10000 SEAB-6448: Make various WorkflowResource endpoints refuse to update .dockstore.yml-based workflows by svonworl · Pull Request #5905 · dockstore/dockstore · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

SEAB-6448: Make various WorkflowResource endpoints refuse to update .dockstore.yml-based workflows #5905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 7, 2024
Merged

SEAB-6448: Make various WorkflowResource endpoints refuse to update .dockstore.yml-based workflows #5905

merged 5 commits into from
Jun 7, 2024

Conversation

svonworl
Copy link
Contributor
@svonworl svonworl commented Jun 6, 2024
edited
Loading

Description
As part of the investigation of https://ucsc-cgl.atlassian.net/browse/SEAB-6448 and https://ucsc-cgl.atlassian.net/browse/SEAB-6449 (see Slack thread https://ucsc-gi.slack.com/archives/C05EZH3RVNY/p1717540768164039), we found via testing that a workflow owner can restub .dockstore.yml-based workflows via the API, and probably update them via various other WorkflowResource endpoints intended only for use on STUB/FULL workflows. This PR changes these endpoints to gracefully refuse to update .dockstore.yml-based workflows.

Review Instructions
Create a .dockstore.yml-based workflow on qa, then attempt to restub it via the API. The attempt should fail with a BAD_REQUEST response code and a useful error message.

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-6448
https://ucsc-cgl.atlassian.net/browse/SEAB-6449

Security and Privacy

  • Security and Privacy assessed

e.g. Does this change...

  • Any user data we collect, or data location?
  • Access control, authentication or authorization?
  • Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

  • Check that you pass the basic style checks and unit tests by running mvn clean install
  • Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
  • Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
  • If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
  • Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
  • Do not serve user-uploaded binary images through the Dockstore API
  • Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
  • Do not create cookies, although this may change in the future
  • If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

@codecov Codecov
Copy link
codecov bot commented Jun 6, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 84.61538% with 2 lines in your changes missing coverage. Please review.

Project coverage is 74.55%. Comparing base (b881d9c) to head (fdb67c6).

Current head fdb67c6 differs from pull request most recent head 38b28c1

Please upload reports for the commit 38b28c1 to get more accurate results.

Files Patch % Lines
...ckstore/webservice/resources/WorkflowResource.java 84.61% 0 Missing and 2 partials ⚠️
Additional details and impacted files 
@@              Coverage Diff               @@
##             develop    #5905       +/-   ##
==============================================
+ Coverage      32.14%   74.55%   +42.41%     
- Complexity      2363     5365     +3002     
==============================================
  Files            375      374        -1     
  Lines          19418    19439       +21     
  Branches        2030     2028        -2     
==============================================
+ Hits            6242    14493     +8251     
+ Misses         12575     3973     -8602     
- Partials         601      973      +372
Flag Coverage Δ
bitbuckettests 27.01% <30.76%> (?)
hoverflytests 27.42% <15.38%> (?)
integrationtests 57.05% <76.92%> (?)
languageparsingtests 11.08% <0.00%> (?)
localstacktests 21.61% <15.38%> (?)
toolintegrationtests 30.35% <15.38%> (+13.00%) ⬆️
unit-tests_and_non-confidential-tests 25.99% <0.00%> (+0.33%) ⬆️
workflowintegrationtests 38.38% <53.84%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@svonworl svonworl merged commit 2446190 into develop Jun 7, 2024
15 of 16 checks passed
@svonworl svonworl deleted the feature/seab-6448/improve-refresh-endpoint branch June 7, 2024 16:49
@sonarqubecloud SonarQubeCloud
Copy link
sonarqubecloud bot commented Jun 7, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.2% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coverbeck coverbeck coverbeck approved these changes

@denis-yuen denis-yuen denis-yuen approved these changes

@kathy-t kathy-t kathy-t approved these changes

@david4096 david4096 Awaiting requested review from david4096

@hyunnaye hyunnaye Awaiting requested review from hyunnaye

Assignees

@svonworl svonworl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@svonworl @coverbeck @denis-yuen @kathy-t
0