search

microsoft / onefuzz

A self-hosted Fuzzing-As-A-Service platform
MIT License
2.82k stars 199 forks source link

Add middleware for optional strict CLI version checking #3564

Closed kananb closed 9 months ago

kananb commented 9 months ago

Summary of the Pull Request

Adds middleware to the ApiService that checks for two headers: cli-version and strict-version If both headers are present and the strict-version is set to true, then the middleware will compare the supplied version with the service version and immediately send back a 400 response to requests with out of date versions.

On the CLI end, this feature is opted into by setting the ONEFUZZ_STRICT_VERSIONING environment variable to true (case insensitive).

PR Checklist

Info on Pull Request

What does this include?

Validation Steps Performed

Added unit tests for the following cases:

(Both valid and invalid values are tested for each case, where applicable)

codecov-commenter commented 9 months ago

Codecov Report

Merging #3564 (d3fdb30) into main (8c315af) will decrease coverage by 0.03%. The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #3564      +/-   ##
==========================================
- Coverage   39.03%   39.01%   -0.03%     
==========================================
  Files         302      302              
  Lines       36924    36954      +30     
==========================================
+ Hits        14415    14417       +2     
- Misses      22509    22537      +28
Files Coverage Δ
src/ApiService/ApiService/OneFuzzTypes/Enums.cs 32.39% <ø> (ø)
src/ApiService/ApiService/onefuzzlib/Versions.cs 0.00% <0.00%> (ø)
src/ApiService/ApiService/Program.cs 9.83% <0.00%> (-1.93%) :arrow_down:

... and 1 file with indirect coverage changes

kananb commented 9 months ago

Semver parsing of dev deploys is blocking this PR

Changed version parsing to use the Semver library and included versions with metadata and prerelease components to the unit tests.