Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getResult REST API leads to Web Proxy errors when repositories look like file names #432

Open
brunon opened this issue Jul 2, 2023 · 0 comments
Open

getResult REST API leads to Web Proxy errors when repositories look like file names #432

brunon opened this issue Jul 2, 2023 · 0 comments

Comments

@brunon
Copy link

brunon commented Jul 2, 2023

The getResult API has this path: /projects/{platform}/{org}/{repo}

As a result, if the repo name looks like a file (for example with a .cmd extension), then the resulting URL will appear to be an executable file

For example, take the kids.cmd repository, its getResult URL is this:

https://api.securityscorecards.dev/projects/github.com/0k/kids.cmd

This looks like an executable file

The problem is that within an organization which has Web Proxies that block download of executable code, this URL becomes blocked

The solution would be simple: modify the openapi.yaml file to add /results.json to the end of the API path:

/projects/{platform}/{org}/{repo}/results.json

The example above would become

https://api.securityscorecards.dev/projects/github.com/0k/kids.cmd/results.json

This would ensure that the URL looks like a JSON document always (which it is) and work around proxy limitations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brunon