Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v0.4.0 #79

Merged
merged 28 commits into from
Sep 5, 2024
Merged

Release v0.4.0 #79

merged 28 commits into from
Sep 5, 2024

Conversation

jeremystretch
Copy link
Contributor

Enhancements

  • #52 - Introduce the max_branches config parameter
  • #71 - Ensure the consistent application of logging messages
  • #76 - Validate required configuration items on initialization

Bug Fixes

  • #57 - Avoid recording ChangeDiff records for unsupported object types
  • #59 - BranchAwareRouter should consider branching support for model when determining database connection to use
  • #61 - Fix transaction rollback when performing a dry run sync
  • #66 - Capture object representation on ChangeDiff when creating a new object within a branch
  • #69 - Represent null values for ChangeDiff fields consistently in REST API
  • #73 - Ensure all relevant branch diffs are updated when an object is modified in main

jeremystretch and others added 27 commits August 12, 2024 15:09
@jeremystretch
Release v0.3.0
c85ea5c
@jeremystretch
Add PR template
a7d93d3
@jeremystretch
Update GitHub issue labels
e7ed801
@jeremystretch
Fixes #42: Fix exception raised when viewing custom scripts
61bc942
@jeremystretch
Fixes #44: Handle truncated sequence names to avoid exception during …
af99c92 
…branch provisioning
@jeremystretch
Fixes #48: Roll back the transaction before re-raising any exceptions…
d8fad3a 
… during branch provisioning
@jeremystretch
Remove ability to publish to test PyPI
2dfcb5d
@jeremystretch
Fixes #50: Branch state should remain 'merged' after dry-run revert
792da7f
@jeremystretch
Release v0.3.1
c16d68f
@jeremystretch
Merge branch 'release' into develop
3b34de3
@jeremystretch
Closes #47: Clean up raw SQL queries & sanitize arguments to nextval()
ade37d1
@jeremystretch
Adjust migration dependencies for NetBox v4.1.0
eb783f5
@jeremystretch
Fixes #57: Record ChangeDiffs only for supported object types
d1ed4c3
@jeremystretch
Closes #52: Introduce the max_branches config parameter (#63)
ea5ea27 
* Closes #52: Introduce the max_branches config parameter

* Improve documentation for config parameter
@jeremystretch
Fixes #59: BranchAwareRouter should disregard models which do not sup…
6644bbb 
…port branching
@jeremystretch
Update changelog
2393105
@jeremystretch
Show schema ID under branch details
2b58427
@jeremystretch
Fixes #61: Fix transaction rollback when performing a dry run sync
872e112
@mfiedorowicz @jeremystretch
Add GHA workflow to run lint and tests (#27)
e9cefe6 
* add pyproject.toml

Signed-off-by: Michal Fiedorowicz <[email protected]>

* add docker-compose setup

based on NetBox v4.1-beta1-2.9.1 image with netbox_branching plugin installed

Signed-off-by: Michal Fiedorowicz <[email protected]>

* add Makefile recipes for docker compose

Signed-off-by: Michal Fiedorowicz <[email protected]>

* add GHA workflow to run lint and test

Signed-off-by: Michal Fiedorowicz <[email protected]>

* tidy up docker-compose.yaml

Signed-off-by: Michal Fiedorowicz <[email protected]>

* move workflow into correct directory

Signed-off-by: Michal Fiedorowicz <[email protected]>

* fix mounting of local_settings.py

Signed-off-by: Michal Fiedorowicz <[email protected]>

* ignore missing docstrings checks

Signed-off-by: Michal Fiedorowicz <[email protected]>

* add step for building documentation

Signed-off-by: Michal Fiedorowicz <[email protected]>

* catch make docker-compose-test exit code (test)

Signed-off-by: Michal Fiedorowicz <[email protected]>

* catch make docker-compose-test exit code (test 2)

Signed-off-by: Michal Fiedorowicz <[email protected]>

* tidy up make docker-compose-test

Signed-off-by: Michal Fiedorowicz <[email protected]>

* rename GHA job

Signed-off-by: Michal Fiedorowicz <[email protected]>

* ignore all missing docstrings

Signed-off-by: Michal Fiedorowicz <[email protected]>

* change workflow file ext

Signed-off-by: Michal Fiedorowicz <[email protected]>

* run tests with more native way with matrix of python versions

Signed-off-by: Michal Fiedorowicz <[email protected]>

* fix matrix with python version

Signed-off-by: Michal Fiedorowicz <[email protected]>

* fix test command for plugin

Signed-off-by: Michal Fiedorowicz <[email protected]>

* list tests

Signed-off-by: Michal Fiedorowicz <[email protected]>

* comment out exclude-package-data from pyproject.toml

Signed-off-by: Michal Fiedorowicz <[email protected]>

* tidy up

Signed-off-by: Michal Fiedorowicz <[email protected]>

* keep db when running tests

Signed-off-by: Michal Fiedorowicz <[email protected]>

* Remove v4.1-beta1 tag

---------

Signed-off-by: Michal Fiedorowicz <[email protected]>
Co-authored-by: Jeremy Stretch <[email protected]>
@jeremystretch
Fixes #66: Capture object representation on ChangeDiff when creating …
f6db858 
…a new object within a branch
@jeremystretch
#61: Address a regression in the original fix
80362e6
@jeremystretch
Closes #68: Replace ruff with pycodestyle
73f7134
@jeremystretch
Fixes #73: Ensure all relevant ChangeDiffs are updated when an object…
62f4203 
… is modified in main
@jeremystretch
Fixes #69: Represent null values for ChangeDiff fields consistently i…
07904b2 
…n REST API
@jeremystretch
Closes #76: Check for required settings on init
2b6bd55
@jeremystretch
Closes #71: Apply logging consistently for all branch operations
54b3236
@jeremystretch
Release v0.4.0
c1b44e9
jit-ci[bot]
jit-ci bot reviewed Sep 5, 2024
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 5 important findings in this PR that you should review.
The findings are detailed below as separate comments.
It’s highly recommended that you fix these security issues before merge.

netbox_branching/models/branches.py
)
# Copy data from the source table
cursor.execute(
f"INSERT INTO {schema}.{table} SELECT * FROM public.{table}"
f"INSERT INTO {schema_table} SELECT * FROM {main_table}"
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Static Code Analysis Python Semgrep

Type: Python.Sqlalchemy.Security.Sqlalchemy-Execute-Raw-Query.Sqlalchemy-Execute-Raw-Query

Description: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query" in netbox_branching/models/branches.py; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

netbox_branching/models/branches.py
# Create the table in the new schema
cursor.execute(
f"CREATE TABLE {schema}.{table} ( LIKE public.{table} INCLUDING INDEXES )"
f"CREATE TABLE {schema_table} ( LIKE {main_table} INCLUDING INDEXES )"
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Static Code Analysis Python Semgrep

Type: Python.Sqlalchemy.Security.Sqlalchemy-Execute-Raw-Query.Sqlalchemy-Execute-Raw-Query

Description: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query" in netbox_branching/models/branches.py; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

netbox_branching/models/branches.py
cursor.execute(
f"CREATE TABLE {schema}.{table} ( LIKE public.{table} INCLUDING INDEXES )"
f"CREATE TABLE {schema_table} ( LIKE {main_table} INCLUDING INDEXES )"
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Static Code Analysis Python Semgrep

Type: Python.Sqlalchemy.Security.Sqlalchemy-Execute-Raw-Query.Sqlalchemy-Execute-Raw-Query

Description: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query" in netbox_branching/models/branches.py; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

netbox_branching/models/branches.py
# Set the default value for the ID column to the sequence associated with the source table
cursor.execute(
f"ALTER TABLE {schema}.{table} ALTER COLUMN id SET DEFAULT nextval('public.{table}_id_seq')"
f"ALTER TABLE {schema_table} ALTER COLUMN id SET DEFAULT nextval(%s)", [sequence_name]
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Static Code Analysis Python Semgrep

Type: Python.Sqlalchemy.Security.Sqlalchemy-Execute-Raw-Query.Sqlalchemy-Execute-Raw-Query

Description: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query" in netbox_branching/models/branches.py; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

netbox_branching/models/branches.py
cursor.execute(
f"ALTER TABLE {schema}.{table} "
f"ALTER COLUMN id SET DEFAULT nextval('public.{table}_id_seq')"
f"ALTER TABLE {schema_table} ALTER COLUMN id SET DEFAULT nextval(%s)", [sequence_name]
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Static Code Analysis Python Semgrep

Type: Python.Sqlalchemy.Security.Sqlalchemy-Execute-Raw-Query.Sqlalchemy-Execute-Raw-Query

Description: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query" in netbox_branching/models/branches.py; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

arthanson
arthanson approved these changes Sep 5, 2024
View reviewed changes
Copy link
Contributor

@arthanson arthanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks correct, versions are updated.

@jeremystretch jeremystretch merged commit 3332632 into release Sep 5, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jit-ci jit-ci[bot] jit-ci[bot] left review comments

@arthanson arthanson arthanson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeremystretch @arthanson @mfiedorowicz