KEMBAR78
feat: support to start compose mock proxy servers by LinuxSuRen · Pull Request #670 · LinuxSuRen/api-testing · GitHub
Skip to content

feat: support to start compose mock proxy servers #670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 23, 2025
Merged

feat: support to start compose mock proxy servers #670

merged 2 commits into from
Apr 23, 2025

Conversation

@LinuxSuRen
Copy link
Owner

We highly recommend you read the contributor's documentation before starting the review process especially since this is your first contribution to this project.

It was updated on 2024/5/27

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

@LinuxSuRen LinuxSuRen added the enhancement New feature or request label Apr 22, 2025
@LinuxSuRen LinuxSuRen requested a review from yuluo-yx as a code owner April 22, 2025 14:36
@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 22, 2025
View reviewed changes
pkg/mock/in_memory.go
h.metrics.RecordRequest(req.URL.Path)
memLogger.Info("receiving mock request", "name", h.item.Name, "method", req.Method, "path", req.URL.Path,
"encoder", h.item.Response.Encoder)

Check warning

Code scanning / CodeQL

Reflected cross-site scripting Medium

Cross-site scripting vulnerability due to
user-provided value
Loading
.
Cross-site scripting vulnerability due to user-provided value.

Copilot Autofix

AI 6 months ago

To fix the issue, we need to ensure that any user-controlled data written to the HTTP response is properly sanitized or escaped to prevent XSS vulnerabilities. Specifically:

  1. Use the html.EscapeString function from the html package to escape any user-controlled data before writing it to the response.
  2. Apply this escaping to the h.item.Response.BodyData before it is passed to the writeResponse function.

The changes will be made in the handle method of the advanceHandler struct, ensuring that the h.item.Response.BodyData is sanitized before being written to the response.

Suggested changeset 1
pkg/mock/in_memory.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/mock/in_memory.go b/pkg/mock/in_memory.go
--- a/pkg/mock/in_memory.go
+++ b/pkg/mock/in_memory.go
@@ -26,2 +26,3 @@
     "net/http"
+    "html"
     "strings"
@@ -392,3 +393,5 @@
 
-    writeResponse(w, h.item.Response.BodyData, err)
+    // Escape user-controlled data to prevent XSS
+    escapedBodyData := []byte(html.EscapeString(string(h.item.Response.BodyData)))
+    writeResponse(w, escapedBodyData, err)
 }
EOF
@@ -26,2 +26,3 @@
"net/http"
"html"
"strings"
@@ -392,3 +393,5 @@

writeResponse(w, h.item.Response.BodyData, err)
// Escape user-controlled data to prevent XSS
escapedBodyData := []byte(html.EscapeString(string(h.item.Response.BodyData)))
writeResponse(w, escapedBodyData, err)
}
Copilot is powered by AI and may make mistakes. Always verify output.
@codacy-production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.15% (target: -1.00%) 64.80% (target: 80.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (109c5d9) 19393 7928 40.88%
Head commit (ebe03a0) 19745 (+352) 8101 (+173) 41.03% (+0.15%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#670) 446 289 64.80%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@github-actions
Copy link

There are 1 test cases, failed count 0:

Name Average Max Min Count Error
11.565264ms 12.162417ms 11.192117ms 3 0

Reported by api-testing.

@LinuxSuRen LinuxSuRen merged commit 5543dbf into master Apr 23, 2025
21 of 22 checks passed
@LinuxSuRen LinuxSuRen deleted the feat/mock-compose branch April 23, 2025 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yuluo-yx yuluo-yx Awaiting requested review from yuluo-yx yuluo-yx is a code owner

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LinuxSuRen