woodpecker/parser/inject/inject.go

54 lines
1.4 KiB
Go

package inject
import (
"sort"
"strings"
"github.com/drone/drone/common"
"gopkg.in/yaml.v2"
)
// Inject injects a map of parameters into a raw string and returns
// the resulting string.
//
// Parameters are represented in the string using $$ notation, similar
// to how environment variables are defined in Makefiles.
func Inject(raw string, params map[string]string) string {
if params == nil {
return raw
}
keys := []string{}
for k := range params {
keys = append(keys, k)
}
sort.Sort(sort.Reverse(sort.StringSlice(keys)))
injected := raw
for _, k := range keys {
v := params[k]
injected = strings.Replace(injected, "$$"+k, v, -1)
}
return injected
}
// InjectSafe attempts to safely inject parameters without leaking
// parameters in the Build or Compose section of the yaml file.
//
// The intended use case for this function are public pull requests.
// We want to avoid a malicious pull request that allows someone
// to inject and print private variables.
func InjectSafe(raw string, params map[string]string) string {
before, _ := parse(raw)
after, _ := parse(Inject(raw, params))
before.Notify = after.Notify
before.Publish = after.Publish
before.Deploy = after.Deploy
result, _ := yaml.Marshal(before)
return string(result)
}
// helper funtion to parse a yaml configuration file.
func parse(raw string) (*common.Config, error) {
cfg := common.Config{}
err := yaml.Unmarshal([]byte(raw), &cfg)
return &cfg, err
}