selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: Handle invalid resource types and actions (#4341) 

* fix: Handle invalid resource types and actions

* Return all values if invalid

* Use types
This commit is contained in:
Bruno Quaresma 2022-10-03 15:29:01 -03:00 committed by GitHub
parent cb62e16b41
commit 15d7b78527
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
coderd/audit.go
View File

@ -259,12 +259,37 @@ func auditSearchQuery(query string) (database.GetAuditLogsOffsetParams, []coders
// other parsing.
parser := httpapi.NewQueryParamParser()
filter := database.GetAuditLogsOffsetParams{
ResourceType: parser.String(searchParams, "", "resource_type"),
ResourceType: resourceTypeFromString(parser.String(searchParams, "", "resource_type")),
ResourceID: parser.UUID(searchParams, uuid.Nil, "resource_id"),
Action: parser.String(searchParams, "", "action"),
Action: actionFromString(parser.String(searchParams, "", "action")),
Username: parser.String(searchParams, "", "username"),
Email: parser.String(searchParams, "", "email"),
}
return filter, parser.Errors
}
func resourceTypeFromString(resourceTypeString string) string {
switch codersdk.ResourceType(resourceTypeString) {
case codersdk.ResourceTypeOrganization:
case codersdk.ResourceTypeTemplate:
case codersdk.ResourceTypeTemplateVersion:
case codersdk.ResourceTypeUser:
case codersdk.ResourceTypeWorkspace:
case codersdk.ResourceTypeGitSSHKey:
case codersdk.ResourceTypeAPIKey:
return resourceTypeString
}
return ""
}
func actionFromString(actionString string) string {
switch codersdk.AuditAction(actionString) {
case codersdk.AuditActionCreate:
case codersdk.AuditActionWrite:
case codersdk.AuditActionDelete:
return actionString
default:
}
return ""
}

15
coderd/audit_test.go
View File

@ -112,6 +112,21 @@ func TestAuditLogsFilter(t *testing.T) {
SearchQuery: "resource_id:" + userResourceID.String(),
ExpectedResult: 2,
},
{
Name: "FilterInvalidSingleValue",
SearchQuery: "invalid",
ExpectedResult: 3,
},
{
Name: "FilterWithInvalidResourceType",
SearchQuery: "resource_type:invalid",
ExpectedResult: 3,
},
{
Name: "FilterWithInvalidAction",
SearchQuery: "action:invalid",
ExpectedResult: 3,
},
}
for _, testCase := range testCases {