Merge pull request #624 from Brikaa/fix-job-cleanup-evasion-vulnerability

Fix job cleanup evasion vulnerability, improve job execution error handling
This commit is contained in:
Thomas Hobson 2023-10-09 10:49:47 +13:00 committed by GitHub
commit 37141e87f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 17 deletions

View File

@ -210,20 +210,27 @@ router.ws('/connect', async (ws, req) => {
if (job === null) { if (job === null) {
job = await get_job(msg); job = await get_job(msg);
await job.prime(); try {
await job.prime();
ws.send( ws.send(
JSON.stringify({ JSON.stringify({
type: 'runtime', type: 'runtime',
language: job.runtime.language, language: job.runtime.language,
version: job.runtime.version.raw, version: job.runtime.version.raw,
}) })
); );
await job.execute(event_bus); await job.execute(event_bus);
await job.cleanup(); } catch (error) {
logger.error(
ws.close(4999, 'Job Completed'); `Error cleaning up job: ${job.uuid}:\n${error}`
);
throw error;
} finally {
await job.cleanup();
}
ws.close(4999, 'Job Completed'); // Will not execute if an error is thrown above
} else { } else {
ws.close(4000, 'Already Initialized'); ws.close(4000, 'Already Initialized');
} }
@ -265,9 +272,13 @@ router.ws('/connect', async (ws, req) => {
}); });
router.post('/execute', async (req, res) => { router.post('/execute', async (req, res) => {
let job;
try {
job = await get_job(req.body);
} catch (error) {
return res.status(400).json(error);
}
try { try {
const job = await get_job(req.body);
await job.prime(); await job.prime();
let result = await job.execute(); let result = await job.execute();
@ -276,11 +287,17 @@ router.post('/execute', async (req, res) => {
result.run = result.compile; result.run = result.compile;
} }
await job.cleanup();
return res.status(200).send(result); return res.status(200).send(result);
} catch (error) { } catch (error) {
return res.status(400).json(error); logger.error(`Error executing job: ${job.uuid}:\n${error}`);
return res.status(500).send();
} finally {
try {
await job.cleanup(); // This gets executed before the returns in try/catch
} catch (error) {
logger.error(`Error cleaning up job: ${job.uuid}:\n${error}`);
return res.status(500).send(); // On error, this replaces the return in the outer try-catch
}
} }
}); });

0
packages/bash/5.2.0/build.sh vendored Normal file → Executable file
View File