Skip to content

support to load swaggers from an extension #639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 6, 2025
Merged

support to load swaggers from an extension #639

merged 4 commits into from
Mar 6, 2025

Conversation

LinuxSuRen
Copy link
Owner

We highly recommend you read the contributor's documentation before starting the review process especially since this is your first contribution to this project.

It was updated on 2024/5/27

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

LinuxSuRen and others added 3 commits March 5, 2025 06:27
@LinuxSuRen LinuxSuRen added the enhancement New feature or request label Mar 5, 2025
@LinuxSuRen LinuxSuRen requested a review from yuluo-yx as a code owner March 5, 2025 13:00
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 5, 2025
View reviewed changes
pkg/apispec/remote_swagger.go
}

targetFile := filepath.Base(extFile)
fmt.Println("start to save", filepath.Join(output, targetFile))

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to passwdParts
Loading
flows to a logging call.

Copilot Autofix

AI 3 months ago

To fix the problem, we should avoid logging the full path that includes potentially sensitive information. Instead, we can log only the filename or a sanitized version of the path. This way, we maintain the functionality of logging progress without exposing sensitive data.

  • Modify the logging statement to exclude the sensitive parts of the path.
  • Specifically, in the DownloadSwaggerData function, change the logging statement on line 52 to log only the targetFile instead of the full path.
  • No additional methods or imports are needed for this change.
Suggested changeset 1
pkg/apispec/remote_swagger.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/apispec/remote_swagger.go b/pkg/apispec/remote_swagger.go
--- a/pkg/apispec/remote_swagger.go
+++ b/pkg/apispec/remote_swagger.go
@@ -51,3 +51,3 @@
 	targetFile := filepath.Base(extFile)
-	fmt.Println("start to save", filepath.Join(output, targetFile))
+	fmt.Println("start to save", targetFile)
 	if err = downloader.WriteTo(reader, output, targetFile); err == nil {
EOF
@@ -51,3 +51,3 @@
targetFile := filepath.Base(extFile)
fmt.Println("start to save", filepath.Join(output, targetFile))
fmt.Println("start to save", targetFile)
if err = downloader.WriteTo(reader, output, targetFile); err == nil {
Copilot is powered by AI and may make mistakes. Always verify output.
@codacy-production Codacy Production
Copy link

codacy-production bot commented Mar 5, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.05% (target: -1.00%) 23.91% (target: 80.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (2f409ca) 19404 7887 40.65%
Head commit (46722dd) 19823 (+419) 8068 (+181) 40.70% (+0.05%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#639) 138 33 23.91%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

There are 1 test cases, failed count 0:

Name Average Max Min Count Error
10.189655ms 11.206054ms 9.256604ms 3 0

Reported by api-testing.

@LinuxSuRen @github-advanced-security
Potential fix for code scanning alert no. 69: Arbitrary file access d…
46722dd 
…uring archive extraction ("Zip Slip")

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Rick <[email protected]>
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 6, 2025

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@LinuxSuRen LinuxSuRen merged commit 11ab39f into master Mar 6, 2025
19 of 22 checks passed
@LinuxSuRen LinuxSuRen deleted the feat/ext-download branch March 6, 2025 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuluo-yx yuluo-yx Awaiting requested review from yuluo-yx yuluo-yx is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@LinuxSuRen