npm - @backstage/plugin-catalog-backend - Versions diffs - 1.7.2-next.1 → 1.7.2 - Mend

@backstage/plugin-catalog-backend 1.7.2-next.1 → 1.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,56 @@
 # @backstage/plugin-catalog-backend
+## 1.7.2
+### Patch Changes
+- 071354eb7d: Add additional validation as security precations for output entities.
+- b977c2e69f: Minor improvements to the descriptions provided with permission rules schemas
+- 2380506364: The process of adding or modifying fields in the software-catalog search index has been simplified. For more details, see [how to customize fields in the Software Catalog index](https://backstage.io/docs/features/search/how-to-guides#how-to-customize-fields-in-the-software-catalog-index).
+- 9573651919: The previous migration that adds the `search.original_value` column may leave some of the entities not updated. Add a migration script to trigger a reprocessing of the entities.
+- 9f71a2fd20: Location rule target patterns now also match hidden files, i.e. path components with a leading dot.
+- e716946103: Updated usage of the lifecycle service.
+- 1aec041c34: Fixed an issue where entities sometimes were not properly deleted during a full mutation.
+- 0ff03319be: Updated usage of `createBackendPlugin`.
+- fc73f6aae5: Switched the order of reprocessing statements retroactively in migrations. This only improves the experience for those who at a later time perform a large upgrade of an old Backstage installation.
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.4.0
+  - @backstage/backend-common@0.18.2
+  - @backstage/catalog-model@1.2.0
+  - @backstage/plugin-catalog-node@1.3.3
+  - @backstage/catalog-client@1.3.1
+  - @backstage/config@1.0.6
+  - @backstage/errors@1.1.4
+  - @backstage/integration@1.4.2
+  - @backstage/types@1.0.2
+  - @backstage/plugin-catalog-common@1.0.11
+  - @backstage/plugin-permission-common@0.7.3
+  - @backstage/plugin-permission-node@0.7.5
+  - @backstage/plugin-scaffolder-common@1.2.5
+  - @backstage/plugin-search-common@1.2.1
+## 1.7.2-next.2
+### Patch Changes
+- e716946103: Updated usage of the lifecycle service.
+- 0ff03319be: Updated usage of `createBackendPlugin`.
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.4.0-next.2
+  - @backstage/backend-common@0.18.2-next.2
+  - @backstage/catalog-model@1.2.0-next.1
+  - @backstage/plugin-catalog-node@1.3.3-next.2
+  - @backstage/plugin-permission-node@0.7.5-next.2
+  - @backstage/catalog-client@1.3.1-next.1
+  - @backstage/config@1.0.6
+  - @backstage/errors@1.1.4
+  - @backstage/integration@1.4.2
+  - @backstage/types@1.0.2
+  - @backstage/plugin-catalog-common@1.0.11-next.1
+  - @backstage/plugin-permission-common@0.7.3
+  - @backstage/plugin-scaffolder-common@1.2.5-next.1
+  - @backstage/plugin-search-common@1.2.1
 ## 1.7.2-next.1
 ### Patch Changes

package/alpha/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-catalog-backend",
-  "version": "1.7.2-next.1",
+  "version": "1.7.2",
   "main": "../dist/index.cjs.js",
   "types": "../dist/index.alpha.d.ts"
 }

package/dist/index.cjs.js CHANGED Viewed

@@ -823,7 +823,7 @@ const createCatalogPermissionRule = pluginPermissionNode.makeCreatePermissionRul
 const hasAnnotation = createCatalogPermissionRule({
   name: "HAS_ANNOTATION",
-  description: "Allow entities which are annotated with the specified annotation",
+  description: "Allow entities with the specified annotation",
   resourceType: pluginCatalogCommon.RESOURCE_TYPE_CATALOG_ENTITY,
   paramsSchema: zod.z.object({
     annotation: zod.z.string().describe("Name of the annotation to match on"),
@@ -843,7 +843,7 @@ const hasAnnotation = createCatalogPermissionRule({
 const isEntityKind = createCatalogPermissionRule({
   name: "IS_ENTITY_KIND",
-  description: "Allow entities with the specified kind",
+  description: "Allow entities matching a specified kind",
   resourceType: pluginCatalogCommon.RESOURCE_TYPE_CATALOG_ENTITY,
   paramsSchema: zod.z.object({
     kinds: zod.z.array(zod.z.string()).describe("List of kinds to match at least one of")
@@ -862,7 +862,7 @@ const isEntityKind = createCatalogPermissionRule({
 const isEntityOwner = createCatalogPermissionRule({
   name: "IS_ENTITY_OWNER",
-  description: "Allow entities owned by the current user",
+  description: "Allow entities owned by a specified claim",
   resourceType: pluginCatalogCommon.RESOURCE_TYPE_CATALOG_ENTITY,
   paramsSchema: zod.z.object({
     claims: zod.z.array(zod.z.string()).describe(
@@ -883,10 +883,10 @@ const isEntityOwner = createCatalogPermissionRule({
 const hasLabel = createCatalogPermissionRule({
   name: "HAS_LABEL",
-  description: "Allow entities which have the specified label metadata.",
+  description: "Allow entities with the specified label",
   resourceType: pluginCatalogCommon.RESOURCE_TYPE_CATALOG_ENTITY,
   paramsSchema: zod.z.object({
-    label: zod.z.string().describe("Name of the label to match one")
+    label: zod.z.string().describe("Name of the label to match on")
   }),
   apply: (resource, { label }) => {
     var _a;
@@ -899,7 +899,7 @@ const hasLabel = createCatalogPermissionRule({
 const createPropertyRule = (propertyType) => createCatalogPermissionRule({
   name: `HAS_${propertyType.toUpperCase()}`,
-  description: `Allow entities which have the specified ${propertyType} subfield.`,
+  description: `Allow entities with the specified ${propertyType} subfield`,
   resourceType: pluginCatalogCommon.RESOURCE_TYPE_CATALOG_ENTITY,
   paramsSchema: zod.z.object({
     key: zod.z.string().describe(`Property within the entities ${propertyType} to match on`),
@@ -3056,6 +3056,10 @@ function generateStableHash(entity) {
   return crypto.createHash("sha1").update(stableStringify__default["default"]({ ...entity })).digest("hex");
 }
+const scriptProtocolPattern = (
+  // eslint-disable-next-line no-control-regex
+  /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*\:/i
+);
 class Stitcher {
   constructor(database, logger) {
     this.database = database;
@@ -3073,7 +3077,7 @@ class Stitcher {
     }
   }
   async stitchOne(entityRef) {
-    var _a, _b;
+    var _a, _b, _c;
     const entityResult = await this.database("refresh_state").where({ entity_ref: entityRef }).limit(1).select("entity_id");
     if (!entityResult.length) {
       return;
@@ -3141,6 +3145,12 @@ class Stitcher {
         }));
       }
     }
+    for (const annotation of [catalogModel.ANNOTATION_VIEW_URL, catalogModel.ANNOTATION_EDIT_URL]) {
+      const value = (_a = entity.metadata.annotations) == null ? void 0 : _a[annotation];
+      if (typeof value === "string" && scriptProtocolPattern.test(value)) {
+        entity.metadata.annotations[annotation] = "https://backstage.io/annotation-rejected-for-security-reasons";
+      }
+    }
     entity.relations = relationsResult.filter(
       (row) => row.relationType
       /* exclude null row, if relevant */
@@ -3151,7 +3161,7 @@ class Stitcher {
     if (statusItems.length) {
       entity.status = {
         ...entity.status,
-        items: [...(_b = (_a = entity.status) == null ? void 0 : _a.items) != null ? _b : [], ...statusItems]
+        items: [...(_c = (_b = entity.status) == null ? void 0 : _b.items) != null ? _c : [], ...statusItems]
       };
     }
     const hash = generateStableHash(entity);
@@ -3766,7 +3776,10 @@ const _DefaultCatalogRulesEnforcer = class {
       if (matcher.exact && matcher.exact !== (location == null ? void 0 : location.target)) {
         continue;
       }
-      if (matcher.pattern && !minimatch__default["default"](location == null ? void 0 : location.target, matcher.pattern, { nocase: true })) {
+      if (matcher.pattern && !minimatch__default["default"](location == null ? void 0 : location.target, matcher.pattern, {
+        nocase: true,
+        dot: true
+      })) {
         continue;
       }
       return true;
@@ -4076,44 +4089,55 @@ class AuthorizedLocationService {
 async function deleteWithEagerPruningOfChildren(options) {
   const { tx, entityRefs, sourceKey } = options;
   let removedCount = 0;
-  const rootId = () => tx.raw(
-    tx.client.config.client.includes("mysql") ? "CAST(NULL as UNSIGNED INT)" : "CAST(NULL as INT)",
-    []
-  );
   for (const refs of lodash__default["default"].chunk(entityRefs, 1e3)) {
-    removedCount += await tx("refresh_state").whereIn("entity_ref", function orphanedEntityRefs(orphans) {
-      return orphans.withRecursive("descendants", function descendants(outer) {
-        return outer.select({ root_id: "id", entity_ref: "target_entity_ref" }).from("refresh_state_references").where("source_key", sourceKey).whereIn("target_entity_ref", refs).union(function recursive(inner) {
-          return inner.select({
-            root_id: "descendants.root_id",
-            entity_ref: "refresh_state_references.target_entity_ref"
-          }).from("descendants").join("refresh_state_references", {
-            "descendants.entity_ref": "refresh_state_references.source_entity_ref"
-          });
-        });
-      }).withRecursive("ancestors", function ancestors(outer) {
-        return outer.select({
-          root_id: rootId(),
-          via_entity_ref: "entity_ref",
-          to_entity_ref: "entity_ref"
-        }).from("descendants").union(function recursive(inner) {
-          return inner.select({
-            root_id: tx.raw(
-              "CASE WHEN source_key IS NOT NULL THEN id ELSE NULL END",
-              []
-            ),
-            via_entity_ref: "source_entity_ref",
-            to_entity_ref: "ancestors.to_entity_ref"
-          }).from("ancestors").join("refresh_state_references", {
-            target_entity_ref: "ancestors.via_entity_ref"
-          });
-        });
-      }).select("descendants.entity_ref").from("descendants").leftOuterJoin("ancestors", function keepaliveRoots() {
-        this.on("ancestors.to_entity_ref", "=", "descendants.entity_ref");
-        this.andOnNotNull("ancestors.root_id");
-        this.andOn("ancestors.root_id", "!=", "descendants.root_id");
-      }).whereNull("ancestors.root_id");
-    }).delete();
+    removedCount += await tx.delete().from("refresh_state").whereIn(
+      "entity_ref",
+      (orphans) => orphans.withRecursive(
+        "descendants",
+        ["entity_ref"],
+        (initial) => initial.select("target_entity_ref").from("refresh_state_references").where("source_key", "=", sourceKey).whereIn("target_entity_ref", refs).union(
+          (recursive) => recursive.select("refresh_state_references.target_entity_ref").from("descendants").join(
+            "refresh_state_references",
+            "descendants.entity_ref",
+            "refresh_state_references.source_entity_ref"
+          )
+        )
+      ).withRecursive(
+        "ancestors",
+        ["source_key", "source_entity_ref", "target_entity_ref", "subject"],
+        (initial) => initial.select(
+          "refresh_state_references.source_key",
+          "refresh_state_references.source_entity_ref",
+          "refresh_state_references.target_entity_ref",
+          "descendants.entity_ref"
+        ).from("descendants").join(
+          "refresh_state_references",
+          "refresh_state_references.target_entity_ref",
+          "descendants.entity_ref"
+        ).union(
+          (recursive) => recursive.select(
+            "refresh_state_references.source_key",
+            "refresh_state_references.source_entity_ref",
+            "refresh_state_references.target_entity_ref",
+            "ancestors.subject"
+          ).from("ancestors").join(
+            "refresh_state_references",
+            "refresh_state_references.target_entity_ref",
+            "ancestors.source_entity_ref"
+          )
+        )
+      ).with(
+        "retained",
+        ["entity_ref"],
+        (notPartOfDeletion) => notPartOfDeletion.select("subject").from("ancestors").whereNotNull("ancestors.source_key").where(
+          (foreignKeyOrRef) => foreignKeyOrRef.where("ancestors.source_key", "!=", sourceKey).orWhereNotIn("ancestors.target_entity_ref", refs)
+        )
+      ).select("descendants.entity_ref").from("descendants").leftOuterJoin(
+        "retained",
+        "retained.entity_ref",
+        "descendants.entity_ref"
+      ).whereNull("retained.entity_ref")
+    );
     await tx("refresh_state_references").where("source_key", "=", sourceKey).whereIn("target_entity_ref", refs).delete();
   }
   return removedCount;
@@ -4893,7 +4917,7 @@ class CatalogExtensionPointImpl {
 _processors = new WeakMap();
 _entityProviders = new WeakMap();
 const catalogPlugin = backendPluginApi.createBackendPlugin({
-  id: "catalog",
+  pluginId: "catalog",
   register(env) {
     const processingExtensions = new CatalogExtensionPointImpl();
     env.registerExtensionPoint(
@@ -4931,11 +4955,7 @@ const catalogPlugin = backendPluginApi.createBackendPlugin({
         builder.addEntityProvider(...processingExtensions.entityProviders);
         const { processingEngine, router } = await builder.build();
         await processingEngine.start();
-        lifecycle.addShutdownHook({
-          fn: async () => {
-            await processingEngine.stop();
-          }
-        });
+        lifecycle.addShutdownHook(() => processingEngine.stop());
         httpRouter.use(router);
       }
     });