From f126b3accb8412eb568ec0c4cbd52a0816b0409b Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 1 May 2025 03:17:41 +0530 Subject: [PATCH] fix: rest handler missing return statements --- api/appStore/deployment/AppStoreDeploymentRestHandler.go | 4 ++++ api/appStore/deployment/CommonDeploymentRestHandler.go | 1 + api/auth/user/UserAuthHandler.go | 1 + api/helm-app/HelmAppRestHandler.go | 2 ++ api/k8s/application/k8sApplicationRestHandler.go | 1 + api/restHandler/BatchOperationRestHandler.go | 1 + api/restHandler/BulkUpdateRestHandler.go | 7 +++++++ api/restHandler/GitOpsConfigRestHandler.go | 1 + api/restHandler/ImageScanRestHandler.go | 7 +++++++ api/restHandler/PolicyRestHandler.go | 1 + api/restHandler/ReleaseMetricsRestHandler.go | 1 + api/restHandler/WebhookEventHandler.go | 1 + api/restHandler/app/appList/AppListingRestHandler.go | 2 ++ .../app/pipeline/configure/BuildPipelineRestHandler.go | 2 ++ 14 files changed, 32 insertions(+) diff --git a/api/appStore/deployment/AppStoreDeploymentRestHandler.go b/api/appStore/deployment/AppStoreDeploymentRestHandler.go index 08bb4f43a5..9aa316460c 100644 --- a/api/appStore/deployment/AppStoreDeploymentRestHandler.go +++ b/api/appStore/deployment/AppStoreDeploymentRestHandler.go @@ -539,6 +539,7 @@ func (handler AppStoreDeploymentRestHandlerImpl) UpdateProjectHelmApp(w http.Res if err != nil { handler.Logger.Errorw("error in decoding app id", "err", err) common.WriteJsonResp(w, err, "error in decoding app id", http.StatusBadRequest) + return } // this rbac object checks that whether user have permission to change current project. rbacObjectForCurrentProject, rbacObjectForCurrentProject2 := handler.enforcerUtilHelm.GetHelmObjectByClusterIdNamespaceAndAppName(appIdentifier.ClusterId, appIdentifier.Namespace, appIdentifier.ReleaseName) @@ -555,6 +556,7 @@ func (handler AppStoreDeploymentRestHandlerImpl) UpdateProjectHelmApp(w http.Res if err != nil { handler.Logger.Errorw("service err, InstalledAppId", "err", err, "InstalledAppId", request.InstalledAppId) common.WriteJsonResp(w, fmt.Errorf("Unable to fetch installed app details"), nil, http.StatusBadRequest) + return } if installedApp.IsVirtualEnvironment { rbacObjectForCurrentProject, _ := handler.enforcerUtilHelm.GetAppRBACNameByInstalledAppId(request.InstalledAppId) @@ -580,8 +582,10 @@ func (handler AppStoreDeploymentRestHandlerImpl) UpdateProjectHelmApp(w http.Res if err != nil { handler.Logger.Errorw("error in updating project for helm apps", "err", err) common.WriteJsonResp(w, err, "error in updating project", http.StatusBadRequest) + return } else { handler.Logger.Errorw("Helm App project update") common.WriteJsonResp(w, nil, "Project Updated", http.StatusOK) + return } } diff --git a/api/appStore/deployment/CommonDeploymentRestHandler.go b/api/appStore/deployment/CommonDeploymentRestHandler.go index 2365082183..e3ee4fba45 100644 --- a/api/appStore/deployment/CommonDeploymentRestHandler.go +++ b/api/appStore/deployment/CommonDeploymentRestHandler.go @@ -268,6 +268,7 @@ func (handler *CommonDeploymentRestHandlerImpl) RollbackApplication(w http.Respo appOfferingMode, installedAppDto, err := handler.getAppOfferingMode(installedAppId, *request.HAppId) if err != nil { common.WriteJsonResp(w, err, "bad request", http.StatusBadRequest) + return } installedAppDto.UserId = userId //rbac block starts from here diff --git a/api/auth/user/UserAuthHandler.go b/api/auth/user/UserAuthHandler.go index 56c575e7ca..daba9d2334 100644 --- a/api/auth/user/UserAuthHandler.go +++ b/api/auth/user/UserAuthHandler.go @@ -70,6 +70,7 @@ func (handler UserAuthHandlerImpl) LoginHandler(w http.ResponseWriter, r *http.R if err != nil { handler.logger.Errorw("request err, LoginHandler", "err", err, "payload", up) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } err = handler.validator.Struct(up) diff --git a/api/helm-app/HelmAppRestHandler.go b/api/helm-app/HelmAppRestHandler.go index a21cf730ff..bb4343a530 100644 --- a/api/helm-app/HelmAppRestHandler.go +++ b/api/helm-app/HelmAppRestHandler.go @@ -191,6 +191,7 @@ func (handler *HelmAppRestHandlerImpl) Hibernate(w http.ResponseWriter, r *http. appType, err = strconv.Atoi(appTypeString) if err != nil { common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } } @@ -282,6 +283,7 @@ func (handler *HelmAppRestHandlerImpl) UnHibernate(w http.ResponseWriter, r *htt appType, err = strconv.Atoi(appTypeString) if err != nil { common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } } token := r.Header.Get("token") diff --git a/api/k8s/application/k8sApplicationRestHandler.go b/api/k8s/application/k8sApplicationRestHandler.go index dd68e18e15..644830a36c 100644 --- a/api/k8s/application/k8sApplicationRestHandler.go +++ b/api/k8s/application/k8sApplicationRestHandler.go @@ -729,6 +729,7 @@ func (handler *K8sApplicationRestHandlerImpl) requestValidationAndRBAC(w http.Re if err != nil { handler.logger.Errorw(bean2.AppIdDecodingError, "err", err, "appIdentifier", request.AppIdentifier) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } valid, err := handler.argoApplicationReadService.ValidateArgoResourceRequest(r.Context(), appIdentifier, request.K8sRequest) if err != nil || !valid { diff --git a/api/restHandler/BatchOperationRestHandler.go b/api/restHandler/BatchOperationRestHandler.go index ff50ba96a4..fd598e5725 100644 --- a/api/restHandler/BatchOperationRestHandler.go +++ b/api/restHandler/BatchOperationRestHandler.go @@ -94,6 +94,7 @@ func (handler BatchOperationRestHandlerImpl) Operate(w http.ResponseWriter, r *h if workflow.Destination.App == nil || len(*workflow.Destination.App) == 0 { common.WriteJsonResp(w, errors.New("app name cannot be empty"), nil, http.StatusBadRequest) + return } rbacString := handler.enforcerUtil.GetProjectAdminRBACNameBYAppName(*workflow.Destination.App) if ok := handler.enforcer.Enforce(token, casbin.ResourceApplications, casbin.ActionCreate, rbacString); !ok { diff --git a/api/restHandler/BulkUpdateRestHandler.go b/api/restHandler/BulkUpdateRestHandler.go index 61b65644b7..423a069341 100644 --- a/api/restHandler/BulkUpdateRestHandler.go +++ b/api/restHandler/BulkUpdateRestHandler.go @@ -181,22 +181,26 @@ func (handler BulkUpdateRestHandlerImpl) GetImpactedAppsName(w http.ResponseWrit ok := handler.CheckAuthForImpactedObjects(deploymentTemplateImpactedApp.AppId, deploymentTemplateImpactedApp.EnvId, appResourceObjects, envResourceObjects, token) if !ok { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } } for _, configMapImpactedApp := range impactedApps.ConfigMap { ok := handler.CheckAuthForImpactedObjects(configMapImpactedApp.AppId, configMapImpactedApp.EnvId, appResourceObjects, envResourceObjects, token) if !ok { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } } for _, secretImpactedApp := range impactedApps.Secret { ok := handler.CheckAuthForImpactedObjects(secretImpactedApp.AppId, secretImpactedApp.EnvId, appResourceObjects, envResourceObjects, token) if !ok { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } } common.WriteJsonResp(w, err, impactedApps, http.StatusOK) } + func (handler BulkUpdateRestHandlerImpl) CheckAuthForBulkUpdate(AppId int, EnvId int, AppName string, rbacObjects map[int]string, token string) bool { resourceName := rbacObjects[AppId] if ok := handler.enforcer.Enforce(token, casbin.ResourceApplications, casbin.ActionUpdate, resourceName); !ok { @@ -236,18 +240,21 @@ func (handler BulkUpdateRestHandlerImpl) BulkUpdate(w http.ResponseWriter, r *ht ok := handler.CheckAuthForBulkUpdate(deploymentTemplateImpactedApp.AppId, deploymentTemplateImpactedApp.EnvId, deploymentTemplateImpactedApp.AppName, rbacObjects, token) if !ok { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } } for _, configMapImpactedApp := range impactedApps.ConfigMap { ok := handler.CheckAuthForBulkUpdate(configMapImpactedApp.AppId, configMapImpactedApp.EnvId, configMapImpactedApp.AppName, rbacObjects, token) if !ok { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } } for _, secretImpactedApp := range impactedApps.Secret { ok := handler.CheckAuthForBulkUpdate(secretImpactedApp.AppId, secretImpactedApp.EnvId, secretImpactedApp.AppName, rbacObjects, token) if !ok { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } } diff --git a/api/restHandler/GitOpsConfigRestHandler.go b/api/restHandler/GitOpsConfigRestHandler.go index 0511b8204f..1f70424635 100644 --- a/api/restHandler/GitOpsConfigRestHandler.go +++ b/api/restHandler/GitOpsConfigRestHandler.go @@ -312,6 +312,7 @@ func (impl GitOpsConfigRestHandlerImpl) GitOpsValidator(w http.ResponseWriter, r if err != nil && !errors.Is(err, moduleErr.ModuleNotFoundError) { impl.logger.Errorw("error in getting argo module", "error", err) common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) + return } detailedErrorGitOpsConfigResponse := impl.gitOpsConfigService.GitOpsValidateDryRun(argoModule.IsInstalled(), &bean) common.WriteJsonResp(w, nil, detailedErrorGitOpsConfigResponse, http.StatusOK) diff --git a/api/restHandler/ImageScanRestHandler.go b/api/restHandler/ImageScanRestHandler.go index b0f386f50e..b19c92efc9 100644 --- a/api/restHandler/ImageScanRestHandler.go +++ b/api/restHandler/ImageScanRestHandler.go @@ -198,6 +198,7 @@ func (impl ImageScanRestHandlerImpl) FetchExecutionDetail(w http.ResponseWriter, if err != nil { impl.logger.Errorw("request err, FetchExecutionDetail", "err", err, "imageScanDeployInfoIdS", imageScanDeployInfoIdS) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } } artifactIdS := v.Get("artifactId") @@ -206,6 +207,7 @@ func (impl ImageScanRestHandlerImpl) FetchExecutionDetail(w http.ResponseWriter, if err != nil { impl.logger.Errorw("request err, FetchExecutionDetail", "err", err, "artifactIdS", artifactIdS) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } } appIds := v.Get("appId") @@ -214,6 +216,7 @@ func (impl ImageScanRestHandlerImpl) FetchExecutionDetail(w http.ResponseWriter, if err != nil { impl.logger.Errorw("request err, FetchExecutionDetail", "err", err, "appIds", appIds) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } } envIds := v.Get("envId") @@ -222,6 +225,7 @@ func (impl ImageScanRestHandlerImpl) FetchExecutionDetail(w http.ResponseWriter, if err != nil { impl.logger.Errorw("request err, FetchExecutionDetail", "err", err, "envIds", envIds) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } } image := v.Get("image") @@ -266,6 +270,7 @@ func (impl ImageScanRestHandlerImpl) FetchExecutionDetail(w http.ResponseWriter, } } else { common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden) + return } //RBAC } else { @@ -285,6 +290,7 @@ func (impl ImageScanRestHandlerImpl) FetchMinScanResultByAppIdAndEnvId(w http.Re if err != nil { impl.logger.Errorw("request err, FetchMinScanResultByAppIdAndEnvId", "err", err, "appIds", appIds) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } request.AppId = appId } @@ -294,6 +300,7 @@ func (impl ImageScanRestHandlerImpl) FetchMinScanResultByAppIdAndEnvId(w http.Re if err != nil { impl.logger.Errorw("request err, FetchMinScanResultByAppIdAndEnvId", "err", err, "envIds", envIds) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } request.EnvId = envId } diff --git a/api/restHandler/PolicyRestHandler.go b/api/restHandler/PolicyRestHandler.go index 33c6e4d114..2678207843 100644 --- a/api/restHandler/PolicyRestHandler.go +++ b/api/restHandler/PolicyRestHandler.go @@ -218,6 +218,7 @@ func (impl PolicyRestHandlerImpl) GetPolicy(w http.ResponseWriter, r *http.Reque if err != nil { impl.logger.Errorw("request err, GetPolicy", "err", err, "id", id) common.WriteJsonResp(w, err, nil, http.StatusBadRequest) + return } req.Id = ids } diff --git a/api/restHandler/ReleaseMetricsRestHandler.go b/api/restHandler/ReleaseMetricsRestHandler.go index a2d9169ca9..f9de1c48c2 100644 --- a/api/restHandler/ReleaseMetricsRestHandler.go +++ b/api/restHandler/ReleaseMetricsRestHandler.go @@ -124,6 +124,7 @@ func (impl *ReleaseMetricsRestHandlerImpl) ResetDataForAllAppEnvironment(w http. if err != nil { impl.logger.Errorw("service err, ResetDataForAllAppEnvironment", "err", err) common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) + return } for _, pipeline := range pipelines { appRbacObject := impl.enforcerUtil.GetAppRBACNameByAppId(pipeline.AppId) diff --git a/api/restHandler/WebhookEventHandler.go b/api/restHandler/WebhookEventHandler.go index a765373d48..922a53ad8f 100644 --- a/api/restHandler/WebhookEventHandler.go +++ b/api/restHandler/WebhookEventHandler.go @@ -142,5 +142,6 @@ func (impl WebhookEventHandlerImpl) OnWebhookEvent(w http.ResponseWriter, r *htt if err != nil { impl.logger.Errorw("Error while handling webhook in git-sensor", "err", err) common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) + return } } diff --git a/api/restHandler/app/appList/AppListingRestHandler.go b/api/restHandler/app/appList/AppListingRestHandler.go index 3862d4c4b9..f2d450a236 100644 --- a/api/restHandler/app/appList/AppListingRestHandler.go +++ b/api/restHandler/app/appList/AppListingRestHandler.go @@ -346,6 +346,7 @@ func (handler AppListingRestHandlerImpl) FetchAppsByEnvironmentV2(w http.Respons if err != nil { handler.logger.Errorw("service err, FetchAppsByEnvironment", "err", err, "payload", fetchAppListingRequest) common.WriteJsonResp(w, err, "", http.StatusInternalServerError) + return } } @@ -370,6 +371,7 @@ func (handler AppListingRestHandlerImpl) FetchAppsByEnvironmentV2(w http.Respons if err != nil { handler.logger.Errorw("service err, FetchAppsByEnvironment", "err", err, "payload", fetchAppListingRequest) common.WriteJsonResp(w, err, "", http.StatusInternalServerError) + return } appContainerResponse := AppView.AppContainerResponse{ diff --git a/api/restHandler/app/pipeline/configure/BuildPipelineRestHandler.go b/api/restHandler/app/pipeline/configure/BuildPipelineRestHandler.go index 13b61730e3..c7d11e12aa 100644 --- a/api/restHandler/app/pipeline/configure/BuildPipelineRestHandler.go +++ b/api/restHandler/app/pipeline/configure/BuildPipelineRestHandler.go @@ -876,8 +876,10 @@ func (handler *PipelineConfigRestHandlerImpl) GetCiPipelineMin(w http.ResponseWr if util.IsErrNoRows(err) { err = &util.ApiError{Code: "404", HttpStatusCode: http.StatusNotFound, UserMessage: "no data found"} common.WriteJsonResp(w, err, nil, http.StatusOK) + return } else { common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) + return } } common.WriteJsonResp(w, nil, ciPipelines, http.StatusOK)