Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: notation plugin install error messages and tests #855

Merged
merged 16 commits into from
Jan 4, 2024
Merged

fix: notation plugin install error messages and tests #855

merged 16 commits into from
Jan 4, 2024

Conversation

Two-Hearts
Copy link
Contributor

@Two-Hearts Two-Hearts commented Dec 26, 2023
edited
Loading

This PR improves error messages of notation plugin install command and updates the related cli specs as well.

This PR also adds zip bomb and zip slip tests.

Resolves #853.

@Two-Hearts
initial commits
c537c69 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix unit test
4c715f3 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix e2e tests
a8f13c1 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
improve error msg and updated spec
2b0f74c 
Signed-off-by: Patrick Zheng <[email protected]>
@codecov-commenter
Copy link

codecov-commenter commented Dec 26, 2023
edited
Loading

Codecov Report

Attention: 18 lines in your changes are missing coverage. Please review.

Comparison is base (dc575a6) 63.91% compared to head (29aabda) 65.14%.

Files Patch % Lines
cmd/notation/plugin/install.go 70.73% 8 Missing and 4 partials ⚠️
internal/osutil/file.go 20.00% 3 Missing and 1 partial ⚠️
cmd/notation/internal/plugin/plugin.go 0.00% 1 Missing ⚠️
cmd/notation/plugin/uninstall.go 0.00% 1 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #855      +/-   ##
==========================================
+ Coverage   63.91%   65.14%   +1.23%     
==========================================
  Files          45       45              
  Lines        2699     2717      +18     
==========================================
+ Hits         1725     1770      +45     
+ Misses        820      787      -33     
- Partials      154      160       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Two-Hearts Two-Hearts changed the title update: notation plugin command error messages fix: notation plugin command error messages Dec 27, 2023
@Two-Hearts
update
5e8387f 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts Two-Hearts changed the title fix: notation plugin command error messages fix: notation plugin install command error messages Dec 27, 2023
@Two-Hearts Two-Hearts changed the title fix: notation plugin install command error messages fix: notation plugin install error messages Dec 27, 2023
shizhMSFT
shizhMSFT reviewed Dec 28, 2023
View reviewed changes
cmd/notation/internal/plugin/plugin.go Outdated Show resolved Hide resolved
test/e2e/testdata/malicious-plugin/largeFileZip.zip Outdated Show resolved Hide resolved
cmd/notation/plugin/install.go Outdated Show resolved Hide resolved
internal/osutil/file.go Outdated Show resolved Hide resolved
internal/osutil/file.go Outdated Show resolved Hide resolved
@Two-Hearts
updated per code review
f1901d1 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix unit test
1afce6b 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
update
5d9c18e 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix e2e tests
f829079 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts Two-Hearts requested a review from shizhMSFT January 2, 2024 05:18
shizhMSFT
shizhMSFT previously approved these changes Jan 2, 2024
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

priteshbandi
priteshbandi reviewed Jan 2, 2024
View reviewed changes
cmd/notation/plugin/install.go Outdated Show resolved Hide resolved
specs/commandline/plugin.md Outdated Show resolved Hide resolved
specs/commandline/plugin.md Outdated Show resolved Hide resolved
@Two-Hearts
updated per code review
f40e7a9 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts Two-Hearts changed the title fix: notation plugin install error messages fix: notation plugin install error messages and tests Jan 3, 2024
@Two-Hearts
update
9c303bb 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix tests
424e7e3 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix tests
efc1fbd 
Signed-off-by: Patrick Zheng <[email protected]>
shizhMSFT
shizhMSFT approved these changes Jan 3, 2024
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

priteshbandi
priteshbandi approved these changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@priteshbandi priteshbandi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@priteshbandi priteshbandi merged commit 95b9861 into notaryproject:main Jan 4, 2024
5 checks passed
@Two-Hearts Two-Hearts deleted the plugin-install branch January 4, 2024 07:35
@yizha1 yizha1 mentioned this pull request Jan 4, 2024
Closed
@Two-Hearts Two-Hearts mentioned this pull request Jan 25, 2024
Merged
6 tasks
@chenrui333 chenrui333 mentioned this pull request Jan 28, 2024
Merged
rgnote pushed a commit to rgnote/notation that referenced this pull request Mar 8, 2024
@Two-Hearts @rgnote
fix: notation plugin install error messages and tests (notaryprojec…
981604f 
…t#855)

* This PR improves error messages of `notation plugin install` command and updates the related cli specs. (Resolves notaryproject#853)
* This PR also adds zip bomb and zip slip tests.

Signed-off-by: Patrick Zheng <[email protected]>
rgnote pushed a commit to rgnote/notation that referenced this pull request Mar 8, 2024
@Two-Hearts @rgnote
fix: notation plugin install error messages and tests (notaryprojec…
bea8cf2 
…t#855)

* This PR improves error messages of `notation plugin install` command and updates the related cli specs. (Resolves notaryproject#853)
* This PR also adds zip bomb and zip slip tests.

Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: rgnote <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shizhMSFT shizhMSFT shizhMSFT approved these changes

@priteshbandi priteshbandi priteshbandi approved these changes

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

@justincormack justincormack Awaiting requested review from justincormack

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@rgnote rgnote Awaiting requested review from rgnote rgnote is a code owner

@SteveLasker SteveLasker Awaiting requested review from SteveLasker

@JeyJeyGao JeyJeyGao Awaiting requested review from JeyJeyGao JeyJeyGao is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

notation plugin command enhancements
5 participants
@Two-Hearts @codecov-commenter @priteshbandi @shizhMSFT @JeyJeyGao