Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Faster comment feedback. Fix security issue. #16

Merged
merged 6 commits into from
Feb 28, 2018
Merged

Faster comment feedback. Fix security issue. #16

merged 6 commits into from
Feb 28, 2018

Conversation

lkysow
Copy link
Member

@lkysow lkysow commented Feb 28, 2018

  • quote extra args appended to atlantis plan/apply to avoid an atlantis plan -- ; cat /etc/passwd attack
  • comment back on pull request with help output and better error messages

@lkysow
Quote extra comment args.
75e90c1 
To avoid an attacker prepending something like
atlantis plan -- ; cat /etc/passwd
@lkysow
Use pullNum instead of pull model in CreateComment
9586c87 
This will enable us to use the CreateComment function
without having the full pull request model.
@codecov
Copy link

codecov bot commented Feb 28, 2018
edited

Codecov Report

Merging #16 into master will increase coverage by 0.32%.
The diff coverage is 85.45%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master     #16      +/-   ##
=========================================
+ Coverage   63.78%   64.1%   +0.32%     
=========================================
  Files          38      38              
  Lines        1814    1836      +22     
=========================================
+ Hits         1157    1177      +20     
- Misses        604     605       +1     
- Partials       53      54       +1
Impacted Files Coverage Δ
server/events/event_parser.go 99.2% <ø> (+1.95%) ⬆️
server/events/command_name.go 85.71% <ø> (+19.04%) ⬆️
server/events/markdown_renderer.go 90.9% <ø> (-0.4%) ⬇️
server/events/vcs/not_configured_vcs_client.go 0% <0%> (ø) ⬆️
server/events/vcs/proxy.go 0% <0%> (ø) ⬆️
server/events/vcs/gitlab_client.go 0% <0%> (ø) ⬆️
server/events/vcs/github_client.go 0% <0%> (ø) ⬆️
server/server.go 68.8% <100%> (+0.68%) ⬆️
server/events/command_handler.go 89.41% <100%> (-0.25%) ⬇️
server/events/pull_closed_executor.go 94.59% <100%> (ø) ⬆️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 165e432...a24d940. Read the comment docs.

@lkysow
Comment back on pull request sooner on error.
ab1d36d 
- Refactor EventParser so it returns a comment we can send to the pull
request when a bad command or help command is commented.
- Remove now unneeded HelpExecutor because we comment right from the
EventsController now
- Use pflag package to parse commands instead of doing it manually
- Comment back when user types terraform instead of atlantis
@lkysow lkysow merged commit efe736e into master Feb 28, 2018
@lkysow lkysow deleted the new-comments branch February 28, 2018 19:09
@lkysow lkysow mentioned this pull request Feb 28, 2018
Closed
ghaiszaher referenced this pull request in ghaiszaher/atlantis Oct 7, 2022
@amir-elgayed
#16: Remove inline css (#26)
90aadae 
* Move inline css to file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@lkysow