mirror/komodo
1
0
Fork 0
mirror of https://github.com/moghtech/komodo.git synced 2026-05-22 22:28:43 -05:00
Code Issues Packages Projects Releases Wiki Activity

disallow non-admins from updating cli commands (security issue)

Browse Source
This commit is contained in:
beckerinj
2022-05-17 17:08:00 -04:00
parent f681e9f057
commit d0ab454e7b
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/src/messages/builds/update.ts
+5
View File
@@ -37,6 +37,11 @@ async function updateBuild(
app.buildActionStates.set(build._id!, "updating", true);
try {
build.pullName = toDashedName(build.name);
if (user.permissions! < 2) {
// disallow non-admins from updating the onClone / onPull commands
build.onClone = undefined;
build.cliBuild = undefined;
}
if (build.repo !== preBuild.repo || build.branch !== preBuild.branch) {
// reclone repo if repo is changed
await remove(BUILD_REPO_PATH + preBuild.pullName).catch();
core/src/messages/deployments/update.ts
+5
View File
@@ -38,6 +38,11 @@ async function updateDeployment(
app.broadcast(UPDATE_DEPLOYMENT, { deploymentID: deployment._id, complete: false });
try {
// this assumes no change to deployment name (ie cannot rename deployments after created)
if (user.permissions! < 2) {
// disallow non-admins from updating the onClone / onPull commands
deployment.onClone = undefined;
deployment.onPull = undefined;
}
if (
deployment.repo !== preDeployment.repo ||
deployment.branch !== preDeployment.branch