diff options
| author | ChristopherHX <christopher.homberger@web.de> | 2024-11-11 05:58:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-11 04:58:37 +0000 |
| commit | f888e45432ccb86b18e6709fbd25223e07f2c422 (patch) | |
| tree | c9a374a8476dfebec01ebf92311bc77b35ec107c /routers/api/actions/runner | |
| parent | a1892cf7e3d1aa9e806f6f695d252546a8719e08 (diff) | |
| download | gitea-f888e45432ccb86b18e6709fbd25223e07f2c422.tar.gz gitea-f888e45432ccb86b18e6709fbd25223e07f2c422.zip | |
Harden runner updateTask and updateLog api (#32462)
Per proposal https://github.com/go-gitea/gitea/issues/32461
Diffstat (limited to 'routers/api/actions/runner')
| -rw-r--r-- | routers/api/actions/runner/runner.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go index d4078d8af2..8f365cc926 100644 --- a/routers/api/actions/runner/runner.go +++ b/routers/api/actions/runner/runner.go @@ -175,7 +175,9 @@ func (s *Service) UpdateTask( ctx context.Context, req *connect.Request[runnerv1.UpdateTaskRequest], ) (*connect.Response[runnerv1.UpdateTaskResponse], error) { - task, err := actions_model.UpdateTaskByState(ctx, req.Msg.State) + runner := GetRunner(ctx) + + task, err := actions_model.UpdateTaskByState(ctx, runner.ID, req.Msg.State) if err != nil { return nil, status.Errorf(codes.Internal, "update task: %v", err) } @@ -237,11 +239,15 @@ func (s *Service) UpdateLog( ctx context.Context, req *connect.Request[runnerv1.UpdateLogRequest], ) (*connect.Response[runnerv1.UpdateLogResponse], error) { + runner := GetRunner(ctx) + res := connect.NewResponse(&runnerv1.UpdateLogResponse{}) task, err := actions_model.GetTaskByID(ctx, req.Msg.TaskId) if err != nil { return nil, status.Errorf(codes.Internal, "get task: %v", err) + } else if runner.ID != task.RunnerID { + return nil, status.Errorf(codes.Internal, "invalid runner for task") } ack := task.LogLength |