Skip to content

Application assembly - spec#11148

Draft
Reshrahim wants to merge 9 commits intoradius-project:mainfrom
Reshrahim:001-auto-app-discovery
Draft

Application assembly - spec#11148
Reshrahim wants to merge 9 commits intoradius-project:mainfrom
Reshrahim:001-auto-app-discovery

Conversation

@Reshrahim
Copy link
Contributor

@Reshrahim Reshrahim commented Feb 2, 2026

Description

Please explain the changes you've made.

Type of change

  • This pull request fixes a bug in Radius and has an approved issue (issue link required).
  • This pull request adds or changes features of Radius and has an approved issue (issue link required).
  • This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional).

Fixes: #issue_number

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

  • An overview of proposed schema changes is included in a linked GitHub issue.
    • Yes
    • Not applicable
  • A design document PR is created in the design-notes repository, if new APIs are being introduced.
    • Yes
    • Not applicable
  • The design document has been reviewed and approved by Radius maintainers/approvers.
    • Yes
    • Not applicable
  • A PR for the samples repository is created, if existing samples are affected by the changes in this PR.
    • Yes
    • Not applicable
  • A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
    • Yes
    • Not applicable
  • A PR for the recipes repository is created, if existing recipes are affected by the changes in this PR.
    • Yes
    • Not applicable

@Reshrahim
Initial draft of app assembly
67de6c8 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Update flow
4009bb8 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Updates
165e507 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Tighten
5daeb91 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Update
2040b25 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Preliminary questions answered
2a51a5f 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Preliminary questions answered
06fac8d 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Minor updates
b3b0982 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim
Prototype for app assembly
002f26b 
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
@Reshrahim Reshrahim requested a deployment to external-contributor-approval February 5, 2026 22:04 — with GitHub Actions Waiting
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 5, 2026
View reviewed changes
pkg/discovery/output/bicep.go
func (g *BicepGenerator) GenerateToFile(result *dtypes.DiscoveryResult, opts BicepGenerateOptions, outputPath string) error {
// Ensure directory exists
dir := filepath.Dir(outputPath)
if err := os.MkdirAll(dir, 0755); err != nil {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pkg/discovery/output/bicep.go
return fmt.Errorf("generating bicep: %w", err)
}

if err := os.WriteFile(outputPath, buf.Bytes(), 0644); err != nil {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pkg/discovery/recipes/contrib.go
// Path: <category>/<typeName>/recipes/<provider>
recipesPath := fmt.Sprintf("%s/%s/%s/recipes/%s", s.baseURL, category, typeName, s.provider)

resp, err := s.httpClient.Get(recipesPath)

Check failure

Code scanning / CodeQL

Uncontrolled data used in network request Error Experimental

The URL of this request depends on a user-provided value.
pkg/discovery/recipes/contrib.go
// Path: <category>/<typeName>/recipes/<provider>/<templateKind>
url := fmt.Sprintf("%s/%s/%s/recipes/%s/%s", s.baseURL, category, typeName, s.provider, templateKind)

resp, err := s.httpClient.Get(url)

Check failure

Code scanning / CodeQL

Uncontrolled data used in network request Error Experimental

The URL of this request depends on a user-provided value.
pkg/discovery/output/bicep.go

func findDependency(deps []dtypes.DetectedDependency, id string) *dtypes.DetectedDependency {
for i := range deps {
if deps[i].ID == id {

Check warning

Code scanning / CodeQL

User-controlled bypass of condition Warning Experimental

This comparison of a
user-controlled value
Loading
with another
user-controlled value
Loading
can be bypassed by a malicious user.
pkg/discovery/recipes/matcher.go
score := 0.5 // Base score

// Exact resource type match
if recipe.ResourceType == resourceType {

Check warning

Code scanning / CodeQL

User-controlled bypass of condition Warning Experimental

This comparison of a
user-controlled value
Loading
with another
user-controlled value
Loading
can be bypassed by a malicious user.
pkg/discovery/recipes/matcher.go
func (m *Matcher) explainMatch(recipe Recipe, resourceType string) string {
var reasons []string

if recipe.ResourceType == resourceType {

Check warning

Code scanning / CodeQL

User-controlled bypass of condition Warning Experimental

This comparison of a
user-controlled value
Loading
with another
user-controlled value
Loading
can be bypassed by a malicious user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Reshrahim