Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release Job Can Reset Git Root Repo to Nothing #93

Closed
hollowaykeanho opened this issue Sep 20, 2023 · 4 comments
Closed

Release Job Can Reset Git Root Repo to Nothing #93

hollowaykeanho opened this issue Sep 20, 2023 · 4 comments
Assignees
@hollowaykeanho
Labels
Bug Case is about a glitch. Critical Red alert. High attention needed. Released Implementation got released and shipped. Security Case is a security vulnerability matter.

Comments

@hollowaykeanho
Copy link
Member

Description

Apparently, if the releases directory is missing or malformed, Release job will hard reset the root repository to its first commit and official nuke the project. This is not desirable and safety check must me added here to prevent this from happening again.

Expected Behavior

Safety check is added to GIT::hard_reset_to_init function to cross-check its root against the root repository before actually performing the reset.

Current Behavior

No safety check is added.

Steps to Reproduce [COMPULSORY]

  1. Execute everything.
  2. At ./ci release stage, observe that it shall erase the project and attempting to push to remote.

Associated Data Files

No response
@hollowaykeanho hollowaykeanho added Security Case is a security vulnerability matter. In Progress Someone is working on the case. Critical Red alert. High attention needed. Bug Case is about a glitch. labels Sep 20, 2023
@hollowaykeanho hollowaykeanho self-assigned this Sep 20, 2023
@hollowaykeanho hollowaykeanho changed the title Release Job Can Reset Git Root to Nothing Release Job Can Reset Git Root Repo to Nothing Sep 20, 2023
@hollowaykeanho
Copy link
Member Author

Fixed in e44d185

@hollowaykeanho hollowaykeanho added Done and Pending Release Completed and staging for next release. In Progress Someone is working on the case. and removed In Progress Someone is working on the case. labels Sep 20, 2023
@hollowaykeanho
Copy link
Member Author

Enhancing existing solution for testing in simulation...

@hollowaykeanho
Copy link
Member Author

Added redundant simulation capability for release job f180e07 to make sure we detects any kind of bugs in that job.

@hollowaykeanho hollowaykeanho added Released Implementation got released and shipped. and removed In Progress Someone is working on the case. Done and Pending Release Completed and staging for next release. labels Sep 22, 2023
@ChewKeanHo ChewKeanHo locked as resolved and limited conversation to collaborators Sep 22, 2023
@hollowaykeanho
Copy link
Member Author

Solved CVE-2023-42798

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hollowaykeanho hollowaykeanho

Labels
Bug Case is about a glitch. Critical Red alert. High attention needed. Released Implementation got released and shipped. Security Case is a security vulnerability matter.
Projects
AutomataCI
Status: [DELIVERED] v1.5.0
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hollowaykeanho