Skip to content

Commit b124bb5

Browse files
lholmquistalizard0JessicaJHee
authored
backport of Orchestrator/release 1.10 to orchestrator/workspace (#3586)
* bump fast-uri (#3454) * [release-1.10] chore(deps): bump Orchestrator deps to resolve 1.10.2 CVEs (#3537) Signed-off-by: Jessica He <jhe@redhat.com> * fix: allow properly quoted LoqQL querys in the selector field. (#3533) (#3552) fixes https://redhat.atlassian.net/browse/RHDHSUPP-381 assisted by cursor --------- Signed-off-by: Jessica He <jhe@redhat.com> Co-authored-by: André <alizardo@redhat.com> Co-authored-by: Jessica He <jhe@redhat.com>
1 parent 683f9d6 commit b124bb5

5 files changed

Lines changed: 141 additions & 53 deletions

File tree

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@red-hat-developer-hub/backstage-plugin-orchestrator-backend-module-loki': patch
3+
---
4+
5+
Fix to allow properly quoted LoqQL querys in the selector field

workspaces/orchestrator/plugins/orchestrator-backend-module-loki/src/workflowLogsProviders/LokiProvider.test.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ describe('LokiProvider', () => {
159159
},
160160
}),
161161
),
162-
).toThrow(/must not contain "\}"/);
162+
).toThrow(/must not contain unquoted "\{" or "\}"/);
163163
});
164164

165165
it('rejects logPipelineFilters containing opening brace', () => {
@@ -171,13 +171,13 @@ describe('LokiProvider', () => {
171171
loki: {
172172
baseUrl: 'http://localhost:3100',
173173
token: 't',
174-
logPipelineFilters: ['| pattern `{stream}`'],
174+
logPipelineFilters: ['| foo {bar="baz"}'],
175175
},
176176
},
177177
},
178178
}),
179179
),
180-
).toThrow(/must not contain "\{"/);
180+
).toThrow(/must not contain unquoted "\{" or "\}"/);
181181
});
182182

183183
it('rejects logPipelineFilters entries that trim to empty (whitespace-only)', () => {

workspaces/orchestrator/plugins/orchestrator-backend-module-loki/src/workflowLogsProviders/helpers.test.ts

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,47 @@ describe('parseAndValidateLogPipelineFilters', () => {
7979
/orchestrator\.workflowLogProvider\.loki\.logPipelineFilters\[0\]: entry must not contain line breaks/,
8080
);
8181
});
82+
83+
it('accepts line_format with Go template braces inside double quotes', () => {
84+
const mockConfig = {
85+
getOptionalStringArray: () => ['| line_format "{{.message}}"'],
86+
} as unknown as Config;
87+
expect(
88+
parseAndValidateLogPipelineFilters(
89+
mockConfig,
90+
'orchestrator.workflowLogProvider.loki.logPipelineFilters',
91+
),
92+
).toEqual(['| line_format "{{.message}}"']);
93+
});
94+
95+
it('accepts braces inside backtick-quoted pattern literals', () => {
96+
const mockConfig = {
97+
getOptionalStringArray: () => ['| pattern `{stream}`'],
98+
} as unknown as Config;
99+
expect(
100+
parseAndValidateLogPipelineFilters(
101+
mockConfig,
102+
'orchestrator.workflowLogProvider.loki.logPipelineFilters',
103+
),
104+
).toEqual(['| pattern `{stream}`']);
105+
});
106+
107+
it.each([['| json }'], ['| foo {bar="baz"}']])(
108+
'rejects unquoted braces: %s',
109+
raw => {
110+
const mockConfig = {
111+
getOptionalStringArray: () => [raw],
112+
} as unknown as Config;
113+
expect(() =>
114+
parseAndValidateLogPipelineFilters(
115+
mockConfig,
116+
'orchestrator.workflowLogProvider.loki.logPipelineFilters',
117+
),
118+
).toThrow(
119+
/orchestrator\.workflowLogProvider\.loki\.logPipelineFilters\[0\]: entry must not contain unquoted "\{" or "\}"/,
120+
);
121+
},
122+
);
82123
});
83124

84125
describe('hostnameMatchesAllowedHosts', () => {

workspaces/orchestrator/plugins/orchestrator-backend-module-loki/src/workflowLogsProviders/helpers.ts

Lines changed: 50 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,55 @@ export function parseAndValidateLogStreamSelectors(
178178
});
179179
}
180180

181+
/**
182+
* Rejects `{` / `}` outside quoted LogQL literals so pipeline config cannot
183+
* close the stream selector (`{...}`) and inject a new selector. Braces inside
184+
* `"..."` or `` `...` `` (e.g. `line_format "{{.message}}"`) are allowed.
185+
*/
186+
function assertNoUnquotedLogQlBraces(element: string, context: string): void {
187+
let i = 0;
188+
while (i < element.length) {
189+
const ch = element[i];
190+
if (ch === '"') {
191+
i = skipQuotedString(element, i + 1, '"', context);
192+
continue;
193+
}
194+
if (ch === '`') {
195+
i = skipQuotedString(element, i + 1, '`', context);
196+
continue;
197+
}
198+
if (ch === '{' || ch === '}') {
199+
throw new InputError(
200+
`${context}: entry must not contain unquoted "{" or "}"`,
201+
);
202+
}
203+
i++;
204+
}
205+
}
206+
207+
function skipQuotedString(
208+
element: string,
209+
start: number,
210+
quote: '"' | '`',
211+
context: string,
212+
): number {
213+
let i = start;
214+
while (i < element.length) {
215+
const ch = element[i];
216+
if (quote === '"' && ch === '\\') {
217+
i += 2;
218+
continue;
219+
}
220+
if (ch === quote) {
221+
return i + 1;
222+
}
223+
i++;
224+
}
225+
throw new InputError(
226+
`${context}: entry contains an unclosed ${quote === '"' ? 'double-quoted' : 'backtick-quoted'} string`,
227+
);
228+
}
229+
181230
/**
182231
* Reads and validates `logPipelineFilters` at startup.
183232
*/
@@ -200,12 +249,7 @@ export function parseAndValidateLogPipelineFilters(
200249
if (/[\r\n\u2028\u2029]/.test(element)) {
201250
throw new InputError(`${ctx}: entry must not contain line breaks`);
202251
}
203-
if (element.includes('{')) {
204-
throw new InputError(`${ctx}: entry must not contain "{"`);
205-
}
206-
if (element.includes('}')) {
207-
throw new InputError(`${ctx}: entry must not contain "}"`);
208-
}
252+
assertNoUnquotedLogQlBraces(element, ctx);
209253
return element;
210254
});
211255
}

workspaces/orchestrator/yarn.lock

Lines changed: 42 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -18281,12 +18281,12 @@ __metadata:
1828118281
languageName: node
1828218282
linkType: hard
1828318283

18284-
"acorn@npm:^8.11.0, acorn@npm:^8.14.1, acorn@npm:^8.16.0, acorn@npm:^8.4.1, acorn@npm:^8.8.2, acorn@npm:^8.9.0":
18285-
version: 8.16.0
18286-
resolution: "acorn@npm:8.16.0"
18284+
"acorn@npm:^8.11.0, acorn@npm:^8.15.0, acorn@npm:^8.16.0, acorn@npm:^8.4.1, acorn@npm:^8.8.2, acorn@npm:^8.9.0":
18285+
version: 8.17.0
18286+
resolution: "acorn@npm:8.17.0"
1828718287
bin:
1828818288
acorn: bin/acorn
18289-
checksum: 10c0/c9c52697227661b68d0debaf972222d4f622aa06b185824164e153438afa7b08273432ca43ea792cadb24dada1d46f6f6bb1ef8de9956979288cc1b96bf9914e
18289+
checksum: 10c0/5dcefea5f8f023b6cc24cbe71fb5a8112b601d36c4fa07d14e4e6ffc2ee47383332c46b36c766d9437725aa6660156eae50efa0c838719823b50d7c327c4ed42
1829018290
languageName: node
1829118291
linkType: hard
1829218292

@@ -19219,13 +19219,14 @@ __metadata:
1921919219
linkType: hard
1922019220

1922119221
"axios@npm:^1.0.0, axios@npm:^1.12.0, axios@npm:^1.12.2, axios@npm:^1.13.6, axios@npm:^1.15.0":
19222-
version: 1.15.0
19223-
resolution: "axios@npm:1.15.0"
19222+
version: 1.18.1
19223+
resolution: "axios@npm:1.18.1"
1922419224
dependencies:
19225-
follow-redirects: "npm:^1.15.11"
19225+
follow-redirects: "npm:^1.16.0"
1922619226
form-data: "npm:^4.0.5"
19227+
https-proxy-agent: "npm:^5.0.1"
1922719228
proxy-from-env: "npm:^2.1.0"
19228-
checksum: 10c0/47e0f860e98d4d7aa145e89ce0cae00e1fb0f1d2485f065c21fce955ddb1dba4103a46bd0e47acd18a27208a7f62c96249e620db575521b92a968619ab133409
19229+
checksum: 10c0/9d9378a3af0d0ad730a52ad9d15ec7201f3926ad6e7e8bbffc5ae21ca2835ad11d1d9598698f5dd9718917486039f55ea1d7dc23d8e44fa827a55cc3262c02fc
1922919230
languageName: node
1923019231
linkType: hard
1923119232

@@ -24098,13 +24099,13 @@ __metadata:
2409824099
linkType: hard
2409924100

2410024101
"express-rate-limit@npm:^8.2.2":
24101-
version: 8.3.2
24102-
resolution: "express-rate-limit@npm:8.3.2"
24102+
version: 8.5.2
24103+
resolution: "express-rate-limit@npm:8.5.2"
2410324104
dependencies:
24104-
ip-address: "npm:10.1.0"
24105+
ip-address: "npm:^10.2.0"
2410524106
peerDependencies:
2410624107
express: ">= 4.11"
24107-
checksum: 10c0/5b64d0691071086cdb8cfc6bcd5e761f5687cf4fabdebfe2a043ea5b4d31443637181e7be71e7ffabce76aee816daee62c1ca83250045847957da408a129f650
24108+
checksum: 10c0/c98c49b93e94627940cf5e7c2578718b94d77163357161c3343d148e46257136c988933a96d6e1e728a010683133a58f68cad46928b063cf8d99521c8772578d
2410824109
languageName: node
2410924110
linkType: hard
2411024111

@@ -24336,9 +24337,9 @@ __metadata:
2433624337
linkType: hard
2433724338

2433824339
"fast-uri@npm:^3.0.1":
24339-
version: 3.0.3
24340-
resolution: "fast-uri@npm:3.0.3"
24341-
checksum: 10c0/4b2c5ce681a062425eae4f15cdc8fc151fd310b2f69b1f96680677820a8b49c3cd6e80661a406e19d50f0c40a3f8bffdd458791baf66f4a879d80be28e10a320
24340+
version: 3.1.2
24341+
resolution: "fast-uri@npm:3.1.2"
24342+
checksum: 10c0/5b35641895959f3f7ab7a7b1b5542bded159346f25ec9f256817b206d50b64eda5828e90d605a2e2fc645c90519a7259c2bab2c942ee728c88b88e5be21b090d
2434224343
languageName: node
2434324344
linkType: hard
2434424345

@@ -24649,7 +24650,7 @@ __metadata:
2464924650
languageName: node
2465024651
linkType: hard
2465124652

24652-
"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11":
24653+
"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.16.0":
2465324654
version: 1.16.0
2465424655
resolution: "follow-redirects@npm:1.16.0"
2465524656
peerDependenciesMeta:
@@ -26711,20 +26712,10 @@ __metadata:
2671126712
languageName: node
2671226713
linkType: hard
2671326714

26714-
"ip-address@npm:10.1.0":
26715-
version: 10.1.0
26716-
resolution: "ip-address@npm:10.1.0"
26717-
checksum: 10c0/0103516cfa93f6433b3bd7333fa876eb21263912329bfa47010af5e16934eeeff86f3d2ae700a3744a137839ddfad62b900c7a445607884a49b5d1e32a3d7566
26718-
languageName: node
26719-
linkType: hard
26720-
26721-
"ip-address@npm:^9.0.5":
26722-
version: 9.0.5
26723-
resolution: "ip-address@npm:9.0.5"
26724-
dependencies:
26725-
jsbn: "npm:1.1.0"
26726-
sprintf-js: "npm:^1.1.3"
26727-
checksum: 10c0/331cd07fafcb3b24100613e4b53e1a2b4feab11e671e655d46dc09ee233da5011284d09ca40c4ecbdfe1d0004f462958675c224a804259f2f78d2465a87824bc
26715+
"ip-address@npm:^10.1.1, ip-address@npm:^10.2.0":
26716+
version: 10.2.0
26717+
resolution: "ip-address@npm:10.2.0"
26718+
checksum: 10c0/5a00aada6e922c9c69dfc800ed5d0fa3348675ebdeed0e1575f503f27ca385b5f534363c9af7ad1daf64c1f1409388cdd3cc2e9b9b0fe1c924a431378d55075a
2672826719
languageName: node
2672926720
linkType: hard
2673026721

@@ -28189,7 +28180,7 @@ __metadata:
2818928180
languageName: node
2819028181
linkType: hard
2819128182

28192-
"jsbn@npm:1.1.0, jsbn@npm:^1.1.0":
28183+
"jsbn@npm:^1.1.0":
2819328184
version: 1.1.0
2819428185
resolution: "jsbn@npm:1.1.0"
2819528186
checksum: 10c0/4f907fb78d7b712e11dea8c165fe0921f81a657d3443dde75359ed52eb2b5d33ce6773d97985a089f09a65edd80b11cb75c767b57ba47391fee4c969f7215c96
@@ -36168,13 +36159,20 @@ __metadata:
3616836159
languageName: node
3616936160
linkType: hard
3617036161

36171-
"shell-quote@npm:1.8.3, shell-quote@npm:^1.7.3, shell-quote@npm:^1.8.1":
36162+
"shell-quote@npm:1.8.3":
3617236163
version: 1.8.3
3617336164
resolution: "shell-quote@npm:1.8.3"
3617436165
checksum: 10c0/bee87c34e1e986cfb4c30846b8e6327d18874f10b535699866f368ade11ea4ee45433d97bf5eada22c4320c27df79c3a6a7eb1bf3ecfc47f2c997d9e5e2672fd
3617536166
languageName: node
3617636167
linkType: hard
3617736168

36169+
"shell-quote@npm:^1.7.3, shell-quote@npm:^1.8.1":
36170+
version: 1.8.4
36171+
resolution: "shell-quote@npm:1.8.4"
36172+
checksum: 10c0/86c93678bc394cb81f5ddcdc87df9c95d279ef9652775cd1cd1eed361404169a8d8cbaacaeed232ab09919e36ee1e5363863570390d78571f8c22b7f6312fb40
36173+
languageName: node
36174+
linkType: hard
36175+
3617836176
"short-unique-id@npm:^5.3.2":
3617936177
version: 5.3.2
3618036178
resolution: "short-unique-id@npm:5.3.2"
@@ -36361,12 +36359,12 @@ __metadata:
3636136359
linkType: hard
3636236360

3636336361
"socks@npm:^2.6.2, socks@npm:^2.8.3":
36364-
version: 2.8.3
36365-
resolution: "socks@npm:2.8.3"
36362+
version: 2.8.9
36363+
resolution: "socks@npm:2.8.9"
3636636364
dependencies:
36367-
ip-address: "npm:^9.0.5"
36365+
ip-address: "npm:^10.1.1"
3636836366
smart-buffer: "npm:^4.2.0"
36369-
checksum: 10c0/d54a52bf9325165770b674a67241143a3d8b4e4c8884560c4e0e078aace2a728dffc7f70150660f51b85797c4e1a3b82f9b7aa25e0a0ceae1a243365da5c51a7
36367+
checksum: 10c0/2d4350c31142b0931eb1758825b426bcbf4bfb5eed682ca48bc46dc9e7d1930ec366ea574ad49fc6c1fd9e9e17ce243be0ef13e31fc4b0319d9093f1fb19743c
3637036368
languageName: node
3637136369
linkType: hard
3637236370

@@ -36523,7 +36521,7 @@ __metadata:
3652336521
languageName: node
3652436522
linkType: hard
3652536523

36526-
"sprintf-js@npm:^1.1.2, sprintf-js@npm:^1.1.3":
36524+
"sprintf-js@npm:^1.1.2":
3652736525
version: 1.1.3
3652836526
resolution: "sprintf-js@npm:1.1.3"
3652936527
checksum: 10c0/09270dc4f30d479e666aee820eacd9e464215cdff53848b443964202bf4051490538e5dd1b42e1a65cf7296916ca17640aebf63dae9812749c7542ee5f288dec
@@ -39407,14 +39405,14 @@ __metadata:
3940739405
linkType: hard
3940839406

3940939407
"vm2@npm:^3.10.0":
39410-
version: 3.10.4
39411-
resolution: "vm2@npm:3.10.4"
39408+
version: 3.11.5
39409+
resolution: "vm2@npm:3.11.5"
3941239410
dependencies:
39413-
acorn: "npm:^8.14.1"
39411+
acorn: "npm:^8.15.0"
3941439412
acorn-walk: "npm:^8.3.4"
3941539413
bin:
3941639414
vm2: bin/vm2
39417-
checksum: 10c0/24b38bccd3fd84711f5526185ccb62c3607f35643f7e5425236ed4e7f0fa6249902713a5a5c4cb42267ec0199c3a10d5f27596a0794e03115cef0c8ae7683fe2
39415+
checksum: 10c0/0917795f8cfb9e0e4bcbb431d44546eda492165143885d448a6585c862a57e0dedb36fc0922fbe3b386a8cec5ef8c46256ef38e00749eaa53fec7b442be0a390
3941839416
languageName: node
3941939417
linkType: hard
3942039418

@@ -40034,8 +40032,8 @@ __metadata:
4003440032
linkType: hard
4003540033

4003640034
"ws@npm:*, ws@npm:^8.11.0, ws@npm:^8.13.0, ws@npm:^8.18.0, ws@npm:^8.18.3, ws@npm:^8.8.0":
40037-
version: 8.20.0
40038-
resolution: "ws@npm:8.20.0"
40035+
version: 8.21.0
40036+
resolution: "ws@npm:8.21.0"
4003940037
peerDependencies:
4004040038
bufferutil: ^4.0.1
4004140039
utf-8-validate: ">=5.0.2"
@@ -40044,7 +40042,7 @@ __metadata:
4004440042
optional: true
4004540043
utf-8-validate:
4004640044
optional: true
40047-
checksum: 10c0/956ac5f11738c914089b65878b9223692ace77337ba55379ae68e1ecbeae9b47a0c6eb9403688f609999a58c80d83d99865fe0029b229d308b08c1ef93d4ea14
40045+
checksum: 10c0/ef4a243476283fc49bc7550966c4af4aa0eef56273837211e700de3b664e08604a760cdddcb5ba43c049140e74ccfec5b0ee0bb439e08c2adf9138902fdde5f9
4004840046
languageName: node
4004940047
linkType: hard
4005040048

0 commit comments

Comments
 (0)