Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit47cb584

Browse files
authored
fix(support): sanitize agent env (#12554)
1 parent597694f commit47cb584

File tree

3 files changed

+31
-0
lines changed

3 files changed

+31
-0
lines changed

‎coderd/database/dbfake/dbfake.go‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,9 @@ func (b WorkspaceBuildBuilder) WithAgent(mutations ...func([]*sdkproto.Agent) []
9595
Auth:&sdkproto.Agent_Token{
9696
Token:b.agentToken,
9797
},
98+
Env:map[string]string{
99+
"SECRET_TOKEN":"supersecret",
100+
},
98101
}}
99102
for_,m:=rangemutations {
100103
agents=m(agents)

‎support/support.go‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,11 @@ func WorkspaceInfo(ctx context.Context, client *codersdk.Client, log slog.Logger
191191
log.Error(ctx,"fetch workspace",slog.Error(err),slog.F("workspace_id",workspaceID))
192192
returnw
193193
}
194+
for_,res:=rangews.LatestBuild.Resources {
195+
for_,agt:=rangeres.Agents {
196+
sanitizeEnv(agt.EnvironmentVariables)
197+
}
198+
}
194199
w.Workspace=ws
195200

196201
eg.Go(func()error {
@@ -346,3 +351,13 @@ func Run(ctx context.Context, d *Deps) (*Bundle, error) {
346351

347352
return&b,nil
348353
}
354+
355+
// sanitizeEnv modifies kvs in place and replaces the values all non-empty keys
356+
// with the string ***REDACTED***
357+
funcsanitizeEnv(kvsmap[string]string) {
358+
fork,v:=rangekvs {
359+
ifv!="" {
360+
kvs[k]="***REDACTED***"
361+
}
362+
}
363+
}

‎support/support_test.go‎

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ func TestRun(t *testing.T) {
5757
require.NotEmpty(t,bun.Network.TailnetDebug)
5858
require.NotNil(t,bun.Network.NetcheckLocal)
5959
require.NotNil(t,bun.Workspace.Workspace)
60+
assertSanitizedWorkspace(t,bun.Workspace.Workspace)
6061
require.NotEmpty(t,bun.Workspace.BuildLogs)
6162
require.NotNil(t,bun.Workspace.Agent)
6263
require.NotEmpty(t,bun.Workspace.AgentStartupLogs)
@@ -92,6 +93,7 @@ func TestRun(t *testing.T) {
9293
require.NotEmpty(t,bun.Network.CoordinatorDebug)
9394
require.NotEmpty(t,bun.Network.TailnetDebug)
9495
require.NotNil(t,bun.Workspace)
96+
assertSanitizedWorkspace(t,bun.Workspace.Workspace)
9597
require.NotEmpty(t,bun.Logs)
9698
})
9799

@@ -140,6 +142,17 @@ func assertSanitizedDeploymentConfig(t *testing.T, dc *codersdk.DeploymentConfig
140142
}
141143
}
142144

145+
funcassertSanitizedWorkspace(t*testing.T,ws codersdk.Workspace) {
146+
t.Helper()
147+
for_,res:=rangews.LatestBuild.Resources {
148+
for_,agt:=rangeres.Agents {
149+
fork,v:=rangeagt.EnvironmentVariables {
150+
assert.Equal(t,"***REDACTED***",v,"environment variable %q not sanitized",k)
151+
}
152+
}
153+
}
154+
}
155+
143156
funcsetupWorkspaceAndAgent(ctx context.Context,t*testing.T,client*codersdk.Client,db database.Store,user codersdk.CreateFirstUserResponse) (codersdk.Workspace, codersdk.WorkspaceAgent) {
144157
// This is a valid zip file
145158
zipBytes:=make([]byte,22)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp