Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support intermediate captured groups in recursive strategy #12279

Closed
sclorng opened this issue Oct 22, 2021 · 6 comments · Fixed by #12286
Closed

Support intermediate captured groups in recursive strategy #12279

sclorng opened this issue Oct 22, 2021 · 6 comments · Fixed by #12286
Labels
manager:regex priority-4-low Low priority, unlikely to be done unless it becomes important to more people status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality)

Comments

@sclorng
Copy link

sclorng commented Oct 22, 2021
edited

What would you like Renovate to be able to do?

I have a file with multiple group sections like

group: 
  ccm:
    baseRepository: foo

  components:
    ccm:
      repository: banana
      version: 1.0.0

group: 
  ccm:
    baseRepository: bar

  components:
   ccm:
      repository: apple
      version: 1.0.0

I would like to be able to first match a group content and capture baseRepository, and then capture each component.
so that I can write a depNameTemplate as {{baseRepository}}/{{repository}}
with something like :

"matchStrings": [
        "group:\\s+ccm:\\s+baseRepository: (?<baseRepository>.*?)\\s.*",
        "components:\\s.*",
        "ccm:\\s+repository: (?<repository>.*?)\\s*branch: (?<currentValue>.*)\\s?"
      ],

It should give out dependencies: foo/banana and bar/apple

If you have any ideas on how this should be implemented, please tell us here.

groups can be pass to handleRecursive calls and mergeGroups be call before createDependency

Is this a feature you are interested in implementing yourself?

No
@sclorng sclorng added priority-5-triage status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality) labels Oct 22, 2021
@rarkins
Copy link
Collaborator

rarkins commented Oct 23, 2021

@secustor you are probably best suited to evaluate this

@scrocquesel scrocquesel mentioned this issue Oct 23, 2021
Merged
6 tasks
@secustor
Copy link
Collaborator

There are two topics here:

  1. Found fields should be handed over for the recursive strategy.
    This is straight forward and I don't see problem with this.

  2. Arbitrary regex capture groups are not allowed
    We not support arbitrary regex capture groups, therefore only the provided names will be captured.
    https://github.com/renovatebot/renovate/tree/main/lib/manager/regex#required-fields
    The reason is that if we would allow that without other precaution we would open up the application to prototype pollution attacks.
    If we confidently can deny this attack, IMO this would definitely improve the usability

@scrocquesel
Copy link
Contributor

I push an update to the PR with a null prototype object as result group. This should avoid the pollution.

@secustor secustor mentioned this issue Oct 24, 2021
Merged
6 tasks
@scrocquesel
Copy link
Contributor

@secustor while working on strategy, recursive should allow to narrow the content at each step. Instead of apply the next regex on the complete match of the previous one, we can capture an inner content to work on. This would allow this use case:

{
      matchStrings: [
        '"(?<first>[^"]*)":\\s*(?<innerContent>{[^}]*})',
        '"(?<second>[^"]*)":\\s*\\{[^}]*}',
        '"name":\\s*"(?<depName>.*)"[^"]*"type":\\s*"(?<datasource>.*)"[^"]*"value":\\s*"(?<currentValue>.*)"',
      ],
      matchStringsStrategy: 'recursive',
      depNameTemplate: '{{{ first }}}/{{{ second }}}/{{{ depName }}}',
    };

on example.json

to return depName :

backup/test/grafana/loki
setup/test/python

instead of

group1/group1/prom/prometheus
group2/group2/grafana/grafana
backup/backup/grafana/loki
setup/setup/python

Should this be a new issue ?

@secustor secustor added manager:regex priority-4-low Low priority, unlikely to be done unless it becomes important to more people and removed priority-5-triage labels Oct 24, 2021
@secustor
Copy link
Collaborator

Please open a separate issue to discuss this.

rarkins added a commit to scrocquesel/renovate that referenced this issue Oct 28, 2021
@rarkins
Merge branch 'main' into renovatebotgh-12279
a67c026
scrocquesel added a commit to scrocquesel/renovate that referenced this issue Oct 28, 2021
@scrocquesel
Merge branch 'main' into renovatebotgh-12279
ccc71fa
rarkins added a commit to scrocquesel/renovate that referenced this issue Oct 29, 2021
@rarkins
Merge branch 'main' into renovatebotgh-12279
184d25e
rarkins added a commit to scrocquesel/renovate that referenced this issue Oct 31, 2021
@rarkins
Merge branch 'main' into renovatebotgh-12279
8f7a107
@renovate-release
Copy link
Collaborator

🎉 This issue has been resolved in version 28.18.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
manager:regex priority-4-low Low priority, unlikely to be done unless it becomes important to more people status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(regex): allow to capture groups at each recursion scrocquesel/renovate
5 participants
@rarkins @secustor @renovate-release @sclorng @scrocquesel