Merge branch 'develop' into fix-dependabot-security-advisory

# Conflicts:
#	go.mod
#	go.sum
#	vendor/modules.txt

Author: SATYAsasini

api/restHandler/app/appList/AppListingRestHandler.go

@@ -56,6 +56,7 @@ import (
 	"github.com/gorilla/mux"
 	"go.opentelemetry.io/otel"
 	"go.uber.org/zap"
+	"gopkg.in/go-playground/validator.v9"
 	"net/http"
 	"strconv"
 	"time"
@@ -98,6 +99,7 @@ type AppListingRestHandlerImpl struct {
 	k8sApplicationService       k8sApplication.K8sApplicationService
 	deploymentConfigService     common2.DeploymentConfigService
 	resourceTreeService         resourceTree.Service
+	validator                   *validator.Validate
 }
 
 type AppStatus struct {
@@ -141,6 +143,7 @@ func NewAppListingRestHandlerImpl(appListingService app.AppListingService,
 		k8sApplicationService:       k8sApplicationService,
 		deploymentConfigService:     deploymentConfigService,
 		resourceTreeService:         resourceTreeService,
+		validator:                   validator.New(),
 	}
 	return appListingHandler
 }
@@ -276,6 +279,28 @@ func (handler AppListingRestHandlerImpl) FetchJobOverviewCiPipelines(w http.Resp
 	common.WriteJsonResp(w, err, jobCi, http.StatusOK)
 }
 
+// validateFetchAppListingRequest performs request and business-rule validation.
+func (handler AppListingRestHandlerImpl) validateFetchAppListingRequest(w http.ResponseWriter, r *http.Request, fetchAppListingRequest *app.FetchAppListingRequest) bool {
+	err := handler.validator.Struct(*fetchAppListingRequest)
+	if err != nil {
+		handler.logger.Errorw("validation err, FetchAppsByEnvironment", "err", err, "payload", fetchAppListingRequest)
+		common.HandleValidationErrors(w, r, err)
+		return false
+	}
+	err = handler.appListingService.ValidateTagFilters(fetchAppListingRequest.TagFilters)
+	if err != nil {
+		handler.logger.Errorw("request err, ValidateTagFilters", "err", err, "payload", fetchAppListingRequest.TagFilters)
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return false
+	}
+	return true
+}
+
+// normalizeFetchAppListingRequest applies request normalization after validation.
+func (handler AppListingRestHandlerImpl) normalizeFetchAppListingRequest(fetchAppListingRequest *app.FetchAppListingRequest) {
+	fetchAppListingRequest.TagFilters = handler.appListingService.NormalizeTagFilters(fetchAppListingRequest.TagFilters)
+}
+
 func (handler AppListingRestHandlerImpl) FetchAppsByEnvironmentV2(w http.ResponseWriter, r *http.Request) {
 	//Allow CORS here By * or specific origin
 	util3.SetupCorsOriginHeader(&w)
@@ -331,6 +356,10 @@ func (handler AppListingRestHandlerImpl) FetchAppsByEnvironmentV2(w http.Respons
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
+	if !handler.validateFetchAppListingRequest(w, r, &fetchAppListingRequest) {
+		return
+	}
+	handler.normalizeFetchAppListingRequest(&fetchAppListingRequest)
 	newCtx, span = otel.Tracer("fetchAppListingRequest").Start(newCtx, "GetNamespaceClusterMapping")
 	_, _, err = fetchAppListingRequest.GetNamespaceClusterMapping()
 	span.End()

internal/sql/repository/AppListingRepository.go

@@ -217,10 +217,14 @@ func (impl *AppListingRepositoryImpl) FetchAppsByEnvironmentV2(appListingFilter
 
 	if string(appListingFilter.SortBy) == helper.LastDeployedSortBy {
 
-		query, queryParams := impl.appListingRepositoryQueryBuilder.GetAppIdsQueryWithPaginationForLastDeployedSearch(appListingFilter)
+		query, queryParams, err := impl.appListingRepositoryQueryBuilder.GetAppIdsQueryWithPaginationForLastDeployedSearch(appListingFilter)
+		if err != nil {
+			impl.Logger.Errorw("error in building appIds query with appList filter", "err", err, "filter", appListingFilter)
+			return appEnvArr, appsSize, err
+		}
 		impl.Logger.Debug("GetAppIdsQueryWithPaginationForLastDeployedSearch query ", query)
 		start := time.Now()
-		_, err := impl.dbConnection.Query(&lastDeployedTimeDTO, query, queryParams...)
+		_, err = impl.dbConnection.Query(&lastDeployedTimeDTO, query, queryParams...)
 		middleware.AppListingDuration.WithLabelValues("getAppIdsQueryWithPaginationForLastDeployedSearch", "devtron").Observe(time.Since(start).Seconds())
 		if err != nil || len(lastDeployedTimeDTO) == 0 {
 			if err != nil {
@@ -235,7 +239,11 @@ func (impl *AppListingRepositoryImpl) FetchAppsByEnvironmentV2(appListingFilter
 			appIdsFound[i] = obj.AppId
 		}
 		appListingFilter.AppIds = appIdsFound
-		appContainerQuery, appContainerQueryParams := impl.appListingRepositoryQueryBuilder.GetQueryForAppEnvContainers(appListingFilter)
+		appContainerQuery, appContainerQueryParams, err := impl.appListingRepositoryQueryBuilder.GetQueryForAppEnvContainers(appListingFilter)
+		if err != nil {
+			impl.Logger.Errorw("error in building appEnv query with appList filter", "err", err, "filter", appListingFilter)
+			return appEnvArr, appsSize, err
+		}
 		impl.Logger.Debug("GetQueryForAppEnvContainers query ", query)
 		_, err = impl.dbConnection.Query(&appEnvContainer, appContainerQuery, appContainerQueryParams...)
 		if err != nil {
@@ -247,10 +255,14 @@ func (impl *AppListingRepositoryImpl) FetchAppsByEnvironmentV2(appListingFilter
 
 		// to get all the appIds in appEnvs allowed for user and filtered by the appListing filter and sorted by name
 		appIdCountDtos := make([]*AppView.AppEnvironmentContainer, 0)
-		appIdCountQuery, appIdCountQueryParams := impl.appListingRepositoryQueryBuilder.GetAppIdsQueryWithPaginationForAppNameSearch(appListingFilter)
+		appIdCountQuery, appIdCountQueryParams, appsErr := impl.appListingRepositoryQueryBuilder.GetAppIdsQueryWithPaginationForAppNameSearch(appListingFilter)
+		if appsErr != nil {
+			impl.Logger.Errorw("error in building appIds query with appList filter", "err", appsErr, "filter", appListingFilter)
+			return appEnvContainer, appsSize, appsErr
+		}
 		impl.Logger.Debug("GetAppIdsQueryWithPaginationForAppNameSearch query ", appIdCountQuery)
 		start := time.Now()
-		_, appsErr := impl.dbConnection.Query(&appIdCountDtos, appIdCountQuery, appIdCountQueryParams...)
+		_, appsErr = impl.dbConnection.Query(&appIdCountDtos, appIdCountQuery, appIdCountQueryParams...)
 		middleware.AppListingDuration.WithLabelValues("getAppIdsQueryWithPaginationForAppNameSearch", "devtron").Observe(time.Since(start).Seconds())
 		if appsErr != nil || len(appIdCountDtos) == 0 {
 			if appsErr != nil {
@@ -268,7 +280,11 @@ func (impl *AppListingRepositoryImpl) FetchAppsByEnvironmentV2(appListingFilter
 		appListingFilter.AppIds = uniqueAppIds
 		// set appids required for this page in the filter and get the appEnv containers of these apps
 		appListingFilter.AppIds = uniqueAppIds
-		appsEnvquery, appsEnvQueryParams := impl.appListingRepositoryQueryBuilder.GetQueryForAppEnvContainers(appListingFilter)
+		appsEnvquery, appsEnvQueryParams, appsErr := impl.appListingRepositoryQueryBuilder.GetQueryForAppEnvContainers(appListingFilter)
+		if appsErr != nil {
+			impl.Logger.Errorw("error in building appEnv query with appList filter", "err", appsErr, "filter", appListingFilter)
+			return appEnvContainer, appsSize, appsErr
+		}
 		impl.Logger.Debug("GetQueryForAppEnvContainers query: ", appsEnvquery)
 		start = time.Now()
 		_, appsErr = impl.dbConnection.Query(&appEnvContainer, appsEnvquery, appsEnvQueryParams...)