Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Runner token ID check #4707

Merged
merged 2 commits into from
May 15, 2023
Merged

Runner token ID check #4707

merged 2 commits into from
May 15, 2023

Conversation

paladin-devops
Copy link
Contributor

This change in this PR prevents a runner token from being used to generate a new token for a runner other than the runner ID which is encoded in the runner token.

ID of the runner token and the ID of the newly requested runner token must match.
case *pb.Token_Runner_:
// Prevent a runner token from generating a token for a runner with an
// ID different from the ID encoded in the runner token
if k.Runner.Id != req.Id {
Copy link
Contributor

@xiaolin-ninja xiaolin-ninja May 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great to me! We should also check to make sure that k.Runner.Id would never be nil, and also add a test for this new check.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants