-
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v0.6.0 Brings support for relative URLs and paths. #73 #83
Conversation
Quite a bit of surgery required.
Tests all passing, runs super fast, pulls in every single DigitalOcean spec and parses it. There may be some issues deeper down in the models, but for now high level tests all pass.
Codecov ReportBase: 99.72% // Head: 99.70% // Decreases project coverage by
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more Additional details and impacted files@@ Coverage Diff @@
## main #83 +/- ##
==========================================
- Coverage 99.72% 99.70% -0.02%
==========================================
Files 136 142 +6
Lines 7964 8136 +172
==========================================
+ Hits 7942 8112 +170
- Misses 22 24 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
the two methods were doing different things, now they are not.
I am getting tired now, time for a break.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
take or leave it; most of these comments are nits. I think some would be nice to address.
Otherwise, the only other comment is that maybe the index code could be brought in as another PR.
thing := index.FindComponentInRoot("#/valid-but-missing") | ||
assert.Nil(t, thing) | ||
assert.Len(t, index.GetReferenceIndexErrors(), 1) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a test case for path traversal attacks.
e.g.
https://pb33f.io/../../../etc/passwd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How? without a denylist, what would the test be?
Fixed digital ocean test fix, bumped comments up a little
tests all passing locally, lets see what the issue is.
This partially resolves a whacky path ref lookup in the index mentioned in #84, but it's not a full fix, that requires the build out of a resolved spec. The design needs thought and care.
The index can now accept multiple parameters with the same name, as long as they have different `in` types.
Fixed digital ocean test fix, bumped comments up a little
v0.6.0
Addresses issue #73 by introducing some enhancements to the index, allowing for relative file handling, and providing a fix to auto-allowing remote and local files to be followed.A new configuration option is available to document creation for an Index. It's defined as
index.SpecIndexConfig
and provides three properties:BaseURL
of type*url.URL
AllowRemoteLookup
of typebool
AllowFileLookup
of typebool
This can be used to configure an index to know where to look when encountering relative paths and if to allow them at all.
Full documentation can be found here.
When creating a new
Document
, there is also a newdatamodel.DocumentConfigutation
, which looks almost identical, exceptfor the Lookup postfix has been replaced with References
This new config can be used with a new function called
NewDocumentWithConfiguration()
that is the same asNewDocument()
except it has a second argument for accepting the config.Full documentation can be found here.
The index has been refactored a little to help make it easier to navigate and tuned up to run faster when indexing references.
The digital ocean spec has been added for testing purposes.