diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index ab2dc802..ad332eb2 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -30,6 +30,8 @@ resources: variables: - template: /eng/templates/utils/variables.yml@self - template: /eng/templates/utils/official-variables.yml@self + - name: codeql.excludePathPatterns + value: deps/,build/ extends: template: v1/1ES.Official.PipelineTemplate.yml@1es diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 67559744..a9854e7f 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -28,6 +28,12 @@ resources: variables: - template: /eng/templates/utils/variables.yml@self + - name: codeql.excludePathPatterns + value: deps/,build/ + - name: codeql.compiled.enabled + value: true + - name: codeql.runSourceLanguagesInSourceAnalysis + value: true extends: template: v1/1ES.Unofficial.PipelineTemplate.yml@1es @@ -36,11 +42,6 @@ extends: name: 1es-pool-azfunc-public image: 1es-windows-2022 os: windows - sdl: - codeql: - compiled: - enabled: true # still only runs for default branch - runSourceLanguagesInSourceAnalysis: true settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml index 9bf2027a..90a3578d 100644 --- a/pack/templates/macos_64_env_gen.yml +++ b/pack/templates/macos_64_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml index b89d4813..ae3cf433 100644 --- a/pack/templates/nix_env_gen.yml +++ b/pack/templates/nix_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml index 8e9b0321..2eee3411 100644 --- a/pack/templates/win_env_gen.yml +++ b/pack/templates/win_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/tests/unittests/test_third_party_http_functions.py b/tests/unittests/test_third_party_http_functions.py index 73aca898..7dd57e88 100644 --- a/tests/unittests/test_third_party_http_functions.py +++ b/tests/unittests/test_third_party_http_functions.py @@ -132,48 +132,12 @@ def check_log_print_to_console_stderr(self, # System logs stderr now exist in host_out self.assertIn('Secret42', host_out) - def test_raw_body_bytes(self): - parent_dir = pathlib.Path(__file__).parent.parent - image_file = parent_dir / 'unittests/resources/functions.png' - with open(image_file, 'rb') as image: - img = image.read() - encoded_image = base64.b64encode(img).decode('utf-8') - html_img_tag = \ - f'PNG Image' # noqa - sanitized_img_len = len(html_img_tag) - r = self.webhost.request('POST', 'raw_body_bytes', data=img, - no_prefix=True) - - received_body_len = int(r.headers['body-len']) - self.assertEqual(received_body_len, sanitized_img_len) - - encoded_image_data = encoded_image.split(",")[0] - body = base64.b64decode(encoded_image_data) - try: - received_img_file = parent_dir / 'received_img.png' - with open(received_img_file, 'wb') as received_img: - received_img.write(body) - self.assertTrue(filecmp.cmp(received_img_file, image_file)) - finally: - if (os.path.exists(received_img_file)): - os.remove(received_img_file) - def test_return_http_no_body(self): r = self.webhost.request('GET', 'return_http_no_body', no_prefix=True) self.assertEqual(r.text, '') self.assertEqual(r.status_code, 200) - def test_return_http_redirect(self): - r = self.webhost.request('GET', 'return_http_redirect', - no_prefix=True) - self.assertEqual(r.status_code, 200) - self.assertEqual(r.text, '

Hello World™

') - - r = self.webhost.request('GET', 'return_http_redirect', - allow_redirects=False, no_prefix=True) - self.assertEqual(r.status_code, 302) - def test_unhandled_error(self): r = self.webhost.request('GET', 'unhandled_error', no_prefix=True) self.assertEqual(r.status_code, 500) @@ -228,6 +192,32 @@ def check_log_hijack_current_event_loop(self, self.assertIn('parallelly_log_system at disguised_logger', host_out) + def test_raw_body_bytes(self): + parent_dir = pathlib.Path(__file__).parent.parent + image_file = parent_dir / 'unittests/resources/functions.png' + with open(image_file, 'rb') as image: + img = image.read() + encoded_image = base64.b64encode(img).decode('utf-8') + html_img_tag = \ + f'PNG Image' # noqa + sanitized_img_len = len(html_img_tag) + r = self.webhost.request('POST', 'raw_body_bytes', data=img, + no_prefix=True) + + received_body_len = int(r.headers['body-len']) + self.assertEqual(received_body_len, sanitized_img_len) + + encoded_image_data = encoded_image.split(",")[0] + body = base64.b64decode(encoded_image_data) + try: + received_img_file = parent_dir / 'received_img.png' + with open(received_img_file, 'wb') as received_img: + received_img.write(body) + self.assertTrue(filecmp.cmp(received_img_file, image_file)) + finally: + if (os.path.exists(received_img_file)): + os.remove(received_img_file) + class TestWsgiHttpFunctions( ThirdPartyHttpFunctionsTestBase.TestThirdPartyHttpFunctions): @@ -235,3 +225,13 @@ class TestWsgiHttpFunctions( def get_script_dir(cls): return UNIT_TESTS_ROOT / 'third_party_http_functions' / 'stein' / \ 'wsgi_function' + + def test_return_http_redirect(self): + r = self.webhost.request('GET', 'return_http_redirect', + no_prefix=True) + self.assertEqual(r.status_code, 200) + self.assertEqual(r.text, '

Hello World™

') + + r = self.webhost.request('GET', 'return_http_redirect', + allow_redirects=False, no_prefix=True) + self.assertEqual(r.status_code, 302) diff --git a/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py b/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py index 916b5d86..da76f071 100644 --- a/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py +++ b/tests/unittests/third_party_http_functions/stein/asgi_function/function_app.py @@ -1,13 +1,11 @@ import asyncio import logging -import re import sys from urllib.request import urlopen import base64 import azure.functions as func from fastapi import FastAPI, Request, Response -from fastapi.responses import RedirectResponse fast_app = FastAPI() logger = logging.getLogger("my-function") @@ -151,33 +149,6 @@ async def return_http(request: Request): return Response('

Hello World™

', media_type='text/html') -@fast_app.get("/return_http_redirect") -async def return_http_redirect(request: Request, code: str = ''): - # Expected format: 127.0.0.1: - host_and_port = request.url.components[1] - - # Validate to ensure it's a valid host and port structure - match = re.match(r'^127\.0\.0\.1:(\d+)$', host_and_port) - if not match: - return Response("Invalid request", status_code=400) - - # Validate port is within specific range - port = int(match.group(1)) - if port < 50000 or port > 65999: - return Response("Invalid port", status_code=400) - - # Validate the code param - allowed_codes = ['', 'testFunctionKey'] - if code not in allowed_codes: - return Response("Invalid code", status_code=400) - - # Return after all validation succeeds - location = 'return_http?code={}'.format(code) - return RedirectResponse(status_code=302, - url=f"http://{host_and_port}/" - f"{location}") - - @fast_app.get("/unhandled_error") async def unhandled_error(): 1 / 0 diff --git a/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py b/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py index e717f395..3d2f63d9 100644 --- a/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py +++ b/tests/unittests/third_party_http_functions/stein/wsgi_function/function_app.py @@ -1,7 +1,6 @@ import logging import sys from urllib.request import urlopen -import base64 import azure.functions as func from flask import Flask, Response, redirect, request, url_for @@ -58,17 +57,6 @@ def print_logging(): return 'OK-print-logging' -@flask_app.post("/raw_body_bytes") -def raw_body_bytes(): - body = request.get_data() - - base64_encoded = base64.b64encode(body).decode('utf-8') - html_img_tag = \ - f'PNG Image' - - return Response(html_img_tag, headers={'body-len': str(len(html_img_tag))}) - - @flask_app.get("/return_http_no_body") def return_http_no_body(): return ''