misc: Sql query fixes (#6097)

ayu-devtron · prakash100198 · web-flow · commit 5dfc3884eae8 · 2024-11-14T19:19:03.000+05:30
* sql injection fix

* more query fixes and error handling

* handle deleted / non-existent environment

---------

Co-authored-by: Prakash Kumar &lt;prakash.kumar@devtron.ai&gt;
diff --git a/internal/sql/repository/AppListingRepository.go b/internal/sql/repository/AppListingRepository.go
@@ -124,7 +124,11 @@ func (impl AppListingRepositoryImpl) FetchJobs(appIds []int, statuses []string,
 		impl.Logger.Error(appsErr)
 		return jobContainers, appsErr
 	}
-	jobContainers = impl.extractEnvironmentNameFromId(jobContainers)
+	jobContainers, err := impl.extractEnvironmentNameFromId(jobContainers)
+	if err != nil {
+		impl.Logger.Errorw("Error in extractEnvironmentNameFromId", "jobContainers", jobContainers, "err", err)
+		return nil, err
+	}
 	return jobContainers, nil
 }
 
@@ -137,7 +141,11 @@ func (impl AppListingRepositoryImpl) FetchOverviewCiPipelines(jobId int) ([]*bea
 		impl.Logger.Error(appsErr)
 		return jobContainers, appsErr
 	}
-	jobContainers = impl.extractEnvironmentNameFromId(jobContainers)
+	jobContainers, err := impl.extractEnvironmentNameFromId(jobContainers)
+	if err != nil {
+		impl.Logger.Errorw("Error in extractEnvironmentNameFromId", "jobContainers", jobContainers, "err", err)
+		return nil, err
+	}
 	return jobContainers, nil
 }
 
@@ -732,7 +740,7 @@ func (impl AppListingRepositoryImpl) FindAppCount(isProd bool) (int, error) {
 	return count, nil
 }
 
-func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers []*bean.JobListingContainer) []*bean.JobListingContainer {
+func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers []*bean.JobListingContainer) ([]*bean.JobListingContainer, error) {
 	var envIds []*int
 	for _, job := range jobContainers {
 		if job.EnvironmentId != 0 {
@@ -742,7 +750,11 @@ func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers
 			envIds = append(envIds, &job.LastTriggeredEnvironmentId)
 		}
 	}
-	envs, _ := impl.environmentRepository.FindByIds(envIds)
+	envs, err := impl.environmentRepository.FindByIds(envIds)
+	if err != nil {
+		impl.Logger.Errorw("Error in getting environment", "envIds", envIds, "err", err)
+		return nil, err
+	}
 
 	envIdNameMap := make(map[int]string)
 
@@ -759,5 +771,5 @@ func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers
 		}
 	}
 
-	return jobContainers
+	return jobContainers, nil
 }
diff --git a/pkg/appStore/installedApp/repository/InstalledAppVersionHistory.go b/pkg/appStore/installedApp/repository/InstalledAppVersionHistory.go
@@ -216,7 +216,6 @@ func (impl *InstalledAppVersionHistoryRepositoryImpl) UpdateDeploymentHistoryMes
 	_, err := impl.dbConnection.Model((*InstalledAppVersionHistory)(nil)).
 		Set("message = ?", message).
 		Where("id = ?", installedAppVersionHistoryId).
-		Where("active = ?", true).
 		Update()
 	return err
 }
diff --git a/pkg/cluster/EnvironmentService.go b/pkg/cluster/EnvironmentService.go
@@ -472,6 +472,7 @@ func (impl EnvironmentServiceImpl) FindByIds(ids []*int) ([]*bean2.EnvironmentBe
 	models, err := impl.environmentRepository.FindByIds(ids)
 	if err != nil {
 		impl.logger.Errorw("error in fetching environment", "err", err)
+		return nil, err
 	}
 	var beans []*bean2.EnvironmentBean
 	for _, model := range models {
diff --git a/pkg/cluster/repository/EnvironmentRepository.go b/pkg/cluster/repository/EnvironmentRepository.go
@@ -325,6 +325,9 @@ func (repositoryImpl EnvironmentRepositoryImpl) FindByClusterId(clusterId int) (
 
 func (repositoryImpl EnvironmentRepositoryImpl) FindByIds(ids []*int) ([]*Environment, error) {
 	var apps []*Environment
+	if len(ids) == 0 {
+		return []*Environment{}, nil
+	}
 	err := repositoryImpl.dbConnection.Model(&apps).Where("active = ?", true).Where("id in (?)", pg.In(ids)).Select()
 	return apps, err
 }
diff --git a/pkg/externalLink/ExternalLinkIdentifierMappingRepository.go b/pkg/externalLink/ExternalLinkIdentifierMappingRepository.go
@@ -108,7 +108,7 @@ func (impl ExternalLinkIdentifierMappingRepositoryImpl) FindAllActiveByLinkIdent
 				 elim.id as mapping_id,elim.active,elim.type,elim.identifier,elim.env_id,elim.app_id,elim.cluster_id 
 				 FROM external_link el 
 				 LEFT JOIN external_link_identifier_mapping elim ON el.id = elim.external_link_id 
-				 WHERE el.active = true and elim.active = true and ( (elim.type = %d and elim.identifier = '%s' and elim.cluster_id = 0) or (elim.type = 0 and elim.app_id = 0 and elim.cluster_id = %d)  
+				 WHERE el.active = true and elim.active = true and ( (elim.type = ? and elim.identifier = ? and elim.cluster_id = 0) or (elim.type = 0 and elim.app_id = 0 and elim.cluster_id = ?)  
 				 or (elim.type = -1) );`
 		queryParams = append(queryParams, TypeMappings[linkIdentifier.Type], linkIdentifier.Identifier, clusterId)
 	}
diff --git a/pkg/pipeline/DeploymentPipelineConfigService.go b/pkg/pipeline/DeploymentPipelineConfigService.go
@@ -237,6 +237,10 @@ func (impl *CdPipelineConfigServiceImpl) GetCdPipelineById(pipelineId int) (cdPi
 		impl.logger.Errorw("error in fetching pipeline", "err", err)
 		return cdPipeline, err
 	}
+	if environment == nil || environment.Id == 0 {
+		impl.logger.Errorw("environment doesn't exists", "environmentId", dbPipeline.EnvironmentId)
+		return cdPipeline, err
+	}
 	strategies, err := impl.pipelineConfigRepository.GetAllStrategyByPipelineId(dbPipeline.Id)
 	if err != nil && errors.IsNotFound(err) {
 		impl.logger.Errorw("error in fetching strategies", "err", err)
diff --git a/pkg/security/policyService.go b/pkg/security/policyService.go
@@ -621,6 +621,10 @@ func (impl *PolicyServiceImpl) GetPolicies(policyLevel securityBean.PolicyLevel,
 			envId = append(envId, &pipeline.EnvironmentId)
 		}
 		envs, err := impl.environmentService.FindByIds(envId)
+		if err != nil {
+			impl.logger.Errorw("Error in fetching env", "envId", envId, "err", err)
+			return nil, err
+		}
 		for _, env := range envs {
 			cvePolicy, severityPolicy, err := impl.getPolicies(policyLevel, env.ClusterId, env.Id, appId)
 			if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,11 @@ func (impl AppListingRepositoryImpl) FetchJobs(appIds []int, statuses []string,`
`124`	`124`	`impl.Logger.Error(appsErr)`
`125`	`125`	`return jobContainers, appsErr`
`126`	`126`	`}`
`127`		`- jobContainers = impl.extractEnvironmentNameFromId(jobContainers)`
	`127`	`+ jobContainers, err := impl.extractEnvironmentNameFromId(jobContainers)`
	`128`	`+ if err != nil {`
	`129`	`+ impl.Logger.Errorw("Error in extractEnvironmentNameFromId", "jobContainers", jobContainers, "err", err)`
	`130`	`+ return nil, err`
	`131`	`+ }`
`128`	`132`	`return jobContainers, nil`
`129`	`133`	`}`
`130`	`134`
`@@ -137,7 +141,11 @@ func (impl AppListingRepositoryImpl) FetchOverviewCiPipelines(jobId int) ([]*bea`
`137`	`141`	`impl.Logger.Error(appsErr)`
`138`	`142`	`return jobContainers, appsErr`
`139`	`143`	`}`
`140`		`- jobContainers = impl.extractEnvironmentNameFromId(jobContainers)`
	`144`	`+ jobContainers, err := impl.extractEnvironmentNameFromId(jobContainers)`
	`145`	`+ if err != nil {`
	`146`	`+ impl.Logger.Errorw("Error in extractEnvironmentNameFromId", "jobContainers", jobContainers, "err", err)`
	`147`	`+ return nil, err`
	`148`	`+ }`
`141`	`149`	`return jobContainers, nil`
`142`	`150`	`}`
`143`	`151`
`@@ -732,7 +740,7 @@ func (impl AppListingRepositoryImpl) FindAppCount(isProd bool) (int, error) {`
`732`	`740`	`return count, nil`
`733`	`741`	`}`
`734`	`742`
`735`		`-func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers []bean.JobListingContainer) []bean.JobListingContainer {`
	`743`	`+func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers []bean.JobListingContainer) ([]bean.JobListingContainer, error) {`
`736`	`744`	`var envIds []*int`
`737`	`745`	`for _, job := range jobContainers {`
`738`	`746`	`if job.EnvironmentId != 0 {`
`@@ -742,7 +750,11 @@ func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers`
`742`	`750`	`envIds = append(envIds, &job.LastTriggeredEnvironmentId)`
`743`	`751`	`}`
`744`	`752`	`}`
`745`		`- envs, _ := impl.environmentRepository.FindByIds(envIds)`
	`753`	`+ envs, err := impl.environmentRepository.FindByIds(envIds)`
	`754`	`+ if err != nil {`
	`755`	`+ impl.Logger.Errorw("Error in getting environment", "envIds", envIds, "err", err)`
	`756`	`+ return nil, err`
	`757`	`+ }`
`746`	`758`
`747`	`759`	`envIdNameMap := make(map[int]string)`
`748`	`760`
`@@ -759,5 +771,5 @@ func (impl AppListingRepositoryImpl) extractEnvironmentNameFromId(jobContainers`
`759`	`771`	`}`
`760`	`772`	`}`
`761`	`773`
`762`		`- return jobContainers`
	`774`	`+ return jobContainers, nil`
`763`	`775`	`}`
Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,6 @@ func (impl *InstalledAppVersionHistoryRepositoryImpl) UpdateDeploymentHistoryMes`
`216`	`216`	`_, err := impl.dbConnection.Model((*InstalledAppVersionHistory)(nil)).`
`217`	`217`	`Set("message = ?", message).`
`218`	`218`	`Where("id = ?", installedAppVersionHistoryId).`
`219`		`- Where("active = ?", true).`
`220`	`219`	`Update()`
`221`	`220`	`return err`
`222`	`221`	`}`
Original file line number	Diff line number	Diff line change
`@@ -472,6 +472,7 @@ func (impl EnvironmentServiceImpl) FindByIds(ids []int) ([]bean2.EnvironmentBe`
`472`	`472`	`models, err := impl.environmentRepository.FindByIds(ids)`
`473`	`473`	`if err != nil {`
`474`	`474`	`impl.logger.Errorw("error in fetching environment", "err", err)`
	`475`	`+ return nil, err`
`475`	`476`	`}`
`476`	`477`	`var beans []*bean2.EnvironmentBean`
`477`	`478`	`for _, model := range models {`
Original file line number	Diff line number	Diff line change
`@@ -325,6 +325,9 @@ func (repositoryImpl EnvironmentRepositoryImpl) FindByClusterId(clusterId int) (`
`325`	`325`
`326`	`326`	`func (repositoryImpl EnvironmentRepositoryImpl) FindByIds(ids []int) ([]Environment, error) {`
`327`	`327`	`var apps []*Environment`
	`328`	`+ if len(ids) == 0 {`
	`329`	`+ return []*Environment{}, nil`
	`330`	`+ }`
`328`	`331`	`err := repositoryImpl.dbConnection.Model(&apps).Where("active = ?", true).Where("id in (?)", pg.In(ids)).Select()`
`329`	`332`	`return apps, err`
`330`	`333`	`}`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ func (impl ExternalLinkIdentifierMappingRepositoryImpl) FindAllActiveByLinkIdent`
`108`	`108`	`elim.id as mapping_id,elim.active,elim.type,elim.identifier,elim.env_id,elim.app_id,elim.cluster_id`
`109`	`109`	`FROM external_link el`
`110`	`110`	`LEFT JOIN external_link_identifier_mapping elim ON el.id = elim.external_link_id`
`111`		`- WHERE el.active = true and elim.active = true and ( (elim.type = %d and elim.identifier = '%s' and elim.cluster_id = 0) or (elim.type = 0 and elim.app_id = 0 and elim.cluster_id = %d)`
	`111`	`+ WHERE el.active = true and elim.active = true and ( (elim.type = ? and elim.identifier = ? and elim.cluster_id = 0) or (elim.type = 0 and elim.app_id = 0 and elim.cluster_id = ?)`
`112`	`112`	or (elim.type = -1) );`
`113`	`113`	`queryParams = append(queryParams, TypeMappings[linkIdentifier.Type], linkIdentifier.Identifier, clusterId)`
`114`	`114`	`}`