From b0413954c9c3b16eeb0a30cd4fb8d57d8312e0ce Mon Sep 17 00:00:00 2001 From: Victoria Hall Date: Thu, 5 Dec 2024 10:40:58 -0600 Subject: [PATCH 1/3] remove codeql tests, exclude all dependency locations --- eng/ci/official-build.yml | 3 +- eng/ci/public-build.yml | 3 +- .../test_third_party_http_functions.py | 72 +++++++++---------- .../stein/asgi_function/function_app.py | 29 -------- .../stein/wsgi_function/function_app.py | 12 ---- 5 files changed, 40 insertions(+), 79 deletions(-) diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index 52562bc1..d9a8b723 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -40,7 +40,8 @@ extends: os: windows sdl: codeql: - excludePathPatterns: '/deps' + # Exclude dependencies from CodeQL analysis + excludePathPatterns: ['/deps', '/build/webhost/bin/workers/python'] codeSignValidation: enabled: true break: true diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 618b3a5b..bf9436ff 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -41,7 +41,8 @@ extends: compiled: enabled: true # still only runs for default branch runSourceLanguagesInSourceAnalysis: true - excludePathPatterns: '/deps' + # Exclude dependencies from CodeQL analysis + excludePathPatterns: ['/deps', '/build/webhost/bin/workers/python'] settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: diff --git a/tests/unittests/test_third_party_http_functions.py b/tests/unittests/test_third_party_http_functions.py index 73aca898..7dd57e88 100644 --- a/tests/unittests/test_third_party_http_functions.py +++ b/tests/unittests/test_third_party_http_functions.py @@ -132,48 +132,12 @@ def check_log_print_to_console_stderr(self, # System logs stderr now exist in host_out self.assertIn('Secret42', host_out) - def test_raw_body_bytes(self): - parent_dir = pathlib.Path(__file__).parent.parent - image_file = parent_dir / 'unittests/resources/functions.png' - with open(image_file, 'rb') as image: - img = image.read() - encoded_image = base64.b64encode(img).decode('utf-8') - html_img_tag = \ - f'PNG Image' # noqa - sanitized_img_len = len(html_img_tag) - r = self.webhost.request('POST', 'raw_body_bytes', data=img, - no_prefix=True) - - received_body_len = int(r.headers['body-len']) - self.assertEqual(received_body_len, sanitized_img_len) - - encoded_image_data = encoded_image.split(",")[0] - body = base64.b64decode(encoded_image_data) - try: - received_img_file = parent_dir / 'received_img.png' - with open(received_img_file, 'wb') as received_img: - received_img.write(body) - self.assertTrue(filecmp.cmp(received_img_file, image_file)) - finally: - if (os.path.exists(received_img_file)): - os.remove(received_img_file) - def test_return_http_no_body(self): r = self.webhost.request('GET', 'return_http_no_body', no_prefix=True) self.assertEqual(r.text, '') self.assertEqual(r.status_code, 200) - def test_return_http_redirect(self): - r = self.webhost.request('GET', 'return_http_redirect', - no_prefix=True) - self.assertEqual(r.status_code, 200) - self.assertEqual(r.text, '

Hello World™

') - - r = self.webhost.request('GET', 'return_http_redirect', - allow_redirects=False, no_prefix=True) - self.assertEqual(r.status_code, 302) - def test_unhandled_error(self): r = self.webhost.request('GET', 'unhandled_error', no_prefix=True) self.assertEqual(r.status_code, 500) @@ -228,6 +192,32 @@ def check_log_hijack_current_event_loop(self, self.assertIn('parallelly_log_system at disguised_logger', host_out) + def test_raw_body_bytes(self): + parent_dir = pathlib.Path(__file__).parent.parent + image_file = parent_dir / 'unittests/resources/functions.png' + with open(image_file, 'rb') as image: + img = image.read() + encoded_image = base64.b64encode(img).decode('utf-8') + html_img_tag = \ + f'PNG Image' # noqa + sanitized_img_len = len(html_img_tag) + r = self.webhost.request('POST', 'raw_body_bytes', data=img, + no_prefix=True) + + received_body_len = int(r.headers['body-len']) + self.assertEqual(received_body_len, sanitized_img_len) + + encoded_image_data = encoded_image.split(",")[0] + body = base64.b64decode(encoded_image_data) + try: + received_img_file = parent_dir / 'received_img.png' + with open(received_img_file, 'wb') as received_img: + received_img.write(body) + self.assertTrue(filecmp.cmp(received_img_file, image_file)) + finally: + if (os.path.exists(received_img_file)): + os.remove(received_img_file) + class TestWsgiHttpFunctions( ThirdPartyHttpFunctionsTestBase.TestThirdPartyHttpFunctions): @@ -235,3 +225,13 @@ class TestWsgiHttpFunctions( def get_script_dir(cls): return UNIT_TESTS_ROOT / 'third_party_http_functions' / 'stein' / \ 'wsgi_function' + + def test_return_http_redirect(self): + r = self.webhost.request('GET', 'return_http_redirect', + no_prefix=True) + self.assertEqual(r.status_code, 200) + self.assertEqual(r.text, '

Hello World™

') + + r = self.webhost.request('GET', 'return_http_redirect', + allow_redirects=False, no_prefix=True) + self.assertEqual(r.status_code, 302) diff --git a/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py b/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py index 916b5d86..da76f071 100644 --- a/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py +++ b/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py @@ -1,13 +1,11 @@ import asyncio import logging -import re import sys from urllib.request import urlopen import base64 import azure.functions as func from fastapi import FastAPI, Request, Response -from fastapi.responses import RedirectResponse fast_app = FastAPI() logger = logging.getLogger("my-function") @@ -151,33 +149,6 @@ async def return_http(request: Request): return Response('

Hello World™

', media_type='text/html') -@fast_app.get("/return_http_redirect") -async def return_http_redirect(request: Request, code: str = ''): - # Expected format: 127.0.0.1: - host_and_port = request.url.components[1] - - # Validate to ensure it's a valid host and port structure - match = re.match(r'^127\.0\.0\.1:(\d+)$', host_and_port) - if not match: - return Response("Invalid request", status_code=400) - - # Validate port is within specific range - port = int(match.group(1)) - if port < 50000 or port > 65999: - return Response("Invalid port", status_code=400) - - # Validate the code param - allowed_codes = ['', 'testFunctionKey'] - if code not in allowed_codes: - return Response("Invalid code", status_code=400) - - # Return after all validation succeeds - location = 'return_http?code={}'.format(code) - return RedirectResponse(status_code=302, - url=f"http://{host_and_port}/" - f"{location}") - - @fast_app.get("/unhandled_error") async def unhandled_error(): 1 / 0 diff --git a/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py b/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py index e717f395..3d2f63d9 100644 --- a/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py +++ b/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py @@ -1,7 +1,6 @@ import logging import sys from urllib.request import urlopen -import base64 import azure.functions as func from flask import Flask, Response, redirect, request, url_for @@ -58,17 +57,6 @@ def print_logging(): return 'OK-print-logging' -@flask_app.post("/raw_body_bytes") -def raw_body_bytes(): - body = request.get_data() - - base64_encoded = base64.b64encode(body).decode('utf-8') - html_img_tag = \ - f'PNG Image' - - return Response(html_img_tag, headers={'body-len': str(len(html_img_tag))}) - - @flask_app.get("/return_http_no_body") def return_http_no_body(): return '' From 72db81c354ae7782c958940bfe36e64cc27fe928 Mon Sep 17 00:00:00 2001 From: hallvictoria <59299039+hallvictoria@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:46:09 -0600 Subject: [PATCH 2/3] Fix excludePathPatterns syntax in build filesformatting --- eng/ci/official-build.yml | 2 +- eng/ci/public-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index d9a8b723..eec9e2aa 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -41,7 +41,7 @@ extends: sdl: codeql: # Exclude dependencies from CodeQL analysis - excludePathPatterns: ['/deps', '/build/webhost/bin/workers/python'] + excludePathPatterns: '/deps,/build/webhost/bin/workers/python' codeSignValidation: enabled: true break: true diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index bf9436ff..c3323e2c 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -42,7 +42,7 @@ extends: enabled: true # still only runs for default branch runSourceLanguagesInSourceAnalysis: true # Exclude dependencies from CodeQL analysis - excludePathPatterns: ['/deps', '/build/webhost/bin/workers/python'] + excludePathPatterns: '/deps,/build/webhost/bin/workers/python' settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: From f22bb5e17c9a4f9b70c150afc5b344f6db566cc0 Mon Sep 17 00:00:00 2001 From: hallvictoria <59299039+hallvictoria@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:49:05 -0600 Subject: [PATCH 3/3] Update CodeQL exclude paths in CI files --- eng/ci/official-build.yml | 2 +- eng/ci/public-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index eec9e2aa..cdf7175e 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -41,7 +41,7 @@ extends: sdl: codeql: # Exclude dependencies from CodeQL analysis - excludePathPatterns: '/deps,/build/webhost/bin/workers/python' + excludePathPatterns: '/deps,/build' codeSignValidation: enabled: true break: true diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index c3323e2c..9806a86b 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -42,7 +42,7 @@ extends: enabled: true # still only runs for default branch runSourceLanguagesInSourceAnalysis: true # Exclude dependencies from CodeQL analysis - excludePathPatterns: '/deps,/build/webhost/bin/workers/python' + excludePathPatterns: '/deps,/build' settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: