initial commit [ci skip]

2019-10-10 19:01:58 -07:00
parent 56c135e4ae
commit 43bbf6e78c
95 changed files with 6579 additions and 1 deletions
--- a/internal/match/match.go
+++ b/internal/match/match.go
@@ -0,0 +1,51 @@
+// Copyright 2019 Drone.IO Inc. All rights reserved.
+// Use of this source code is governed by the Polyform License
+// that can be found in the LICENSE file.
+
+package match
+
+import (
+	"path/filepath"
+
+	"github.com/drone/drone-go/drone"
+)
+
+// NOTE most runners do not require match capabilities. This is
+// provided as a defense in depth mechanism given the sensitive
+// nature of this runner executing code directly on the host.
+// The matching function is a last line of defence to prevent
+// unauthorized code from running on the host machine.
+
+// Func returns a new match function that returns true if the
+// repository and build do not match the allowd repository names
+// and build events.
+func Func(repos, events []string, trusted bool) func(*drone.Repo, *drone.Build) bool {
+	return func(repo *drone.Repo, build *drone.Build) bool {
+		// if trusted mode is enabled, only match repositories
+		// that are trusted.
+		if trusted && repo.Trusted == false {
+			return false
+		}
+		if match(repo.Slug, repos) == false {
+			return false
+		}
+		if match(build.Event, events) == false {
+			return false
+		}
+		return true
+	}
+}
+
+func match(s string, patterns []string) bool {
+	// if no matching patterns are defined the string
+	// is always considered a match.
+	if len(patterns) == 0 {
+		return true
+	}
+	for _, pattern := range patterns {
+		if match, _ := filepath.Match(pattern, s); match {
+			return true
+		}
+	}
+	return false
+}
--- a/internal/match/match_test.go
+++ b/internal/match/match_test.go
@@ -0,0 +1,125 @@
+// Copyright 2019 Drone.IO Inc. All rights reserved.
+// Use of this source code is governed by the Polyform License
+// that can be found in the LICENSE file.
+
+package match
+
+import (
+	"testing"
+
+	"github.com/drone/drone-go/drone"
+)
+
+func TestFunc(t *testing.T) {
+	tests := []struct {
+		repo    string
+		event   string
+		trusted bool
+		match   bool
+		matcher func(*drone.Repo, *drone.Build) bool
+	}{
+		//
+		// Expect match true
+		//
+
+		// repository, event and trusted flag matching
+		{
+			repo:    "octocat/hello-world",
+			event:   "push",
+			trusted: true,
+			match:   true,
+			matcher: Func([]string{"spaceghost/*", "octocat/*"}, []string{"push"}, true),
+		},
+		// repoisitory matching
+		{
+			repo:    "octocat/hello-world",
+			event:   "pull_request",
+			trusted: false,
+			match:   true,
+			matcher: Func([]string{"spaceghost/*", "octocat/*"}, []string{}, false),
+		},
+		// event matching
+		{
+			repo:    "octocat/hello-world",
+			event:   "pull_request",
+			trusted: false,
+			match:   true,
+			matcher: Func([]string{}, []string{"pull_request"}, false),
+		},
+		// trusted flag matching
+		{
+			repo:    "octocat/hello-world",
+			event:   "pull_request",
+			trusted: true,
+			match:   true,
+			matcher: Func([]string{}, []string{}, true),
+		},
+
+		//
+		// Expect match false
+		//
+
+		// repository matching
+		{
+			repo:    "spaceghost/hello-world",
+			event:   "pull_request",
+			trusted: false,
+			match:   false,
+			matcher: Func([]string{"octocat/*"}, []string{}, false),
+		},
+		// event matching
+		{
+			repo:    "octocat/hello-world",
+			event:   "pull_request",
+			trusted: false,
+			match:   false,
+			matcher: Func([]string{}, []string{"push"}, false),
+		},
+		// trusted flag matching
+		{
+			repo:    "octocat/hello-world",
+			event:   "pull_request",
+			trusted: false,
+			match:   false,
+			matcher: Func([]string{}, []string{}, true),
+		},
+		// does not match repository
+		{
+			repo:    "foo/hello-world",
+			event:   "push",
+			trusted: true,
+			match:   false,
+			matcher: Func([]string{"spaceghost/*", "octocat/*"}, []string{"push"}, true),
+		},
+		// does not match event
+		{
+			repo:    "octocat/hello-world",
+			event:   "pull_request",
+			trusted: true,
+			match:   false,
+			matcher: Func([]string{"spaceghost/*", "octocat/*"}, []string{"push"}, true),
+		},
+		// does not match trusted flag
+		{
+			repo:    "octocat/hello-world",
+			event:   "push",
+			trusted: false,
+			match:   false,
+			matcher: Func([]string{"spaceghost/*", "octocat/*"}, []string{"push"}, true),
+		},
+	}
+
+	for i, test := range tests {
+		repo := &drone.Repo{
+			Slug:    test.repo,
+			Trusted: test.trusted,
+		}
+		build := &drone.Build{
+			Event: test.event,
+		}
+		match := test.matcher(repo, build)
+		if match != test.match {
+			t.Errorf("Expect match %v at index %d", test.match, i)
+		}
+	}
+}