feat: [CODE-3150]: Validate repo identifier while importing repositories (#3445)

* feat: [CODE-3150]: Validate repo identifier while importing repositories
2025-05-17 01:20:13 +08:00 · 2025-02-22 11:23:39 +00:00 · 2025-02-22 11:23:39 +00:00 · 02fe8c076f
commit 02fe8c076f
parent f3c646190f
4 changed files with 39 additions and 34 deletions
--- a/app/api/controller/space/controller.go
+++ b/app/api/controller/space/controller.go
@ -102,6 +102,7 @@ type Controller struct {
 	executionStore      store.ExecutionStore
 	rulesSvc            *rules.Service
 	usageMetricStore    store.UsageMetricStore
+	repoIdentifierCheck check.RepoIdentifier
 }

 func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Provider,
@ -115,7 +116,7 @@ func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Pro
 	limiter limiter.ResourceLimiter, publicAccess publicaccess.Service, auditService audit.Service,
 	gitspaceSvc *gitspace.Service, labelSvc *label.Service,
 	instrumentation instrument.Service, executionStore store.ExecutionStore,
-	rulesSvc *rules.Service, usageMetricStore store.UsageMetricStore,
+	rulesSvc *rules.Service, usageMetricStore store.UsageMetricStore, repoIdentifierCheck check.RepoIdentifier,
 ) *Controller {
 	return &Controller{
 		nestedSpacesEnabled: config.NestedSpacesEnabled,
@ -147,6 +148,7 @@ func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Pro
 		executionStore:      executionStore,
 		rulesSvc:            rulesSvc,
 		usageMetricStore:    usageMetricStore,
+		repoIdentifierCheck: repoIdentifierCheck,
 	}
 }

--- a/app/api/controller/space/import_repositories.go
+++ b/app/api/controller/space/import_repositories.go
@ -43,8 +43,7 @@ type ImportRepositoriesOutput struct {
 	DuplicateRepos []*repoctrl.RepositoryOutput `json:"duplicate_repos"` // repos which already exist in the space.
 }

-// ImportRepositories imports repositories into an existing space. It ignores and continues on
-// repo naming conflicts.
+// ImportRepositories imports repositories into an existing space.
 //
 //nolint:gocognit
 func (c *Controller) ImportRepositories(
@ -83,6 +82,10 @@ func (c *Controller) ImportRepositories(
 			&session.Principal,
 		)

+		if err := c.repoIdentifierCheck(repo.Identifier, session); err != nil {
+			return ImportRepositoriesOutput{}, fmt.Errorf("failed to sanitize the repo %s: %w", repo.Identifier, err)
+		}
+
 		repos = append(repos, repo)
 		repoIsPublicVals = append(repoIsPublicVals, isPublic)
 		cloneURLs = append(cloneURLs, remoteRepository.CloneURL)
--- a/app/api/controller/space/wire.go
+++ b/app/api/controller/space/wire.go
@ -54,7 +54,7 @@ func ProvideController(config *types.Config, tx dbtx.Transactor, urlProvider url
 	limiter limiter.ResourceLimiter, publicAccess publicaccess.Service,
 	auditService audit.Service, gitspaceService *gitspace.Service,
 	labelSvc *label.Service, instrumentation instrument.Service, executionStore store.ExecutionStore,
-	rulesSvc *rules.Service, usageMetricStore store.UsageMetricStore,
+	rulesSvc *rules.Service, usageMetricStore store.UsageMetricStore, repoIdentifierCheck check.RepoIdentifier,
 ) *Controller {
 	return NewController(config, tx, urlProvider,
 		sseStreamer, identifierCheck, authorizer,
@ -66,6 +66,6 @@ func ProvideController(config *types.Config, tx dbtx.Transactor, urlProvider url
 		importer, exporter, limiter, publicAccess,
 		auditService, gitspaceService,
 		labelSvc, instrumentation, executionStore,
-		rulesSvc, usageMetricStore,
+		rulesSvc, usageMetricStore, repoIdentifierCheck,
 	)
 }
--- a/cmd/gitness/wire_gen.go
+++ b/cmd/gitness/wire_gen.go
@ -340,7 +340,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro
 	orchestratorOrchestrator := orchestrator.ProvideOrchestrator(scmSCM, platformConnector, infraProvisioner, containerOrchestrator, eventsReporter, orchestratorConfig, ideFactory, resolverFactory)
 	gitspaceService := gitspace.ProvideGitspace(transactor, gitspaceConfigStore, gitspaceInstanceStore, eventsReporter, gitspaceEventStore, spaceFinder, infraproviderService, orchestratorOrchestrator, scmSCM, config)
 	usageMetricStore := database.ProvideUsageMetricStore(db)
-	spaceController := space.ProvideController(config, transactor, provider, streamer, spaceIdentifier, authorizer, spacePathStore, pipelineStore, secretStore, connectorStore, templateStore, spaceStore, repoStore, principalStore, repoController, membershipStore, listService, spaceFinder, repository, exporterRepository, resourceLimiter, publicaccessService, auditService, gitspaceService, labelService, instrumentService, executionStore, rulesService, usageMetricStore)
+	spaceController := space.ProvideController(config, transactor, provider, streamer, spaceIdentifier, authorizer, spacePathStore, pipelineStore, secretStore, connectorStore, templateStore, spaceStore, repoStore, principalStore, repoController, membershipStore, listService, spaceFinder, repository, exporterRepository, resourceLimiter, publicaccessService, auditService, gitspaceService, labelService, instrumentService, executionStore, rulesService, usageMetricStore, repoIdentifier)
 	reporter3, err := events5.ProvideReporter(eventsSystem)
 	if err != nil {
 		return nil, err