add validateURI before paring uri

Signed-off-by: Stephanie <[email protected]>

Author: yangcao77

go.mod

@@ -3,7 +3,7 @@ module github.com/devfile/library
 go 1.13
 
 require (
-	github.com/devfile/api/v2 v2.0.0-20210121164412-49ba915897f4
+	github.com/devfile/api/v2 v2.0.0-20210202172954-6424f4139ac7
 	github.com/fatih/color v1.7.0
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
 	github.com/gobwas/glob v0.2.3

go.sum

@@ -44,8 +44,8 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/devfile/api/v2 v2.0.0-20210121164412-49ba915897f4 h1:jDzWFpF/BoyaemoPjAzw5SmlX172JsSsh+Frujm5Ww4=
-github.com/devfile/api/v2 v2.0.0-20210121164412-49ba915897f4/go.mod h1:Cot4snybn3qhIh48oIFi9McocnIx7zY5fFbjfrIpPvg=
+github.com/devfile/api/v2 v2.0.0-20210202172954-6424f4139ac7 h1:bQGUVLEGQtVkvS94K4gQbu57Rk/npcZQmgORmCWYNy8=
+github.com/devfile/api/v2 v2.0.0-20210202172954-6424f4139ac7/go.mod h1:Cot4snybn3qhIh48oIFi9McocnIx7zY5fFbjfrIpPvg=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=

pkg/devfile/parser/parse.go

@@ -15,6 +15,7 @@ import (
 	"reflect"
 
 	v1 "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
+	"github.com/devfile/api/v2/pkg/validation"
 	apiOverride "github.com/devfile/api/v2/pkg/utils/overriding"
 	"github.com/pkg/errors"
 )
@@ -180,6 +181,10 @@ func parseParentAndPlugin(d DevfileObj) (err error) {
 
 func parseFromURI(uri string, curDevfile DevfileObj) (DevfileObj, error) {
 	// validate URI
+	err := validation.ValidateURI(uri)
+	if err!= nil {
+		return DevfileObj{}, err
+	}
 
 	// absolute URL address
 	if strings.HasPrefix(uri, "http://") || strings.HasPrefix(uri, "https://") {
@@ -188,7 +193,6 @@ func parseFromURI(uri string, curDevfile DevfileObj) (DevfileObj, error) {
 
 	// relative path on disk
 	if curDevfile.Ctx.GetAbsPath() != "" {
-
 		return Parse(path.Join(path.Dir(curDevfile.Ctx.GetAbsPath()), uri))
 	}
 

pkg/devfile/parser/parse_test.go

@@ -2404,6 +2404,7 @@ func Test_parseFromURI(t *testing.T) {
 	const httpPrefix = "http://"
 	const localRelativeURI = "testTmp/dir/devfile.yaml"
 	const notExistURI = "notexist/devfile.yaml"
+	const invalidURL = "http//invalid.com"
 	uri2 := path.Join(uri1, localRelativeURI)
 
 	localDevfile := DevfileObj{
@@ -2643,6 +2644,28 @@ func Test_parseFromURI(t *testing.T) {
 			uri:     notExistURI,
 			wantErr: true,
 		},
+		{
+			name: "case 6: should fail if with invalid URI format",
+			curDevfile: DevfileObj{
+				Ctx: devfileCtx.NewURLDevfileCtx(OutputDevfileYamlPath),
+				Data: &v2.DevfileV2{
+					Devfile: v1.Devfile{
+						DevWorkspaceTemplateSpec: v1.DevWorkspaceTemplateSpec{
+							Parent: &v1.Parent{
+								ImportReference: v1.ImportReference{
+									ImportReferenceUnion: v1.ImportReferenceUnion{
+										Uri: invalidURL,
+									},
+								},
+							},
+							DevWorkspaceTemplateSpecContent: v1.DevWorkspaceTemplateSpecContent{},
+						},
+					},
+				},
+			},
+			uri:     invalidURL,
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {