Harden runner updateTask and updateLog api (#32462)

author ChristopherHX <christopher.homberger@web.de>

Mon, 11 Nov 2024 04:58:37 +0000 (05:58 +0100)

committer GitHub <noreply@github.com>

Mon, 11 Nov 2024 04:58:37 +0000 (04:58 +0000)
author ChristopherHX <christopher.homberger@web.de>
Mon, 11 Nov 2024 04:58:37 +0000 (05:58 +0100)
committer GitHub <noreply@github.com>
Mon, 11 Nov 2024 04:58:37 +0000 (04:58 +0000)
diff --git a/models/actions/task.go b/models/actions/task.go

index b62a0c351b99b8747da39c28d0d5a7da2dacc76e..af74faf937e5fa201f95afdaba97dffffef957ef 100644 (file)
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -341,7 +341,7 @@ func UpdateTask(ctx context.Context, task *ActionTask, cols ...string) error {
  // UpdateTaskByState updates the task by the state.
  // It will always update the task if the state is not final, even there is no change.
  // So it will update ActionTask.Updated to avoid the task being judged as a zombie task.
-func UpdateTaskByState(ctx context.Context, state *runnerv1.TaskState) (*ActionTask, error) {
+func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.TaskState) (*ActionTask, error) {
         stepStates := map[int64]*runnerv1.StepState{}
         for _, v := range state.Steps {
                 stepStates[v.Id] = v
@@ -360,6 +360,8 @@ func UpdateTaskByState(ctx context.Context, state *runnerv1.TaskState) (*ActionT
                 return nil, err
         } else if !has {
                 return nil, util.ErrNotExist
+       } else if runnerID != task.RunnerID {
+               return nil, fmt.Errorf("invalid runner for task")
         }
  
         if task.Status.IsDone() {
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go

index d4078d8af22cf39232bfaeee4d70d3d1ebc33a16..8f365cc92670aa1df03f2e8007fde76f73857799 100644 (file)
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -175,7 +175,9 @@ func (s *Service) UpdateTask(
         ctx context.Context,
         req *connect.Request[runnerv1.UpdateTaskRequest],
  ) (*connect.Response[runnerv1.UpdateTaskResponse], error) {
-       task, err := actions_model.UpdateTaskByState(ctx, req.Msg.State)
+       runner := GetRunner(ctx)
+
+       task, err := actions_model.UpdateTaskByState(ctx, runner.ID, req.Msg.State)
         if err != nil {
                 return nil, status.Errorf(codes.Internal, "update task: %v", err)
         }
@@ -237,11 +239,15 @@ func (s *Service) UpdateLog(
         ctx context.Context,
         req *connect.Request[runnerv1.UpdateLogRequest],
  ) (*connect.Response[runnerv1.UpdateLogResponse], error) {
+       runner := GetRunner(ctx)
+
         res := connect.NewResponse(&runnerv1.UpdateLogResponse{})
  
         task, err := actions_model.GetTaskByID(ctx, req.Msg.TaskId)
         if err != nil {
                 return nil, status.Errorf(codes.Internal, "get task: %v", err)
+       } else if runner.ID != task.RunnerID {
+               return nil, status.Errorf(codes.Internal, "invalid runner for task")
         }
         ack := task.LogLength
author	ChristopherHX <christopher.homberger@web.de>
	Mon, 11 Nov 2024 04:58:37 +0000 (05:58 +0100)
committer	GitHub <noreply@github.com>
	Mon, 11 Nov 2024 04:58:37 +0000 (04:58 +0000)
models/actions/task.go		patch \| blob \| history
routers/api/actions/runner/runner.go		patch \| blob \| history