chore: sync with upstream goharbor/harbor#111
Conversation
Remove the unused function MostMatchSorter, it should not be implemented in golang, should be implement in the db query. Remove the unused function onBoardCommonUserGroup() fixes goharbor#22573 Signed-off-by: stonezdj <stonezdj@gmail.com>
refine apitest Signed-off-by: my036811 <miner.yang@broadcom.com>
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
There was a problem hiding this comment.
7 issues found across 21 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/pkg/user/dao/dao.go">
<violation number="1" location="src/pkg/user/dao/dao.go:136">
P2: LIKE wildcard characters (`%`, `_`) in the input `name` are not escaped, potentially allowing unintended broad searches. Consider escaping these special characters before constructing the pattern.</violation>
</file>
<file name="src/pkg/usergroup/dao/dao.go">
<violation number="1" location="src/pkg/usergroup/dao/dao.go:176">
P2: Missing escape for LIKE wildcard characters. The `name` parameter should be escaped using `orm.Escape()` (as done in `SearchMemberByName` in `src/pkg/member/dao/dao.go`) to prevent LIKE pattern characters (`%`, `_`) from being interpreted as wildcards.</violation>
</file>
<file name="tests/apitests/python/test_job_service_dashboard.py">
<violation number="1" location="tests/apitests/python/test_job_service_dashboard.py:79">
P2: Incomplete change: `self.gc.gc_now()` at step 10 (line 105) is missing `**ADMIN_CLIENT`, while the same call at steps 4 and 14 were updated to include it. The `create_purge_schedule` call on the next line was updated but `gc_now()` was missed.</violation>
</file>
<file name="src/server/v2.0/handler/user.go">
<violation number="1" location="src/server/v2.0/handler/user.go:281">
P1: Pagination is broken: `SearchByName` only accepts a limit but ignores `params.Page`. Users requesting page 2+ will receive incorrect results (always page 1 data) while `XTotalCount` suggests more pages exist. Consider using the original `List` method with the query, or updating `SearchByName` to support offset/pagination.</violation>
</file>
<file name="tests/apitests/python/library/cosign.py">
<violation number="1" location="tests/apitests/python/library/cosign.py:15">
P3: Typo in comment: "ennvironment" should be "environment".</violation>
<violation number="2" location="tests/apitests/python/library/cosign.py:17">
P3: Typo in print statement: "coisgn" should be "cosign".</violation>
</file>
<file name="src/server/v2.0/handler/usergroup.go">
<violation number="1" location="src/server/v2.0/handler/usergroup.go:205">
P1: Pagination is broken. `SearchByName` only accepts `limitSize` (page size) and ignores the page number. Users requesting page 2+ will receive the same results as page 1. Either pass the page offset to `SearchByName`, or use `u.ctl.List(ctx, query)` which supports full pagination.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| return operation.NewSearchUsersOK().WithXTotalCount(0).WithPayload([]*models.UserSearchRespItem{}) | ||
| } | ||
| l, err := u.ctl.List(ctx, query) | ||
| l, err := u.ctl.SearchByName(ctx, params.Username, int(*params.PageSize)) |
There was a problem hiding this comment.
P1: Pagination is broken: SearchByName only accepts a limit but ignores params.Page. Users requesting page 2+ will receive incorrect results (always page 1 data) while XTotalCount suggests more pages exist. Consider using the original List method with the query, or updating SearchByName to support offset/pagination.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/server/v2.0/handler/user.go, line 281:
<comment>Pagination is broken: `SearchByName` only accepts a limit but ignores `params.Page`. Users requesting page 2+ will receive incorrect results (always page 1 data) while `XTotalCount` suggests more pages exist. Consider using the original `List` method with the query, or updating `SearchByName` to support offset/pagination.</comment>
<file context>
@@ -279,7 +278,7 @@ func (u *usersAPI) SearchUsers(ctx context.Context, params operation.SearchUsers
return operation.NewSearchUsersOK().WithXTotalCount(0).WithPayload([]*models.UserSearchRespItem{})
}
- l, err := u.ctl.List(ctx, query)
+ l, err := u.ctl.SearchByName(ctx, params.Username, int(*params.PageSize))
if err != nil {
return u.SendError(ctx, err)
</file context>
| return operation.NewSearchUserGroupsOK().WithXTotalCount(0).WithPayload([]*models.UserGroupSearchItem{}) | ||
| } | ||
| ug, err := u.ctl.List(ctx, query) | ||
| ug, err := u.ctl.SearchByName(ctx, params.Groupname, int(*params.PageSize)) |
There was a problem hiding this comment.
P1: Pagination is broken. SearchByName only accepts limitSize (page size) and ignores the page number. Users requesting page 2+ will receive the same results as page 1. Either pass the page offset to SearchByName, or use u.ctl.List(ctx, query) which supports full pagination.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/server/v2.0/handler/usergroup.go, line 205:
<comment>Pagination is broken. `SearchByName` only accepts `limitSize` (page size) and ignores the page number. Users requesting page 2+ will receive the same results as page 1. Either pass the page offset to `SearchByName`, or use `u.ctl.List(ctx, query)` which supports full pagination.</comment>
<file context>
@@ -204,14 +202,11 @@ func (u *userGroupAPI) SearchUserGroups(ctx context.Context, params operation.Se
return operation.NewSearchUserGroupsOK().WithXTotalCount(0).WithPayload([]*models.UserGroupSearchItem{})
}
- ug, err := u.ctl.List(ctx, query)
+ ug, err := u.ctl.SearchByName(ctx, params.Groupname, int(*params.PageSize))
if err != nil {
return u.SendError(ctx, err)
</file context>
| var users []*User | ||
| // use raw sql to return the most matched user first, then by alphabetic order | ||
| sql := "select * from harbor_user where username like ? and deleted = false order by length(username), username asc limit ?" | ||
| likePattern := "%" + name + "%" |
There was a problem hiding this comment.
P2: LIKE wildcard characters (%, _) in the input name are not escaped, potentially allowing unintended broad searches. Consider escaping these special characters before constructing the pattern.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/pkg/user/dao/dao.go, line 136:
<comment>LIKE wildcard characters (`%`, `_`) in the input `name` are not escaped, potentially allowing unintended broad searches. Consider escaping these special characters before constructing the pattern.</comment>
<file context>
@@ -122,3 +124,24 @@ func (d *dao) List(ctx context.Context, query *q.Query) ([]*commonmodels.User, e
+ var users []*User
+ // use raw sql to return the most matched user first, then by alphabetic order
+ sql := "select * from harbor_user where username like ? and deleted = false order by length(username), username asc limit ?"
+ likePattern := "%" + name + "%"
+ _, err = o.Raw(sql, likePattern, limitSize).QueryRows(&users)
+ if err != nil {
</file context>
| var usergroups []*model.UserGroup | ||
| // use raw sql to return the most matched user first, then by alphabetic order | ||
| sql := "select id, group_name, group_type, ldap_group_dn, creation_time, update_time from user_group where group_name like ? order by length(group_name), group_name asc limit ?" | ||
| likePattern := "%" + name + "%" |
There was a problem hiding this comment.
P2: Missing escape for LIKE wildcard characters. The name parameter should be escaped using orm.Escape() (as done in SearchMemberByName in src/pkg/member/dao/dao.go) to prevent LIKE pattern characters (%, _) from being interpreted as wildcards.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/pkg/usergroup/dao/dao.go, line 176:
<comment>Missing escape for LIKE wildcard characters. The `name` parameter should be escaped using `orm.Escape()` (as done in `SearchMemberByName` in `src/pkg/member/dao/dao.go`) to prevent LIKE pattern characters (`%`, `_`) from being interpreted as wildcards.</comment>
<file context>
@@ -185,3 +164,19 @@ func (d *dao) Count(ctx context.Context, query *q.Query) (int64, error) {
+ var usergroups []*model.UserGroup
+ // use raw sql to return the most matched user first, then by alphabetic order
+ sql := "select id, group_name, group_type, ldap_group_dn, creation_time, update_time from user_group where group_name like ? order by length(group_name), group_name asc limit ?"
+ likePattern := "%" + name + "%"
+ _, err = o.Raw(sql, likePattern, limitSize).QueryRows(&usergroups)
+ if err != nil {
</file context>
| likePattern := "%" + name + "%" | |
| likePattern := "%" + orm.Escape(name) + "%" |
| self.gc.gc_now() | ||
| self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False) | ||
| self.gc.gc_now(**ADMIN_CLIENT) | ||
| self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False, **ADMIN_CLIENT) |
There was a problem hiding this comment.
P2: Incomplete change: self.gc.gc_now() at step 10 (line 105) is missing **ADMIN_CLIENT, while the same call at steps 4 and 14 were updated to include it. The create_purge_schedule call on the next line was updated but gc_now() was missed.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/test_job_service_dashboard.py, line 79:
<comment>Incomplete change: `self.gc.gc_now()` at step 10 (line 105) is missing `**ADMIN_CLIENT`, while the same call at steps 4 and 14 were updated to include it. The `create_purge_schedule` call on the next line was updated but `gc_now()` was missed.</comment>
<file context>
@@ -62,81 +62,93 @@ def testJobQueues(self):
- self.gc.gc_now()
- self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False)
+ self.gc.gc_now(**ADMIN_CLIENT)
+ self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False, **ADMIN_CLIENT)
+ print(f"Start time: {time.time()}")
time.sleep(2)
</file context>
| # known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269 | ||
| def sign_artifact(artifact): | ||
| command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact] | ||
| print("*******Start coisgn sign artifact********") |
There was a problem hiding this comment.
P3: Typo in print statement: "coisgn" should be "cosign".
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/library/cosign.py, line 17:
<comment>Typo in print statement: "coisgn" should be "cosign".</comment>
<file context>
@@ -11,11 +11,23 @@ def generate_key_pair():
+# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
def sign_artifact(artifact):
- command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
+ print("*******Start coisgn sign artifact********")
+ allow_insecure = base.getenv_bool("ALLOW_INSECURE", default=True)
+ if allow_insecure:
</file context>
| print("*******Start coisgn sign artifact********") | |
| print("*******Start cosign sign artifact********") |
| base.run_command(command) | ||
|
|
||
|
|
||
| # known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269 |
There was a problem hiding this comment.
P3: Typo in comment: "ennvironment" should be "environment".
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/library/cosign.py, line 15:
<comment>Typo in comment: "ennvironment" should be "environment".</comment>
<file context>
@@ -11,11 +11,23 @@ def generate_key_pair():
base.run_command(command)
+
+# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
def sign_artifact(artifact):
- command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
</file context>
| # known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269 | |
| # known issue for proxy environment https://github.com/sigstore/cosign/issues/3269 |
This commit fixes the style issues introduced in c48e4bc according to the output from Gofumpt and Prettier. Details: container-registry/harbor-next#111
|


Automated PR to sync 2 new commit(s) from upstream goharbor/harbor main branch.
Merge strategy: Our changes in
nextare preserved on conflicts (upstream changes are additive only).Note: The
.githubfolder is preserved and not synced from upstream.Summary by cubic
Sync with upstream to fix user and group search by moving matching logic into the database and to refine API tests for proxy environments. Improves search accuracy, performance, and test reliability.
Bug Fixes
Refactors
Written for commit 6c799f5. Summary will update on new commits.