Skip to content

Commit

Permalink
fix(orchestrator): fixes many security-related issues (#1681)
Browse files Browse the repository at this point in the history
  • Loading branch information
jkilzi authored May 20, 2024
1 parent 31ba07e commit 3e801c8
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 21 deletions.
38 changes: 36 additions & 2 deletions plugins/orchestrator-backend/src/service/DataIndexService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -336,9 +336,43 @@ export class DataIndexService {
public async fetchInstance(
instanceId: string,
): Promise<ProcessInstance | undefined> {
const graphQlQuery = `{ ProcessInstances (where: { id: {equal: "${instanceId}" } } ) { id, processName, processId, serviceUrl, businessKey, state, start, end, nodes { id, nodeId, definitionId, type, name, enter, exit }, variables, parentProcessInstance {id, processName, businessKey}, error { nodeDefinitionId, message} } }`;
const FindProcessInstanceQuery = gql`
query FindProcessInstanceQuery($instanceId: String!) {
ProcessInstances(where: { id: { equal: $instanceId } }) {
id
processName
processId
serviceUrl
businessKey
state
start
end
nodes {
id
nodeId
definitionId
type
name
enter
exit
}
variables
parentProcessInstance {
id
processName
businessKey
}
error {
nodeDefinitionId
message
}
}
}
`;

const result = await this.client.query(graphQlQuery, {});
const result = await this.client.query(FindProcessInstanceQuery, {
instanceId,
});

this.logger.debug(
`Fetch process instance result: ${JSON.stringify(result)}`,
Expand Down
47 changes: 28 additions & 19 deletions plugins/orchestrator-backend/src/service/router.ts
Original file line number Diff line number Diff line change
Expand Up @@ -239,12 +239,15 @@ function setupInternalRoutes(
const {
params: { workflowId },
} = req;
await routerApi.v1
.getWorkflowSourceById(workflowId)
.then(result => res.status(200).send(result))
.catch(error => {
res.status(500).send(error.message || INTERNAL_SERVER_ERROR_MESSAGE);
});
try {
const result = await routerApi.v1.getWorkflowSourceById(workflowId);
res.status(200).contentType('text/plain').send(result);
} catch (error) {
res
.status(500)
.contentType('text/plain')
.send((error as Error)?.message || INTERNAL_SERVER_ERROR_MESSAGE);
}
});

// v2
Expand All @@ -253,13 +256,16 @@ function setupInternalRoutes(
async (c, _req, res, next) => {
const workflowId = c.request.params.workflowId as string;

await routerApi.v2
.getWorkflowSourceById(workflowId)
.then(result => res.send(result))
.catch(error => {
res.status(500).send(error.message || INTERNAL_SERVER_ERROR_MESSAGE);
next();
});
try {
const result = await routerApi.v2.getWorkflowSourceById(workflowId);
res.status(200).contentType('plain/text').send(result);
} catch (error) {
res
.status(500)
.contentType('plain/text')
.send((error as Error)?.message || INTERNAL_SERVER_ERROR_MESSAGE);
next();
}
},
);

Expand All @@ -269,12 +275,15 @@ function setupInternalRoutes(
params: { instanceId },
} = req;

await routerApi.v1
.abortWorkflow(instanceId)
.then(() => res.status(200).send())
.catch(error => {
res.status(500).send(error.message || INTERNAL_SERVER_ERROR_MESSAGE);
});
try {
await routerApi.v1.abortWorkflow(instanceId);
res.status(200).send();
} catch (error) {
res
.status(500)
.contentType('plain/text')
.send((error as Error)?.message || INTERNAL_SERVER_ERROR_MESSAGE);
}
});

// v2
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ export const fakeDataInputSchemaMultiStepResponse: WorkflowInputSchemaResponse =
jobTemplate: '${.ansibleJobDefinition.jobTemplate}',
component_id: '${.ansibleJobDefinition.name}',
namespace: '${.ansibleJobDefinition.namespace}',
// deepcode ignore HardcodedNonCryptoSecret: False positive
connection_secret:
'${.ansibleJobDefinition.connectionSecret}',
description: '${.ansibleJobDefinition.description}',
Expand Down

0 comments on commit 3e801c8

Please sign in to comment.