Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Foundry client and server #61

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open

Add Foundry client and server #61

wants to merge 25 commits into from
+1,911 −24

Conversation

wesselb
Copy link
Contributor

@wesselb wesselb commented Jan 8, 2025

Add code and documentation for a Foundry client and server.

@wesselb wesselb self-assigned this Jan 8, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2025
View reviewed changes
tests/foundry/conftest.py Fixed Show fixed Hide fixed
tests/foundry/conftest.py Fixed Show fixed Hide fixed
tests/foundry/docker_server_hook.py

def _matcher(request: requests.Request) -> requests.Response | None:
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string
blob.core.windows.net/
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix AI about 8 hours ago

To fix the problem, we need to parse the URL and check the hostname properly instead of using a substring check. This can be done using the urlparse function from the urllib.parse module. We will extract the hostname from the URL and ensure it matches the expected host "blob.core.windows.net".

  • Parse the URL using urlparse.
  • Extract the hostname from the parsed URL.
  • Check if the hostname matches "blob.core.windows.net".
  • Update the code in the _matcher function to implement these changes.
Suggested changeset 1
tests/foundry/docker_server_hook.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tests/foundry/docker_server_hook.py b/tests/foundry/docker_server_hook.py
--- a/tests/foundry/docker_server_hook.py
+++ b/tests/foundry/docker_server_hook.py
@@ -18,7 +18,9 @@
     """Mock requests that check for the existence of blobs."""
-    if "blob.core.windows.net/" in request.url:
+    from urllib.parse import urlparse
+    parsed_url = urlparse(request.url)
+    if parsed_url.hostname == "blob.core.windows.net":
         # Split off the SAS token.
-        path, _ = request.url.split("?", 1)
+        path, _ = parsed_url.path.split("?", 1)
         # Split off the storage account URL.
-        _, path = path.split("blob.core.windows.net/", 1)
+        path = path.lstrip('/')
 
EOF
@@ -18,7 +18,9 @@
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:
from urllib.parse import urlparse
parsed_url = urlparse(request.url)
if parsed_url.hostname == "blob.core.windows.net":
# Split off the SAS token.
path, _ = request.url.split("?", 1)
path, _ = parsed_url.path.split("?", 1)
# Split off the storage account URL.
_, path = path.split("blob.core.windows.net/", 1)
path = path.lstrip('/')

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
tests/foundry/runner.py

def _matcher(request: requests.Request) -> requests.Response | None:
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string
blob.core.windows.net/
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix AI about 8 hours ago

To fix the problem, we need to parse the URL and check its hostname to ensure it matches the expected domain. This can be done using the urlparse function from the urllib.parse module. Specifically, we should extract the hostname from the URL and verify that it ends with "blob.core.windows.net".

  • Parse the URL using urlparse.
  • Extract the hostname from the parsed URL.
  • Check if the hostname ends with "blob.core.windows.net".
  • Update the _matcher function to implement these changes.
Suggested changeset 1
tests/foundry/runner.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tests/foundry/runner.py b/tests/foundry/runner.py
--- a/tests/foundry/runner.py
+++ b/tests/foundry/runner.py
@@ -57,3 +57,5 @@
         """Mock requests that check for the existence of blobs."""
-        if "blob.core.windows.net/" in request.url:
+        from urllib.parse import urlparse
+        parsed_url = urlparse(request.url)
+        if parsed_url.hostname and parsed_url.hostname.endswith("blob.core.windows.net"):
             # Split off the SAS token.
EOF
@@ -57,3 +57,5 @@
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:
from urllib.parse import urlparse
parsed_url = urlparse(request.url)
if parsed_url.hostname and parsed_url.hostname.endswith("blob.core.windows.net"):
# Split off the SAS token.
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2025
View reviewed changes
tests/foundry/conftest.py

def _matcher(request: requests.Request) -> requests.Response | None:
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string
blob.core.windows.net/
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix AI about 5 hours ago

To fix the problem, we need to parse the URL and check the hostname instead of performing a substring check on the raw URL string. This ensures that the check is accurate and not prone to bypasses.

  • Use the urlparse function from the urllib.parse module to parse the URL.
  • Extract the hostname from the parsed URL and check if it matches the expected hostname "blob.core.windows.net".
  • Update the _matcher function to perform this check.
Suggested changeset 1
tests/foundry/conftest.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tests/foundry/conftest.py b/tests/foundry/conftest.py
--- a/tests/foundry/conftest.py
+++ b/tests/foundry/conftest.py
@@ -9,2 +9,3 @@
 from typing import Generator
+from urllib.parse import urlparse
 
@@ -102,7 +103,6 @@
                 """Mock requests that check for the existence of blobs."""
-                if "blob.core.windows.net/" in request.url:
+                parsed_url = urlparse(request.url)
+                if parsed_url.hostname == "blob.core.windows.net":
                     # Split off the SAS token.
-                    path, _ = request.url.split("?", 1)
-                    # Split off the storage account URL.
-                    _, path = path.split("blob.core.windows.net/", 1)
+                    path = parsed_url.path.lstrip('/')
 
EOF
@@ -9,2 +9,3 @@
from typing import Generator
from urllib.parse import urlparse

@@ -102,7 +103,6 @@
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:
parsed_url = urlparse(request.url)
if parsed_url.hostname == "blob.core.windows.net":
# Split off the SAS token.
path, _ = request.url.split("?", 1)
# Split off the storage account URL.
_, path = path.split("blob.core.windows.net/", 1)
path = parsed_url.path.lstrip('/')

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
tests/foundry/conftest.py

def _matcher(request: requests.Request) -> requests.Response | None:
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string
blob.core.windows.net/
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix AI about 5 hours ago

To fix the problem, we should parse the URL and check the hostname instead of using a substring check. This ensures that the check is performed on the correct part of the URL and prevents bypassing the security check by embedding the allowed host in an unexpected location.

The best way to fix the problem is to use the urlparse function from the urllib.parse module to extract the hostname from the URL and then check if it matches the expected hostname. This approach is more robust and aligns with the recommended practices.

Suggested changeset 1
tests/foundry/conftest.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tests/foundry/conftest.py b/tests/foundry/conftest.py
--- a/tests/foundry/conftest.py
+++ b/tests/foundry/conftest.py
@@ -102,7 +102,7 @@
                 """Mock requests that check for the existence of blobs."""
-                if "blob.core.windows.net/" in request.url:
+                from urllib.parse import urlparse
+                parsed_url = urlparse(request.url)
+                if parsed_url.hostname == "blob.core.windows.net":
                     # Split off the SAS token.
-                    path, _ = request.url.split("?", 1)
-                    # Split off the storage account URL.
-                    _, path = path.split("blob.core.windows.net/", 1)
+                    path, _ = parsed_url.path.split("?", 1)
 
EOF
@@ -102,7 +102,7 @@
"""Mock requests that check for the existence of blobs."""
if "blob.core.windows.net/" in request.url:
from urllib.parse import urlparse
parsed_url = urlparse(request.url)
if parsed_url.hostname == "blob.core.windows.net":
# Split off the SAS token.
path, _ = request.url.split("?", 1)
# Split off the storage account URL.
_, path = path.split("blob.core.windows.net/", 1)
path, _ = parsed_url.path.split("?", 1)

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wesselb wesselb

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wesselb @temporaer