You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When processing webhook events, the GitHubController sets the clone URL to the source repository's clone URL (i.e. not the forked repo's URL; equivalent to the PR base branch clone URL). As a result, processing these events usually results in failures, and always behaves incorrectly, since the PR processing will fail entirely if the source/main repo does not have a branch with the same ref name as the fork, and if the source repo does have a branch with the same name as the forked repo's branch, the source repo's version -- not the forked repo's branch -- is scanned, even if the forked repo's branch is not even with the source repo's branch of the same name.
Expected Behavior
PRs from forked repos are able to be processed successfully and the forked version of the code which is to be merged with the source repo is scanned as expected.
Actual Behavior
The event processing fails entirely if the same ref name does not exist in both repos, and otherwise, the source version of the ref name is (incorrectly) scanned, instead of the forked ref.
Reproduction
Fork a repo that is configured with CxFlow webhook
Create a branch name that does not exist on the source repository
Make a commit on that forked branch
open a PR from the forked repo, asking to merge your forked branch onto the default branch of the source repo
observe that CxFlow fails to process the event since it cannot find the ref name on the source repo
Environment Details
N/A - applies to all
The text was updated successfully, but these errors were encountered:
Previously, the GitHubController would set the clone URL to the repository's clone URL (equivalent to the PR base branch clone URL); this commit instead sets the clone URL to the clone URL of the pull request HEAD, so that scanned code changes are pulled from the correct repository, whether the PR was from a branch in the same repo or from a branch in a forked repository.
…-ltd#364 (clone of other PR with same nme) (checkmarx-ltd#396)
* Replicated a change from PR 364 to verify it with the CI.
* Get the default cloned URL if one is not specified in the repo
Co-authored-by: AlexeyK <alexey.kononov@checkmarx.com>
Co-authored-by: NimrodGolan <nimrod.golan@checkmarx.com>
Co-authored-by: OferSK <ofer.skolsky@checkmarx.com>
Co-authored-by: milo-minderbinder
Description
When processing webhook events, the GitHubController sets the clone URL to the source repository's clone URL (i.e. not the forked repo's URL; equivalent to the PR base branch clone URL). As a result, processing these events usually results in failures, and always behaves incorrectly, since the PR processing will fail entirely if the source/main repo does not have a branch with the same ref name as the fork, and if the source repo does have a branch with the same name as the forked repo's branch, the source repo's version -- not the forked repo's branch -- is scanned, even if the forked repo's branch is not even with the source repo's branch of the same name.
Expected Behavior
PRs from forked repos are able to be processed successfully and the forked version of the code which is to be merged with the source repo is scanned as expected.
Actual Behavior
The event processing fails entirely if the same ref name does not exist in both repos, and otherwise, the source version of the ref name is (incorrectly) scanned, instead of the forked ref.
Reproduction
Environment Details
N/A - applies to all
The text was updated successfully, but these errors were encountered: