npm - @backstage/plugin-techdocs-node - Versions diffs - 1.12.11-next.1 → 1.12.11 - Mend

@backstage/plugin-techdocs-node 1.12.11-next.1 → 1.12.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,42 @@
 # @backstage/plugin-techdocs-node
+## 1.12.11
+### Patch Changes
+- f715f5c: Move `TechdocsContainerRunner` from `publish` to `generate`.
+- 4417dd4: Fix typo and unify TechDocs casing in doc strings
+- 57da51f: Add support for mapping custom tags in the techdocs yaml parser that validates the mkdocs.yaml file
+- c2b63ab: Updated dependency `supertest` to `^7.0.0`.
+- 3606843: Internal fixes to match `testcontainers` update
+- 33ebb28: As the `@backstage/backend-common` package is deprecated, we have updated the `techdocs-node` package to stop depending on it.
+- Updated dependencies
+  - @backstage/backend-plugin-api@1.0.0
+  - @backstage/catalog-model@1.7.0
+  - @backstage/integration@1.15.0
+  - @backstage/config@1.2.0
+  - @backstage/errors@1.2.4
+  - @backstage/integration-aws-node@0.1.12
+  - @backstage/plugin-search-common@1.2.14
+  - @backstage/plugin-techdocs-common@0.1.0
+## 1.12.11-next.2
+### Patch Changes
+- 57da51f: Add support for mapping custom tags in the techdocs yaml parser that validates the mkdocs.yaml file
+- c2b63ab: Updated dependency `supertest` to `^7.0.0`.
+- 3606843: Internal fixes to match `testcontainers` update
+- Updated dependencies
+  - @backstage/backend-plugin-api@1.0.0-next.2
+  - @backstage/integration@1.15.0-next.0
+  - @backstage/catalog-model@1.6.0
+  - @backstage/config@1.2.0
+  - @backstage/errors@1.2.4
+  - @backstage/integration-aws-node@0.1.12
+  - @backstage/plugin-search-common@1.2.14
+  - @backstage/plugin-techdocs-common@0.1.0
 ## 1.12.11-next.1
 ### Patch Changes

package/dist/index.cjs.js CHANGED Viewed

@@ -47,7 +47,29 @@ var os__default = /*#__PURE__*/_interopDefaultCompat(os);
 const getContentTypeForExtension = (ext) => {
   const defaultContentType = "text/plain; charset=utf-8";
-  if (ext.match(/htm|xml|svg/i)) {
+  const excludedTypes = [
+    "text/html",
+    "text/xml",
+    "image/svg+xml",
+    "text/xsl",
+    "application/vnd.wap.xhtml+xml",
+    "multipart/x-mixed-replace",
+    "text/rdf",
+    "application/mathml+xml",
+    "application/octet-stream",
+    "application/rdf+xml",
+    "application/xhtml+xml",
+    "application/xml",
+    "text/cache-manifest",
+    "text/vtt"
+  ];
+  if (ext.match(
+    /htm|xml|svg|appcache|manifest|mathml|owl|rdf|rng|vtt|xht|xsd|xsl/i
+  )) {
+    return defaultContentType;
+  }
+  const contentType = mime__default.default.lookup(ext);
+  if (contentType && excludedTypes.includes(contentType)) {
     return defaultContentType;
   }
   return mime__default.default.contentType(ext) || defaultContentType;
@@ -126,6 +148,15 @@ const bulkStorageOperation = async (operation, args, { concurrencyLimit } = { co
   const limiter = createLimiter__default.default(concurrencyLimit);
   await Promise.all(args.map((arg) => limiter(operation, arg)));
 };
+const isValidContentPath = (bucketRoot, contentPath) => {
+  const relativePath = path__default.default.posix.relative(bucketRoot, contentPath);
+  if (relativePath === "") {
+    return true;
+  }
+  const outsideBase = relativePath.startsWith("..");
+  const differentDrive = path__default.default.posix.isAbsolute(relativePath);
+  return !outsideBase && !differentDrive;
+};
 function getGeneratorKey(entity) {
   if (!entity) {
@@ -196,6 +227,14 @@ const MKDOCS_SCHEMA = yaml.DEFAULT_SCHEMA.extend([
     instanceOf: UnknownTag,
     construct: (data, type) => new UnknownTag(data, type)
   }),
+  new yaml.Type("tag:", {
+    kind: "mapping",
+    multi: true,
+    representName: (o) => o.type,
+    represent: (o) => o.data ?? "",
+    instanceOf: UnknownTag,
+    construct: (data, type) => new UnknownTag(data, type)
+  }),
   new yaml.Type("", {
     kind: "sequence",
     multi: true,
@@ -466,9 +505,15 @@ class DockerContainerRunner {
         this.dockerClient.pull(imageName, {}, (err, stream) => {
           if (err) {
             reject(err);
-            return;
+          } else if (!stream) {
+            reject(
+              new Error(
+                "Unexpeected error: no stream returned from Docker while pulling image"
+              )
+            );
+          } else {
+            pipeline(stream, logStream, { end: false }).then(resolve).catch(reject);
           }
-          pipeline(stream, logStream, { end: false }).then(resolve).catch(reject);
         });
       });
     }
@@ -485,7 +530,7 @@ class DockerContainerRunner {
       const realHostDir = await fs__default.default.realpath(hostDir);
       Binds.push(`${realHostDir}:${containerDir}`);
     }
-    const Env = [];
+    const Env = new Array();
     for (const [key, value] of Object.entries(envVars)) {
       Env.push(`${key}=${value}`);
     }
@@ -1150,6 +1195,12 @@ class AwsS3Publish {
         const entityTriplet = `${entityName.namespace}/${entityName.kind}/${entityName.name}`;
         const entityDir = this.legacyPathCasing ? entityTriplet : lowerCaseEntityTriplet(entityTriplet);
         const entityRootDir = path__default.default.posix.join(this.bucketRootPath, entityDir);
+        if (!isValidContentPath(this.bucketRootPath, entityRootDir)) {
+          this.logger.error(
+            `Invalid content path found while fetching TechDocs metadata: ${entityRootDir}`
+          );
+          throw new Error(`Metadata Not Found`);
+        }
         try {
           const resp = await this.storageClient.send(
             new clientS3.GetObjectCommand({
@@ -1187,6 +1238,13 @@ class AwsS3Publish {
       const decodedUri = decodeURI(req.path.replace(/^\//, ""));
       const filePathNoRoot = this.legacyPathCasing ? decodedUri : lowerCaseEntityTripletInStoragePath(decodedUri);
       const filePath = path__default.default.posix.join(this.bucketRootPath, filePathNoRoot);
+      if (!isValidContentPath(this.bucketRootPath, filePath)) {
+        this.logger.error(
+          `Attempted to fetch TechDocs content for a file outside of the bucket root: ${filePathNoRoot}`
+        );
+        res.status(404).send("File Not Found");
+        return;
+      }
       const fileExtension = path__default.default.extname(filePath);
       const responseHeaders = getHeadersForFileExtension(fileExtension);
       try {
@@ -1217,6 +1275,12 @@ class AwsS3Publish {
       const entityTriplet = `${entity.metadata.namespace}/${entity.kind}/${entity.metadata.name}`;
       const entityDir = this.legacyPathCasing ? entityTriplet : lowerCaseEntityTriplet(entityTriplet);
       const entityRootDir = path__default.default.posix.join(this.bucketRootPath, entityDir);
+      if (!isValidContentPath(this.bucketRootPath, entityRootDir)) {
+        this.logger.error(
+          `Invalid content path found while checking if docs have been generated: ${entityRootDir}`
+        );
+        return Promise.resolve(false);
+      }
       await this.storageClient.send(
         new clientS3.HeadObjectCommand({
           Bucket: this.bucketName,
@@ -1829,6 +1893,12 @@ class GoogleGCSPublish {
       const entityTriplet = `${entityName.namespace}/${entityName.kind}/${entityName.name}`;
       const entityDir = this.legacyPathCasing ? entityTriplet : lowerCaseEntityTriplet(entityTriplet);
       const entityRootDir = path__default.default.posix.join(this.bucketRootPath, entityDir);
+      if (!isValidContentPath(this.bucketRootPath, entityRootDir)) {
+        this.logger.error(
+          `Invalid content path found while fetching TechDocs metadata: ${entityRootDir}`
+        );
+        reject(new Error(`Metadata Not Found`));
+      }
       const fileStreamChunks = [];
       this.storageClient.bucket(this.bucketName).file(`${entityRootDir}/techdocs_metadata.json`).createReadStream().on("error", (err) => {
         this.logger.error(err.message);
@@ -1849,6 +1919,13 @@ class GoogleGCSPublish {
       const decodedUri = decodeURI(req.path.replace(/^\//, ""));
       const filePathNoRoot = this.legacyPathCasing ? decodedUri : lowerCaseEntityTripletInStoragePath(decodedUri);
       const filePath = path__default.default.posix.join(this.bucketRootPath, filePathNoRoot);
+      if (!isValidContentPath(this.bucketRootPath, filePath)) {
+        this.logger.error(
+          `Attempted to fetch TechDocs content for a file outside of the bucket root: ${filePathNoRoot}`
+        );
+        res.status(404).send("File Not Found");
+        return;
+      }
       const fileExtension = path__default.default.extname(filePath);
       const responseHeaders = getHeadersForFileExtension(fileExtension);
       this.storageClient.bucket(this.bucketName).file(filePath).createReadStream().on("pipe", () => {
@@ -1874,6 +1951,12 @@ class GoogleGCSPublish {
       const entityTriplet = `${entity.metadata.namespace}/${entity.kind}/${entity.metadata.name}`;
       const entityDir = this.legacyPathCasing ? entityTriplet : lowerCaseEntityTriplet(entityTriplet);
       const entityRootDir = path__default.default.posix.join(this.bucketRootPath, entityDir);
+      if (!isValidContentPath(this.bucketRootPath, entityRootDir)) {
+        this.logger.error(
+          `Invalid content path found while checking if docs have been generated: ${entityRootDir}`
+        );
+        resolve(false);
+      }
       this.storageClient.bucket(this.bucketName).file(`${entityRootDir}/index.html`).exists().then((response) => {
         resolve(response[0]);
       }).catch(() => {