harness-drone/parser/inject/inject.go

package inject

import (
	"sort"
	"strings"

	"github.com/drone/drone/common"
	"gopkg.in/yaml.v2"
)

// Inject injects a map of parameters into a raw string and returns
// the resulting string.
//
// Parameters are represented in the string using $$ notation, similar
// to how environment variables are defined in Makefiles.
func Inject(raw string, params map[string]string) string {
	if params == nil {
		return raw
	}
	keys := []string{}
	for k := range params {
		keys = append(keys, k)
	}
	sort.Sort(sort.Reverse(sort.StringSlice(keys)))
	injected := raw
	for _, k := range keys {
		v := params[k]
		injected = strings.Replace(injected, "$$"+k, v, -1)
	}
	return injected
}

// InjectSafe attempts to safely inject parameters without leaking
// parameters in the Build or Compose section of the yaml file.
//
// The intended use case for this function are public pull requests.
// We want to avoid a malicious pull request that allows someone
// to inject and print private variables.
func InjectSafe(raw string, params map[string]string) string {
	before, _ := parse(raw)
	after, _ := parse(Inject(raw, params))
	before.Notify = after.Notify
	before.Publish = after.Publish
	before.Deploy = after.Deploy
	result, _ := yaml.Marshal(before)
	return string(result)
}

// helper funtion to parse a yaml configuration file.
func parse(raw string) (*common.Config, error) {
	cfg := common.Config{}
	err := yaml.Unmarshal([]byte(raw), &cfg)
	return &cfg, err
}
add yaml parser, build execution code. not yet hooked up 2015-04-16 07:10:17 +00:00			`package inject`

			`import (`
			`"sort"`
			`"strings"`

			`"github.com/drone/drone/common"`
			`"gopkg.in/yaml.v2"`
			`)`

			`// Inject injects a map of parameters into a raw string and returns`
			`// the resulting string.`
			`//`
			`// Parameters are represented in the string using $$ notation, similar`
			`// to how environment variables are defined in Makefiles.`
			`func Inject(raw string, params map[string]string) string {`
			`if params == nil {`
			`return raw`
			`}`
			`keys := []string{}`
			`for k := range params {`
			`keys = append(keys, k)`
			`}`
			`sort.Sort(sort.Reverse(sort.StringSlice(keys)))`
			`injected := raw`
			`for _, k := range keys {`
			`v := params[k]`
			`injected = strings.Replace(injected, "$$"+k, v, -1)`
			`}`
			`return injected`
			`}`

			`// InjectSafe attempts to safely inject parameters without leaking`
			`// parameters in the Build or Compose section of the yaml file.`
			`//`
			`// The intended use case for this function are public pull requests.`
			`// We want to avoid a malicious pull request that allows someone`
			`// to inject and print private variables.`
			`func InjectSafe(raw string, params map[string]string) string {`
			`before, _ := parse(raw)`
			`after, _ := parse(Inject(raw, params))`
			`before.Notify = after.Notify`
			`before.Publish = after.Publish`
			`before.Deploy = after.Deploy`
			`result, _ := yaml.Marshal(before)`
			`return string(result)`
			`}`

			`// helper funtion to parse a yaml configuration file.`
			`func parse(raw string) (*common.Config, error) {`
			`cfg := common.Config{}`
			`err := yaml.Unmarshal([]byte(raw), &cfg)`
			`return &cfg, err`
			`}`