Merge pull request #624 from Brikaa/fix-job-cleanup-evasion-vulnerability
Fix job cleanup evasion vulnerability, improve job execution error handling
This commit is contained in:
commit
37141e87f6
|
@ -210,6 +210,7 @@ router.ws('/connect', async (ws, req) => {
|
||||||
if (job === null) {
|
if (job === null) {
|
||||||
job = await get_job(msg);
|
job = await get_job(msg);
|
||||||
|
|
||||||
|
try {
|
||||||
await job.prime();
|
await job.prime();
|
||||||
|
|
||||||
ws.send(
|
ws.send(
|
||||||
|
@ -221,9 +222,15 @@ router.ws('/connect', async (ws, req) => {
|
||||||
);
|
);
|
||||||
|
|
||||||
await job.execute(event_bus);
|
await job.execute(event_bus);
|
||||||
|
} catch (error) {
|
||||||
|
logger.error(
|
||||||
|
`Error cleaning up job: ${job.uuid}:\n${error}`
|
||||||
|
);
|
||||||
|
throw error;
|
||||||
|
} finally {
|
||||||
await job.cleanup();
|
await job.cleanup();
|
||||||
|
}
|
||||||
ws.close(4999, 'Job Completed');
|
ws.close(4999, 'Job Completed'); // Will not execute if an error is thrown above
|
||||||
} else {
|
} else {
|
||||||
ws.close(4000, 'Already Initialized');
|
ws.close(4000, 'Already Initialized');
|
||||||
}
|
}
|
||||||
|
@ -265,9 +272,13 @@ router.ws('/connect', async (ws, req) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
router.post('/execute', async (req, res) => {
|
router.post('/execute', async (req, res) => {
|
||||||
|
let job;
|
||||||
|
try {
|
||||||
|
job = await get_job(req.body);
|
||||||
|
} catch (error) {
|
||||||
|
return res.status(400).json(error);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
const job = await get_job(req.body);
|
|
||||||
|
|
||||||
await job.prime();
|
await job.prime();
|
||||||
|
|
||||||
let result = await job.execute();
|
let result = await job.execute();
|
||||||
|
@ -276,11 +287,17 @@ router.post('/execute', async (req, res) => {
|
||||||
result.run = result.compile;
|
result.run = result.compile;
|
||||||
}
|
}
|
||||||
|
|
||||||
await job.cleanup();
|
|
||||||
|
|
||||||
return res.status(200).send(result);
|
return res.status(200).send(result);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
return res.status(400).json(error);
|
logger.error(`Error executing job: ${job.uuid}:\n${error}`);
|
||||||
|
return res.status(500).send();
|
||||||
|
} finally {
|
||||||
|
try {
|
||||||
|
await job.cleanup(); // This gets executed before the returns in try/catch
|
||||||
|
} catch (error) {
|
||||||
|
logger.error(`Error cleaning up job: ${job.uuid}:\n${error}`);
|
||||||
|
return res.status(500).send(); // On error, this replaces the return in the outer try-catch
|
||||||
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue