16634334316

Committed 30 Jul 2025 09:37PM UTC coverage: 70.289% (-4.6%) from 74.892%

Build # 16634334316

Build Type

push

github

Committed by

web-flow

Commit Message

Add ModelState.IsValid validation to controller actions per SonarCloud S6967 (#944)

* Initial plan

* Add ModelState.IsValid validation to controller actions per SonarCloud S6967 rule

Co-authored-by: samsmithnz <8389039+samsmithnz@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: samsmithnz <8389039+samsmithnz@users.noreply.github.com>

Run Details

288 of 448 branches covered (64.29%)

Branch coverage included in aggregate %.

5 of 24 new or added lines in 1 file covered. (20.83%)

831 of 1144 relevant lines covered (72.64%)

38.65 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

30.99

/src/RepoGovernance.Service/Controllers/SummaryItemsController.cs

﻿using Microsoft.AspNetCore.Mvc;
using RepoGovernance.Core;
using RepoGovernance.Core.Models;
using RepoGovernance.Service.Models;

namespace RepoGovernance.Service.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class SummaryItemsController : ControllerBase
    {
        private readonly IConfiguration Configuration;

        public SummaryItemsController(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        [HttpGet("GetRepos")]
        public async Task<ActionResult<List<UserOwnerRepo>>> GetRepos(string owner)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            return await SummaryItemsDA.GetRepos(Configuration["AppSettings:CosmosDBConnectionString"], owner);
        }

        /// <summary>
        /// Update a target of summary item
        /// </summary>
        /// <param name="user">The user - often is also the owner, that has access to organizations</param>
        /// <param name="owner">The owner or organization</param>
        /// <param name="repo">the repository being updated</param>
        /// <returns></returns>
        [HttpGet("UpdateSummaryItem")]
        public async Task<ActionResult<int>> UpdateSummaryItem(string user, string owner, string repo)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            return await SummaryItemsDA.UpdateSummaryItem(
                Configuration["AppSettings:GitHubClientId"],
                Configuration["AppSettings:GitHubClientSecret"],
                Configuration["AppSettings:CosmosDBConnectionString"],//Configuration["AppSettings:StorageConnectionString"],
                Configuration["AppSettings:DevOpsServiceURL"],
                user, owner, repo,
                Configuration["AppSettings:AzureTenantId"],
                Configuration["AppSettings:AzureClientId"],
                Configuration["AppSettings:AzureClientSecret"]);
        }

        /// <summary>
        /// Update a target of summary item with optional NuGet package data
        /// </summary>
        /// <param name="request">The update request containing user, owner, repo, and optional NuGet payloads</param>
        /// <returns></returns>
        [HttpPost("UpdateSummaryItem")]
        public async Task<ActionResult<int>> UpdateSummaryItemWithNuGet(UpdateSummaryItemRequest request)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            if (request?.User == null || request?.Owner == null || request?.Repo == null)
            {
                return BadRequest("User, Owner, and Repo are required");
            }

            return await SummaryItemsDA.UpdateSummaryItem(
                Configuration["AppSettings:GitHubClientId"],
                Configuration["AppSettings:GitHubClientSecret"],
                Configuration["AppSettings:CosmosDBConnectionString"],
                Configuration["AppSettings:DevOpsServiceURL"],
                request.User, request.Owner, request.Repo,
                Configuration["AppSettings:AzureTenantId"],
                Configuration["AppSettings:AzureClientId"],
                Configuration["AppSettings:AzureClientSecret"],
                null, // azureDeployment
                request.NugetDeprecatedPayload,
                request.NugetOutdatedPayload,
                request.NugetVulnerablePayload);
        }

        [HttpPost("UpdateSummaryItemNuGetPackageStats")]
        public async Task<ActionResult<int>> UpdateSummaryItemNuGetPackageStats(NuGetPayload nugetPayload)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            if (nugetPayload != null)
            {
                string? repo = nugetPayload?.Repo;
                string? owner = nugetPayload?.Owner;
                string? user = nugetPayload?.User;
                //There is some weirdness when the json is embedded in this object and then the object is serialized a second time - it returns an array of strings.
                string? jsonPayload = nugetPayload?.JsonPayloadString;
                string? payloadType = nugetPayload?.PayloadType;

                if (repo == null || owner == null || user == null || jsonPayload == null || payloadType == null)
                {
                    return BadRequest("Repo, Owner, User, JsonPayloadString, and PayloadType are required");
                }
                return await SummaryItemsDA.UpdateSummaryItemNuGetPackageStats(
                    Configuration["AppSettings:CosmosDBConnectionString"],
                    user, owner, repo,
                    jsonPayload, payloadType);
            }
            else
            {
                return BadRequest("NuGet payload is required");
            }
        }

        /// <summary>
        /// Get a list of summary item
        /// </summary>
        /// <param name="user">The user - often is also the owner, that has access to organizations</param>
        /// <returns></returns>
        [HttpGet("GetSummaryItems")]
        public async Task<ActionResult<List<SummaryItem>>> GetSummaryItems(string user)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            return await SummaryItemsDA.GetSummaryItems(
                Configuration["AppSettings:CosmosDBConnectionString"], //Configuration["AppSettings:StorageConnectionString"],
                user);
        }

        /// <summary>
        /// Get a summary item
        /// </summary>
        /// <param name="owner">the owner or organization</param>
        /// <param name="repo">the repo</param>
        /// <returns></returns>
        [HttpGet("GetSummaryItem")]
        public async Task<ActionResult<SummaryItem?>> GetSummaryItem(string user, string owner, string repo)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            return await SummaryItemsDA.GetSummaryItem(
                Configuration["AppSettings:CosmosDBConnectionString"],
                user, owner, repo);
        }


        [HttpGet("ApproveSummaryItemPRs")]
        public async Task<ActionResult<bool>> ApproveSummaryItemPRs(//string user, 
            string owner, string repo, string approver)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            return await SummaryItemsDA.ApproveSummaryItemPRs(
               Configuration["AppSettings:GitHubClientId"],
               Configuration["AppSettings:GitHubClientSecret"],
               //Configuration["AppSettings:StorageConnectionString"],
               //Configuration["AppSettings:DevOpsServiceURL"],
               //user, 
               owner, repo, approver);
        }
    }
}

1	using Microsoft.AspNetCore.Mvc;
2	using RepoGovernance.Core;
3	using RepoGovernance.Core.Models;
4	using RepoGovernance.Service.Models;
5
6	namespace RepoGovernance.Service.Controllers
7	{
8	[Route("api/[controller]")]
9	[ApiController]
10	public class SummaryItemsController : ControllerBase
11	{
12	private readonly IConfiguration Configuration;
13
14	public SummaryItemsController(IConfiguration configuration)	5✔
15	{	5✔
16	Configuration = configuration;	5✔
17	}	5✔
18
19	[HttpGet("GetRepos")]
20	public async Task<ActionResult<List<UserOwnerRepo>>> GetRepos(string owner)
21	{	×
NEW 22	if (!ModelState.IsValid)	×
NEW 23	{	×
NEW 24	return BadRequest(ModelState);	×
25	}
26
27	return await SummaryItemsDA.GetRepos(Configuration["AppSettings:CosmosDBConnectionString"], owner);	×
28	}	×
29
30	/// <summary>
31	/// Update a target of summary item
32	/// </summary>
33	/// <param name="user">The user - often is also the owner, that has access to organizations</param>
34	/// <param name="owner">The owner or organization</param>
35	/// <param name="repo">the repository being updated</param>
36	/// <returns></returns>
37	[HttpGet("UpdateSummaryItem")]
38	public async Task<ActionResult<int>> UpdateSummaryItem(string user, string owner, string repo)
39	{	×
NEW 40	if (!ModelState.IsValid)	×
NEW 41	{	×
NEW 42	return BadRequest(ModelState);	×
43	}
44
45	return await SummaryItemsDA.UpdateSummaryItem(	×
46	Configuration["AppSettings:GitHubClientId"],	×
47	Configuration["AppSettings:GitHubClientSecret"],	×
48	Configuration["AppSettings:CosmosDBConnectionString"],//Configuration["AppSettings:StorageConnectionString"],	×
49	Configuration["AppSettings:DevOpsServiceURL"],	×
50	user, owner, repo,	×
51	Configuration["AppSettings:AzureTenantId"],	×
52	Configuration["AppSettings:AzureClientId"],	×
53	Configuration["AppSettings:AzureClientSecret"]);	×
54	}	×
55
56	/// <summary>
57	/// Update a target of summary item with optional NuGet package data
58	/// </summary>
59	/// <param name="request">The update request containing user, owner, repo, and optional NuGet payloads</param>
60	/// <returns></returns>
61	[HttpPost("UpdateSummaryItem")]
62	public async Task<ActionResult<int>> UpdateSummaryItemWithNuGet(UpdateSummaryItemRequest request)
63	{	2✔
64	if (!ModelState.IsValid)	2!
NEW 65	{	×
NEW 66	return BadRequest(ModelState);	×
67	}
68
69	if (request?.User == null \|\| request?.Owner == null \|\| request?.Repo == null)	2!
70	{	2✔
71	return BadRequest("User, Owner, and Repo are required");	2✔
72	}
73
74	return await SummaryItemsDA.UpdateSummaryItem(	×
75	Configuration["AppSettings:GitHubClientId"],	×
76	Configuration["AppSettings:GitHubClientSecret"],	×
77	Configuration["AppSettings:CosmosDBConnectionString"],	×
78	Configuration["AppSettings:DevOpsServiceURL"],	×
79	request.User, request.Owner, request.Repo,	×
80	Configuration["AppSettings:AzureTenantId"],	×
81	Configuration["AppSettings:AzureClientId"],	×
82	Configuration["AppSettings:AzureClientSecret"],	×
83	null, // azureDeployment	×
84	request.NugetDeprecatedPayload,	×
85	request.NugetOutdatedPayload,	×
86	request.NugetVulnerablePayload);	×
87	}	2✔
88
89	[HttpPost("UpdateSummaryItemNuGetPackageStats")]
90	public async Task<ActionResult<int>> UpdateSummaryItemNuGetPackageStats(NuGetPayload nugetPayload)
91	{	2✔
92	if (!ModelState.IsValid)	2!
NEW 93	{	×
NEW 94	return BadRequest(ModelState);	×
95	}
96
97	if (nugetPayload != null)	2✔
98	{	1✔
99	string? repo = nugetPayload?.Repo;	1!
100	string? owner = nugetPayload?.Owner;	1!
101	string? user = nugetPayload?.User;	1!
102	//There is some weirdness when the json is embedded in this object and then the object is serialized a second time - it returns an array of strings.
103	string? jsonPayload = nugetPayload?.JsonPayloadString;	1!
104	string? payloadType = nugetPayload?.PayloadType;	1!
105
106	if (repo == null \|\| owner == null \|\| user == null \|\| jsonPayload == null \|\| payloadType == null)	1!
107	{	1✔
108	return BadRequest("Repo, Owner, User, JsonPayloadString, and PayloadType are required");	1✔
109	}
110	return await SummaryItemsDA.UpdateSummaryItemNuGetPackageStats(	×
111	Configuration["AppSettings:CosmosDBConnectionString"],	×
112	user, owner, repo,	×
113	jsonPayload, payloadType);	×
114	}
115	else
116	{	1✔
117	return BadRequest("NuGet payload is required");	1✔
118	}
119	}	2✔
120
121	/// <summary>
122	/// Get a list of summary item
123	/// </summary>
124	/// <param name="user">The user - often is also the owner, that has access to organizations</param>
125	/// <returns></returns>
126	[HttpGet("GetSummaryItems")]
127	public async Task<ActionResult<List<SummaryItem>>> GetSummaryItems(string user)
128	{	×
NEW 129	if (!ModelState.IsValid)	×
NEW 130	{	×
NEW 131	return BadRequest(ModelState);	×
132	}
133
134	return await SummaryItemsDA.GetSummaryItems(	×
135	Configuration["AppSettings:CosmosDBConnectionString"], //Configuration["AppSettings:StorageConnectionString"],	×
136	user);	×
137	}	×
138
139	/// <summary>
140	/// Get a summary item
141	/// </summary>
142	/// <param name="owner">the owner or organization</param>
143	/// <param name="repo">the repo</param>
144	/// <returns></returns>
145	[HttpGet("GetSummaryItem")]
146	public async Task<ActionResult<SummaryItem?>> GetSummaryItem(string user, string owner, string repo)
147	{	×
NEW 148	if (!ModelState.IsValid)	×
NEW 149	{	×
NEW 150	return BadRequest(ModelState);	×
151	}
152
153	return await SummaryItemsDA.GetSummaryItem(	×
154	Configuration["AppSettings:CosmosDBConnectionString"],	×
155	user, owner, repo);	×
156	}	×
157
158
159	[HttpGet("ApproveSummaryItemPRs")]
160	public async Task<ActionResult<bool>> ApproveSummaryItemPRs(//string user,
161	string owner, string repo, string approver)
162	{	×
NEW 163	if (!ModelState.IsValid)	×
NEW 164	{	×
NEW 165	return BadRequest(ModelState);	×
166	}
167
168	return await SummaryItemsDA.ApproveSummaryItemPRs(	×
169	Configuration["AppSettings:GitHubClientId"],	×
170	Configuration["AppSettings:GitHubClientSecret"],	×
171	//Configuration["AppSettings:StorageConnectionString"],	×
172	//Configuration["AppSettings:DevOpsServiceURL"],	×
173	//user,	×
174	owner, repo, approver);	×
175	}	×
176	}
177	}

samsmithnz / RepoGovernance / 16634334316

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous