`json-stable-stringify-without-jsonify@1.0.1`](git://github.com/samn/json-stable-stringify.git) | MIT | clearlydefined |
 | [`json-stringify-nice@1.1.4`](https://github.com/isaacs/json-stringify-nice) | ISC | clearlydefined |
 | [`json-stringify-safe@5.0.1`](git://github.com/isaacs/json-stringify-safe) | ISC | clearlydefined |
-| [`json5@2.2.3`](git+https://github.com/json5/json5.git) | MIT | #2126 |
+| [`json5@2.2.3`](git+https://github.com/json5/json5.git) | MIT | #15226 |
 | [`jsonc-parser@3.2.0`](https://github.com/microsoft/node-jsonc-parser) | MIT | #12891 |
 | [`jsonfile@6.1.0`](git@github.com:jprichardson/node-jsonfile.git) | MIT | clearlydefined |
 | [`jsonparse@1.3.1`](http://github.com/creationix/jsonparse.git) | MIT | clearlydefined |
@@ -742,7 +742,7 @@
 | [`oauth-sign@0.9.0`](https://github.com/mikeal/oauth-sign) | Apache-2.0 | clearlydefined |
 | [`object-hash@2.2.0`](https://github.com/puleos/object-hash) | MIT | clearlydefined |
 | [`object-keys@1.1.1`](git://github.com/ljharb/object-keys.git) | MIT | clearlydefined |
-| [`object.assign@4.1.4`](git://github.com/ljharb/object.assign.git) | MIT | #3232 |
+| [`object.assign@4.1.4`](git://github.com/ljharb/object.assign.git) | MIT | #15306 |
 | [`object.entries@1.1.7`](git://github.com/es-shims/Object.entries.git) | MIT | #4671 |
 | [`object.fromentries@2.0.7`](git://github.com/es-shims/Object.fromEntries.git) | MIT | #4600 |
 | [`object.hasown@1.1.3`](https://github.com/es-shims/Object.hasOwn.git) | MIT | #4667 |
@@ -866,7 +866,7 @@
 | [`resolve-cwd@3.0.0`](https://github.com/sindresorhus/resolve-cwd.git) | MIT | clearlydefined |
 | [`resolve-from@5.0.0`](https://github.com/sindresorhus/resolve-from.git) | MIT | clearlydefined |
 | [`resolve.exports@2.0.2`](https://github.com/lukeed/resolve.exports.git) | MIT | clearlydefined |
-| [`resolve@1.22.8`](git://github.com/browserify/resolve.git) | MIT | #2409 |
+| [`resolve@1.22.8`](git://github.com/browserify/resolve.git) | MIT | #15315 |
 | [`restore-cursor@3.1.0`](https://github.com/sindresorhus/restore-cursor.git) | MIT | clearlydefined |
 | [`retry@0.12.0`](git://github.com/tim-kos/node-retry.git) | MIT | clearlydefined |
 | [`reusify@1.0.4`](git+https://github.com/mcollina/reusify.git) | MIT | clearlydefined |
@@ -996,7 +996,7 @@
 | [`uri-js@4.4.1`](http://github.com/garycourt/uri-js) | BSD-2-Clause | #1086 |
 | [`url-parse@1.5.10`](https://github.com/unshiftio/url-parse.git) | MIT | clearlydefined |
 | [`utila@0.4.0`](https://github.com/AriaMinaei/utila.git) | MIT | clearlydefined |
-| [`uuid@8.3.2`](https://github.com/uuidjs/uuid.git) | MIT | #2438 |
+| [`uuid@8.3.2`](https://github.com/uuidjs/uuid.git) | MIT | #15399 |
 | [`v8-compile-cache@2.3.0`](https://github.com/zertosh/v8-compile-cache.git) | MIT | clearlydefined |
 | [`v8-to-istanbul@9.1.3`](https://github.com/istanbuljs/v8-to-istanbul.git) | ISC | clearlydefined |
 | [`validate-npm-package-license@3.0.4`](https://github.com/kemitchell/validate-npm-package-license.js.git) | Apache-2.0 | #2562 |

diff --git a/.deps/prod.md b/.deps/prod.md
@@ -3,9 +3,9 @@
 | Packages | License | Resolved CQs |
 | --- | --- | --- |
 | [`@babel/runtime@7.23.2`](https://github.com/babel/babel.git) | MIT | #10718 |
-| [`@eclipse-che/common@7.88.0-next`](https://github.com/eclipse-che/che-dashboard) | EPL-2.0 | ecd.che |
-| [`@eclipse-che/dashboard-backend@7.88.0-next`](https://github.com/eclipse-che/che-dashboard) | EPL-2.0 | ecd.che |
-| [`@eclipse-che/dashboard-frontend@7.88.0-next`](git://github.com/eclipse/che-dashboard.git) | EPL-2.0 | ecd.che |
+| [`@eclipse-che/common@7.89.0-next`](https://github.com/eclipse-che/che-dashboard) | EPL-2.0 | ecd.che |
+| [`@eclipse-che/dashboard-backend@7.89.0-next`](https://github.com/eclipse-che/che-dashboard) | EPL-2.0 | ecd.che |
+| [`@eclipse-che/dashboard-frontend@7.89.0-next`](git://github.com/eclipse/che-dashboard.git) | EPL-2.0 | ecd.che |
 | [`@patternfly/react-core@4.278.0`](https://github.com/patternfly/patternfly-react.git) | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@patternfly/react-core/4.278.0) |
 | [`@patternfly/react-icons@4.93.7`](https://github.com/patternfly/patternfly-react.git) | MIT | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@patternfly/react-icons/4.93.7) |
 | `@patternfly/react-styles@4.92.8` | MIT | clearlydefined |
@@ -98,6 +98,7 @@
 | [`mime-types@2.1.35`](https://github.com/jshttp/mime-types.git) | MIT | clearlydefined |
 | [`minimalistic-assert@1.0.1`](https://github.com/calvinmetcalf/minimalistic-assert.git) | ISC | clearlydefined |
 | [`minimalistic-crypto-utils@1.0.1`](git+ssh://git@github.com/indutny/minimalistic-crypto-utils.git) | MIT | clearlydefined |
+| [`multi-ini@2.3.2`](git://github.com/evangelion1204/multi-ini.git) | MIT | clearlydefined |
 | [`nanoid@3.3.7`](https://github.com/ai/nanoid.git) | MIT | #7571 |
 | [`object-assign@4.1.1`](https://github.com/sindresorhus/object-assign.git) | MIT | clearlydefined |
 | [`object-inspect@1.13.1`](git://github.com/inspect-js/object-inspect.git) | MIT | #11078 |
@@ -146,7 +147,7 @@
 | [`set-function-length@1.2.2`](git+https://github.com/ljharb/set-function-length.git) | MIT | #12772 |
 | [`sha.js@2.4.11`](git://github.com/crypto-browserify/sha.js.git) | (MIT AND BSD-3-Clause) | #1031 |
 | [`side-channel@1.0.6`](git+https://github.com/ljharb/side-channel.git) | MIT | clearlydefined |
-| [`source-map-js@1.0.2`](https://github.com/7rulnik/source-map-js.git) | BSD-3-Clause | #2412 |
+| [`source-map-js@1.0.2`](https://github.com/7rulnik/source-map-js.git) | BSD-3-Clause | #15401 |
 | [`stream-browserify@3.0.0`](git://github.com/browserify/stream-browserify.git) | MIT | clearlydefined |
 | [`string_decoder@1.3.0`](git://github.com/nodejs/string_decoder.git) | MIT | clearlydefined |
 | [`tabbable@5.3.3`](git+https://github.com/focus-trap/tabbable.git) | MIT | clearlydefined |

@@ -45,6 +45,23 @@ import { AppState } from '@/store';
 import { FakeStoreBuilder } from '@/store/__mocks__/storeBuilder';
 import { FactoryResolverStateResolver } from '@/store/FactoryResolver';
 
+const mockGet = jest.fn().mockReturnValue('all');
+const mockUpdate = jest.fn().mockReturnValue(undefined);
+const mockRemove = jest.fn().mockReturnValue(undefined);
+jest.mock('@/services/session-storage', () => {
+  return {
+    __esModule: true,
+    default: {
+      get: (...args: unknown[]) => mockGet(...args),
+      update: (...args: unknown[]) => mockUpdate(...args),
+      remove: (...args: unknown[]) => mockRemove(...args),
+    },
+    // enum
+    SessionStorageKey: {
+      TRUSTED_SOURCES: 'trusted-sources', // 'all' or 'repo1,repo2,...'
+    },
+  };
+});
 // mute the outputs
 console.error = jest.fn();
 console.warn = jest.fn();
@@ -202,6 +219,7 @@ describe('Workspace creation time', () => {
       ),
     );
 
+    await waitFor(() => expect(mockPost).toHaveBeenCalledTimes(3));
     await waitFor(
       () =>
         expect(mockPost.mock.calls).toEqual([
@@ -213,7 +231,6 @@ describe('Workspace creation time', () => {
         ]),
       { timeout: 1500 },
     );
-    expect(mockPost).toHaveBeenCalledTimes(3);
 
     await waitFor(
       () =>

@@ -22,6 +22,20 @@ import { FakeStoreBuilder } from '@/store/__mocks__/storeBuilder';
 
 const { createSnapshot, renderComponent } = getComponentRenderer(getComponent);
 
+const mockGet = jest.fn();
+jest.mock('@/services/session-storage', () => {
+  return {
+    __esModule: true,
+    default: {
+      get: (...args: unknown[]) => mockGet(...args),
+    },
+    // enum
+    SessionStorageKey: {
+      TRUSTED_SOURCES: 'trusted-sources', // 'all' or 'repo1,repo2,...'
+    },
+  };
+});
+
 const history = createMemoryHistory({
   initialEntries: ['/'],
 });
@@ -36,6 +50,7 @@ describe('GitRepoLocationInput', () => {
   let store: Store;
 
   beforeEach(() => {
+    mockGet.mockReturnValue('all');
     store = new FakeStoreBuilder()
       .withDwServerConfig({
         defaults: {
@@ -75,6 +90,50 @@ describe('GitRepoLocationInput', () => {
     expect(window.open).not.toHaveBeenCalled();
   });
 
+  describe('trusted/untrusted source', () => {
+    jest.mock('@/components/UntrustedSourceModal');
+
+    test('untrusted source', () => {
+      mockGet.mockReturnValue('repo1,repo2');
+      renderComponent(store);
+
+      const input = screen.getByRole('textbox');
+      expect(input).toBeValid();
+
+      userEvent.paste(input, 'http://test-location');
+
+      expect(input).toHaveValue('http://test-location');
+
+      const button = screen.getByRole('button', { name: 'Create & Open' });
+      userEvent.click(button);
+
+      const untrustedSourceModal = screen.queryByRole('dialog', { name: /untrusted source/i });
+      expect(untrustedSourceModal).not.toBeNull();
+
+      expect(window.open).not.toHaveBeenCalled();
+    });
+
+    test('trusted source', () => {
+      mockGet.mockReturnValue('all');
+      renderComponent(store);
+
+      const input = screen.getByRole('textbox');
+      expect(input).toBeValid();
+
+      userEvent.paste(input, 'http://test-location');
+
+      expect(input).toHaveValue('http://test-location');
+
+      const button = screen.getByRole('button', { name: 'Create & Open' });
+      userEvent.click(button);
+
+      const untrustedSourceModal = screen.queryByRole('dialog', { name: /untrusted source/i });
+      expect(untrustedSourceModal).toBeNull();
+
+      expect(window.open).toHaveBeenCalledTimes(1);
+    });
+  });
+
   describe('valid HTTP location', () => {
     describe('factory URL w/o other parameters', () => {
       test('trim spaces from the input value', () => {

@@ -1,3 +1,4 @@
+/* eslint-disable simple-import-sort/imports */
 /*
  * Copyright (c) 2018-2024 Red Hat, Inc.
  * This program and the accompanying materials are made
@@ -33,14 +34,15 @@ import {
 import { ExclamationCircleIcon } from '@patternfly/react-icons';
 import { History } from 'history';
 import React from 'react';
-import { connect, ConnectedProps } from 'react-redux';
+import { ConnectedProps, connect } from 'react-redux';
 
 import { GitRepoOptions } from '@/components/ImportFromGit/GitRepoOptions';
 import {
   getGitRepoOptionsFromLocation,
   setGitRepoOptionsToLocation,
   validateLocation,
 } from '@/components/ImportFromGit/helpers';
+import { UntrustedSourceModal } from '@/components/UntrustedSourceModal';
 import { GitRemote } from '@/components/WorkspaceProgress/CreatingSteps/Apply/Devfile/getGitRemotes';
 import { FactoryLocationAdapter } from '@/services/factory-location-adapter';
 import { EDITOR_ATTR, EDITOR_IMAGE_ATTR } from '@/services/helpers/factoryFlow/buildFactoryParams';
@@ -70,6 +72,7 @@ export type State = {
   devfilePath: string | undefined;
   isFocused: boolean;
   hasSupportedGitService: boolean;
+  isConfirmationOpen: boolean;
 };
 
 class ImportFromGit extends React.PureComponent<Props, State> {
@@ -87,6 +90,7 @@ class ImportFromGit extends React.PureComponent<Props, State> {
       devfilePath: undefined,
       isFocused: false,
       hasSupportedGitService: false,
+      isConfirmationOpen: false,
     };
   }
 
@@ -100,7 +104,24 @@ class ImportFromGit extends React.PureComponent<Props, State> {
     }
   }
 
+  private openConfirmationDialog(): void {
+    this.setState({ isConfirmationOpen: true });
+  }
+
+  private handleConfirmationOnClose(): void {
+    this.setState({ isConfirmationOpen: false });
+  }
+
+  private handleConfirmationOnContinue(): void {
+    this.setState({ isConfirmationOpen: false });
+    this.startFactory();
+  }
+
   private handleCreate(): void {
+    this.openConfirmationDialog();
+  }
+
+  private startFactory(): void {
     const { editorDefinition, editorImage } = this.props;
     const location = decodeURIComponent(this.state.location);
 
@@ -281,21 +302,31 @@ class ImportFromGit extends React.PureComponent<Props, State> {
   }
 
   public render() {
-    const { locationValidated } = this.state;
+    const { isConfirmationOpen, location, locationValidated } = this.state;
     return (
-      <Panel>
-        <PanelHeader>
-          <Title headingLevel="h3">Import from Git</Title>
-        </PanelHeader>
-        <PanelMain>
-          <PanelMainBody>{this.buildForm()}</PanelMainBody>
-        </PanelMain>
-        {locationValidated === ValidatedOptions.success && (
+      <>
+        {isConfirmationOpen && (
+          <UntrustedSourceModal
+            location={location}
+            isOpen={isConfirmationOpen}
+            onContinue={() => this.handleConfirmationOnContinue()}
+            onClose={() => this.handleConfirmationOnClose()}
+          />
+        )}
+        <Panel>
+          <PanelHeader>
+            <Title headingLevel="h3">Import from Git</Title>
+          </PanelHeader>
           <PanelMain>
-            <PanelMainBody>{this.buildGitRepoOptions()}</PanelMainBody>
+            <PanelMainBody>{this.buildForm()}</PanelMainBody>
           </PanelMain>
-        )}
-      </Panel>
+          {locationValidated === ValidatedOptions.success && (
+            <PanelMain>
+              <PanelMainBody>{this.buildGitRepoOptions()}</PanelMainBody>
+            </PanelMain>
+          )}
+        </Panel>
+      </>
     );
   }
 }

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2018-2024 Red Hat, Inc.
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Red Hat, Inc. - initial API and implementation
+ */
+
+import React from 'react';
+
+import { Props } from '@/components/UntrustedSourceModal';
+
+export class UntrustedSourceModal extends React.PureComponent<Props> {
+  render(): React.ReactNode {
+    const { isOpen, onContinue, onClose } = this.props;
+    if (isOpen === false) {
+      return null;
+    }
+
+    return (
+      <div>
+        <span>UntrustedSourceModal</span>
+        <button onClick={onContinue}>Continue</button>
+        {onClose === undefined ? null : <button onClick={onClose}>Cancel</button>}
+      </div>
+    );
+  }
+}