sudacode/metrics
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix CodeQL issues (#150)

Browse Source
This commit is contained in:
Simon Lecoq
2021-02-20 21:07:00 +01:00
committed by GitHub
parent 8d18e6cfba
commit 451af15180
1 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
source/app/web/instance.mjs
View File

@@ -142,13 +142,18 @@
//Metrics //Metrics
const pending = new Set() const pending = new Set()
app.get("/:login/:repository", ...middlewares, (req, res) => res.redirect(`/${req.params.login}?template=repository&repo=${req.params.repository}&${Object.entries(req.query).map(([key, value]) => `${key}=${encodeURIComponent(value)}`).join("&")}`)) app.get("/:login/:repository?", ...middlewares, async(req, res) => {
app.get("/:login", ...middlewares, async(req, res) => {
//Request params //Request params
const login = req.params.login?.replace(/[\n\r]/g, "") const login = req.params.login?.replace(/[\n\r]/g, "")
const repository = req.params.repository?.replace(/[\n\r]/g, "")
if (!/^[-\w]+$/i.test(login)) {
console.debug(`metrics/app/${login} > 400 (invalid username)`)
return res.status(400).send("Bad request: username seems invalid")
}
//Allowed list check
if ((restricted.length)&&(!restricted.includes(login))) { if ((restricted.length)&&(!restricted.includes(login))) {
console.debug(`metrics/app/${login} > 403 (not in allowed users)`) console.debug(`metrics/app/${login} > 403 (not in allowed users)`)
return res.status(403).send(`Forbidden: "${login}" not in allowed users`) return res.status(403).send("Forbidden: username not in allowed list")
} }
//Read cached data if possible //Read cached data if possible
if ((!debug)&&(cached)&&(cache.get(login))) { if ((!debug)&&(cached)&&(cache.get(login))) {
@@ -159,14 +164,21 @@
//Maximum simultaneous users //Maximum simultaneous users
if ((maxusers)&&(cache.size()+1 > maxusers)) { if ((maxusers)&&(cache.size()+1 > maxusers)) {
console.debug(`metrics/app/${login} > 503 (maximum users reached)`) console.debug(`metrics/app/${login} > 503 (maximum users reached)`)
return res.status(503).send("Service Unavailable: maximum users reached, only cached metrics are available") return res.status(503).send("Service Unavailable: maximum number of users reached, only cached metrics are available")
} }
//Prevent multiples requests //Prevent multiples requests
if (pending.has(login)) { if (pending.has(login)) {
console.debug(`metrics/app/${login} > 409 (multiple requests)`) console.debug(`metrics/app/${login} > 409 (multiple requests)`)
return res.status(409).send(`Conflict: a request for "${login}" is being process, retry later`) return res.status(409).send(`Conflict: a request for "${login}" is already being processed, retry later once previous one is finished`)
} }
pending.add(login) pending.add(login)
//Repository alias
if (repository) {
console.debug(`metrics/app/${login} > compute repository metrics`)
if (!req.query.template)
req.query.template = "repository"
req.query.repo = repository
}
//Compute rendering //Compute rendering
try { try {
@@ -191,12 +203,12 @@
//Not found user //Not found user
if ((error instanceof Error)&&(/^user not found$/.test(error.message))) { if ((error instanceof Error)&&(/^user not found$/.test(error.message))) {
console.debug(`metrics/app/${login} > 404 (user/organization not found)`) console.debug(`metrics/app/${login} > 404 (user/organization not found)`)
return res.status(404).send(`Not found: unknown user or organization "${login}"`) return res.status(404).send("Not found: unknown user or organization")
} }
//Invalid template //Invalid template
if ((error instanceof Error)&&(/^unsupported template$/.test(error.message))) { if ((error instanceof Error)&&(/^unsupported template$/.test(error.message))) {
console.debug(`metrics/app/${login} > 400 (bad request)`) console.debug(`metrics/app/${login} > 400 (bad request)`)
return res.status(400).send(`Bad request: unsupported template "${req.query.template}"`) return res.status(400).send("Bad request: unsupported template")
} }
//General error //General error
console.error(error) console.error(error)