Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub PRs from forked repositories fail #363

Closed
milo-minderbinder opened this issue Jul 29, 2020 · 0 comments
Closed

GitHub PRs from forked repositories fail #363

milo-minderbinder opened this issue Jul 29, 2020 · 0 comments
Assignees
@alex-ko-dev @AvivCx
Labels
bug Something isn't working

Comments

@milo-minderbinder
Copy link
Contributor

Description

When processing webhook events, the GitHubController sets the clone URL to the source repository's clone URL (i.e. not the forked repo's URL; equivalent to the PR base branch clone URL). As a result, processing these events usually results in failures, and always behaves incorrectly, since the PR processing will fail entirely if the source/main repo does not have a branch with the same ref name as the fork, and if the source repo does have a branch with the same name as the forked repo's branch, the source repo's version -- not the forked repo's branch -- is scanned, even if the forked repo's branch is not even with the source repo's branch of the same name.

Expected Behavior

PRs from forked repos are able to be processed successfully and the forked version of the code which is to be merged with the source repo is scanned as expected.

Actual Behavior

The event processing fails entirely if the same ref name does not exist in both repos, and otherwise, the source version of the ref name is (incorrectly) scanned, instead of the forked ref.

Reproduction

  1. Fork a repo that is configured with CxFlow webhook
  2. Create a branch name that does not exist on the source repository
  3. Make a commit on that forked branch
  4. open a PR from the forked repo, asking to merge your forked branch onto the default branch of the source repo
  5. observe that CxFlow fails to process the event since it cannot find the ref name on the source repo

Environment Details

N/A - applies to all
@milo-minderbinder milo-minderbinder added the bug Something isn't working label Jul 29, 2020
milo-minderbinder referenced this issue in milo-minderbinder/cx-flow Jul 29, 2020
@milo-minderbinder
fix #363 - github PR from forked repo handling
f431186 
Previously, the GitHubController would set the clone URL to the repository's clone URL (equivalent to the PR base branch clone URL); this commit instead sets the clone URL to the clone URL of the pull request HEAD, so that scanned code changes are pulled from the correct repository, whether the PR was from a branch in the same repo or from a branch in a forked repository.
@milo-minderbinder milo-minderbinder mentioned this issue Jul 29, 2020
Closed
3 tasks
@ofersk ofersk mentioned this issue Aug 20, 2020
Merged
@ofersk ofersk closed this as completed in a93a6cd Aug 20, 2020
james-bostock-cx pushed a commit to james-bostock-cx/cx-flow that referenced this issue Mar 18, 2021
@ofersk @alex-ko-dev @NimrodGolan
fix checkmarx-ltd#363 - github PR from forked repo handling checkmarx…
dc0a24d 
…-ltd#364 (clone of other PR with same nme) (checkmarx-ltd#396)

* Replicated a change from PR 364 to verify it with the CI.

* Get the default cloned URL if one is not specified in the repo

Co-authored-by: AlexeyK <alexey.kononov@checkmarx.com>
Co-authored-by: NimrodGolan <nimrod.golan@checkmarx.com>
Co-authored-by: OferSK <ofer.skolsky@checkmarx.com>
Co-authored-by: milo-minderbinder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alex-ko-dev alex-ko-dev

@AvivCx AvivCx

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@milo-minderbinder @alex-ko-dev @AvivCx