From 940222c757012e0922c5fc1e03d5574c5ce79994 Mon Sep 17 00:00:00 2001 From: Lukas Peter Aldershaab Date: Sat, 7 Dec 2024 23:41:07 +0100 Subject: [PATCH] Enforce explicitly setting SHA in API requests Signed-off-by: Lukas Peter Aldershaab --- server/controllers/api_controller.go | 3 ++- server/controllers/api_controller_test.go | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/server/controllers/api_controller.go b/server/controllers/api_controller.go index ff85371469..73d3b00ab8 100644 --- a/server/controllers/api_controller.go +++ b/server/controllers/api_controller.go @@ -39,6 +39,7 @@ type APIRequest struct { Repository string `validate:"required"` Ref string `validate:"required"` Type string `validate:"required"` + Sha string `validate:"required"` PR int Projects []string Paths []struct { @@ -239,7 +240,7 @@ func (a *APIController) apiParseAndValidate(r *http.Request) (*APIRequest, *comm Num: request.PR, BaseBranch: request.Ref, HeadBranch: request.Ref, - HeadCommit: request.Ref, + HeadCommit: request.Sha, BaseRepo: baseRepo, }, Scope: a.Scope, diff --git a/server/controllers/api_controller_test.go b/server/controllers/api_controller_test.go index 3b3aa520aa..a3edc9d33d 100644 --- a/server/controllers/api_controller_test.go +++ b/server/controllers/api_controller_test.go @@ -28,6 +28,7 @@ func TestAPIController_Plan(t *testing.T) { body, _ := json.Marshal(controllers.APIRequest{ Repository: "Repo", Ref: "main", + Sha: "abc123", Type: "Gitlab", Projects: []string{"default"}, }) @@ -45,6 +46,7 @@ func TestAPIController_Apply(t *testing.T) { body, _ := json.Marshal(controllers.APIRequest{ Repository: "Repo", Ref: "main", + Sha: "abc123", Type: "Gitlab", Projects: []string{"default"}, })