synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-18 14:17:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Guard search queries against common mistakes (#6404)

Browse Source 
* feat: Error on excessive invalid search keys
* feat: Guard search queries against common mistakes
* Raise errors in FE on workspaces table
* All errors should be on newlines
This commit is contained in:
Steven Masley
2023-03-01 23:28:56 -06:00
committed by GitHub
parent 1724cbf872
commit 8cf292f50a
19 changed files with 805 additions and 635 deletions
Download Patch File Download Diff File Expand all files Collapse all files

344
coderd/searchquery/search_test.go Normal file
View File

@ -0,0 +1,344 @@
package searchquery_test
import (
"fmt"
"strings"
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/rbac"
"github.com/coder/coder/coderd/searchquery"
"github.com/coder/coder/codersdk"
)
func TestSearchWorkspace(t *testing.T) {
t.Parallel()
testCases := []struct {
Name string
Query string
Expected database.GetWorkspacesParams
ExpectedErrorContains string
}{
{
Name: "Empty",
Query: "",
Expected: database.GetWorkspacesParams{},
},
{
Name: "Owner/Name",
Query: "Foo/Bar",
Expected: database.GetWorkspacesParams{
OwnerUsername: "foo",
Name: "bar",
},
},
{
Name: "Owner/NameWithSpaces",
Query: " Foo/Bar ",
Expected: database.GetWorkspacesParams{
OwnerUsername: "foo",
Name: "bar",
},
},
{
Name: "Name",
Query: "workspace-name",
Expected: database.GetWorkspacesParams{
Name: "workspace-name",
},
},
{
Name: "Name+Param",
Query: "workspace-name TEMPLATE:docker",
Expected: database.GetWorkspacesParams{
Name: "workspace-name",
TemplateName: "docker",
},
},
{
Name: "OnlyParams",
Query: "name:workspace-name template:docker OWNER:Alice",
Expected: database.GetWorkspacesParams{
Name: "workspace-name",
TemplateName: "docker",
OwnerUsername: "alice",
},
},
{
Name: "QuotedParam",
Query: `name:workspace-name template:"docker template" owner:alice`,
Expected: database.GetWorkspacesParams{
Name: "workspace-name",
TemplateName: "docker template",
OwnerUsername: "alice",
},
},
{
Name: "QuotedKey",
Query: `"name":baz "template":foo "owner":bar`,
Expected: database.GetWorkspacesParams{
Name: "baz",
TemplateName: "foo",
OwnerUsername: "bar",
},
},
{
// Quotes keep elements together
Name: "QuotedSpecial",
Query: `name:"workspace:name"`,
Expected: database.GetWorkspacesParams{
Name: "workspace:name",
},
},
{
Name: "QuotedMadness",
Query: `"name":"foo:bar:baz/baz/zoo:zonk"`,
Expected: database.GetWorkspacesParams{
Name: "foo:bar:baz/baz/zoo:zonk",
},
},
{
Name: "QuotedName",
Query: `"foo/bar"`,
Expected: database.GetWorkspacesParams{
Name: "foo/bar",
},
},
{
Name: "QuotedOwner/Name",
Query: `"foo"/"bar"`,
Expected: database.GetWorkspacesParams{
Name: "bar",
OwnerUsername: "foo",
},
},
// Failures
{
Name: "NoPrefix",
Query: `:foo`,
ExpectedErrorContains: "cannot start or end",
},
{
Name: "Double",
Query: `name:foo name:bar`,
ExpectedErrorContains: "provided more than once",
},
{
Name: "ExtraSlashes",
Query: `foo/bar/baz`,
ExpectedErrorContains: "can only contain 1 '/'",
},
{
Name: "ExtraColon",
Query: `owner:name:extra`,
ExpectedErrorContains: "can only contain 1 ':'",
},
{
Name: "ExtraKeys",
Query: `foo:bar`,
ExpectedErrorContains: `Query param "foo" is not a valid query param`,
},
}
for _, c := range testCases {
c := c
t.Run(c.Name, func(t *testing.T) {
t.Parallel()
values, errs := searchquery.Workspaces(c.Query, codersdk.Pagination{}, 0)
if c.ExpectedErrorContains != "" {
require.True(t, len(errs) > 0, "expect some errors")
var s strings.Builder
for _, err := range errs {
_, _ = s.WriteString(fmt.Sprintf("%s: %s\n", err.Field, err.Detail))
}
require.Contains(t, s.String(), c.ExpectedErrorContains)
} else {
require.Len(t, errs, 0, "expected no error")
require.Equal(t, c.Expected, values, "expected values")
}
})
}
t.Run("AgentInactiveDisconnectTimeout", func(t *testing.T) {
t.Parallel()
query := ``
timeout := 1337 * time.Second
values, errs := searchquery.Workspaces(query, codersdk.Pagination{}, timeout)
require.Empty(t, errs)
require.Equal(t, int64(timeout.Seconds()), values.AgentInactiveDisconnectTimeoutSeconds)
})
}
func TestSearchAudit(t *testing.T) {
t.Parallel()
testCases := []struct {
Name string
Query string
Expected database.GetAuditLogsOffsetParams
ExpectedErrorContains string
}{
{
Name: "Empty",
Query: "",
Expected: database.GetAuditLogsOffsetParams{},
},
// Failures
{
Name: "ExtraColon",
Query: `search:name:extra`,
ExpectedErrorContains: "can only contain 1 ':'",
},
{
Name: "ExtraKeys",
Query: `foo:bar`,
ExpectedErrorContains: `Query param "foo" is not a valid query param`,
},
{
Name: "Dates",
Query: "date_from:2006",
ExpectedErrorContains: "valid date format",
},
}
for _, c := range testCases {
c := c
t.Run(c.Name, func(t *testing.T) {
t.Parallel()
values, errs := searchquery.AuditLogs(c.Query)
if c.ExpectedErrorContains != "" {
require.True(t, len(errs) > 0, "expect some errors")
var s strings.Builder
for _, err := range errs {
_, _ = s.WriteString(fmt.Sprintf("%s: %s\n", err.Field, err.Detail))
}
require.Contains(t, s.String(), c.ExpectedErrorContains)
} else {
require.Len(t, errs, 0, "expected no error")
require.Equal(t, c.Expected, values, "expected values")
}
})
}
}
func TestSearchUsers(t *testing.T) {
t.Parallel()
testCases := []struct {
Name string
Query string
Expected database.GetUsersParams
ExpectedErrorContains string
}{
{
Name: "Empty",
Query: "",
Expected: database.GetUsersParams{
Status: []database.UserStatus{},
RbacRole: []string{},
},
},
{
Name: "Username",
Query: "user-name",
Expected: database.GetUsersParams{
Search: "user-name",
Status: []database.UserStatus{},
RbacRole: []string{},
},
},
{
Name: "UsernameWithSpaces",
Query: " user-name ",
Expected: database.GetUsersParams{
Search: "user-name",
Status: []database.UserStatus{},
RbacRole: []string{},
},
},
{
Name: "Username+Param",
Query: "usEr-name stAtus:actiVe",
Expected: database.GetUsersParams{
Search: "user-name",
Status: []database.UserStatus{database.UserStatusActive},
RbacRole: []string{},
},
},
{
Name: "OnlyParams",
Query: "status:acTIve sEArch:User-Name role:Owner",
Expected: database.GetUsersParams{
Search: "user-name",
Status: []database.UserStatus{database.UserStatusActive},
RbacRole: []string{rbac.RoleOwner()},
},
},
{
Name: "QuotedParam",
Query: `status:SuSpenDeD sEArch:"User Name" role:meMber`,
Expected: database.GetUsersParams{
Search: "user name",
Status: []database.UserStatus{database.UserStatusSuspended},
RbacRole: []string{rbac.RoleMember()},
},
},
{
Name: "QuotedKey",
Query: `"status":acTIve "sEArch":User-Name "role":Owner`,
Expected: database.GetUsersParams{
Search: "user-name",
Status: []database.UserStatus{database.UserStatusActive},
RbacRole: []string{rbac.RoleOwner()},
},
},
{
// Quotes keep elements together
Name: "QuotedSpecial",
Query: `search:"user:name"`,
Expected: database.GetUsersParams{
Search: "user:name",
Status: []database.UserStatus{},
RbacRole: []string{},
},
},
// Failures
{
Name: "ExtraColon",
Query: `search:name:extra`,
ExpectedErrorContains: "can only contain 1 ':'",
},
{
Name: "InvalidStatus",
Query: "status:inActive",
ExpectedErrorContains: "has invalid values",
},
{
Name: "ExtraKeys",
Query: `foo:bar`,
ExpectedErrorContains: `Query param "foo" is not a valid query param`,
},
}
for _, c := range testCases {
c := c
t.Run(c.Name, func(t *testing.T) {
t.Parallel()
values, errs := searchquery.Users(c.Query)
if c.ExpectedErrorContains != "" {
require.True(t, len(errs) > 0, "expect some errors")
var s strings.Builder
for _, err := range errs {
_, _ = s.WriteString(fmt.Sprintf("%s: %s\n", err.Field, err.Detail))
}
require.Contains(t, s.String(), c.ExpectedErrorContains)
} else {
require.Len(t, errs, 0, "expected no error")
require.Equal(t, c.Expected, values, "expected values")
}
})
}
}