You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The import-url command parses arguments formatted as url:primary:secret. It uses strings.Split(f, ":") and reconstructs the URL by concatenating the first two elements. If the URL contains a port number (e.g. http://localhost:8585/spec.yaml), the split splits it into ["http", "//localhost", "8585/spec.yaml"]. The code then drops the port and path, changing the URL to http://localhost.
Reason Why It Is Valid
It breaks importing artifacts from local test instances or any custom web server that runs on a non-default port (containing a colon).
Bug Simulation Workflow
graph TD
A["User runs: microcks import-url http://localhost:8585/api.yaml"] --> B["Split by ':' produces http, //localhost, 8585/api.yaml"]
B --> C["Reconstruction: urlAndMainAtrifactAndSecretName[0] + ':' + urlAndMainAtrifactAndSecretName[1]"]
C --> D["Resulting URL is http://localhost"]
D --> E["API import request sent to http://localhost instead of http://localhost:8585/api.yaml"]
Loading
Code Change
Before (Lines to be changed)
- // Check if URL starts with https or http- if strings.HasPrefix(f, "https://") || strings.HasPrefix(f, "http://") {- urlAndMainAtrifactAndSecretName := strings.Split(f, ":")- n := len(urlAndMainAtrifactAndSecretName)- f = urlAndMainAtrifactAndSecretName[0] + ":" + urlAndMainAtrifactAndSecretName[1]- if n > 2 {- val, err := strconv.ParseBool(urlAndMainAtrifactAndSecretName[2])- if err != nil {- fmt.Println(err)- }- mainArtifact = val- }- if n > 3 {- secret = urlAndMainAtrifactAndSecretName[3]- }- }
After (Changed lines)
+ // Check if URL starts with https or http and safely extract flags from the end+ if strings.HasPrefix(f, "https://") || strings.HasPrefix(f, "http://") {+ parts := strings.Split(f, ":")+ n := len(parts)+ // If the last parts represent mainArtifact or secret name+ if n > 2 {+ if val, err := strconv.ParseBool(parts[n-1]); err == nil {+ mainArtifact = val+ f = strings.Join(parts[:n-1], ":")+ } else if n > 3 {+ if val, err := strconv.ParseBool(parts[n-2]); err == nil {+ mainArtifact = val+ secret = parts[n-1]+ f = strings.Join(parts[:n-2], ":")+ }+ }+ }+ }
Where
NewImportURLCommandDescription
The
import-urlcommand parses arguments formatted asurl:primary:secret. It usesstrings.Split(f, ":")and reconstructs the URL by concatenating the first two elements. If the URL contains a port number (e.g.http://localhost:8585/spec.yaml), the split splits it into["http", "//localhost", "8585/spec.yaml"]. The code then drops the port and path, changing the URL tohttp://localhost.Reason Why It Is Valid
It breaks importing artifacts from local test instances or any custom web server that runs on a non-default port (containing a colon).
Bug Simulation Workflow
graph TD A["User runs: microcks import-url http://localhost:8585/api.yaml"] --> B["Split by ':' produces http, //localhost, 8585/api.yaml"] B --> C["Reconstruction: urlAndMainAtrifactAndSecretName[0] + ':' + urlAndMainAtrifactAndSecretName[1]"] C --> D["Resulting URL is http://localhost"] D --> E["API import request sent to http://localhost instead of http://localhost:8585/api.yaml"]Code Change
Before (Lines to be changed)
After (Changed lines)