Skip to content

Sanitize agent introduced pipeline/workflow/step state changes and log streaming#6308

Merged
6543 merged 18 commits into
woodpecker-ci:mainfrom
6543-forks:sanitize-agent-input
Apr 3, 2026
Merged

Sanitize agent introduced pipeline/workflow/step state changes and log streaming#6308
6543 merged 18 commits into
woodpecker-ci:mainfrom
6543-forks:sanitize-agent-input

Conversation

@6543

@6543 6543 commented Mar 23, 2026
edited
Loading

Copy link
Copy Markdown
Member

close #6303

and a smal refactor nit

TODO:

  • test real runs and make sure we dont shoot ourselfs in the food
go.woodpecker-ci.org/woodpecker/v3/server/rpc/auth_server.go:37:	NewWoodpeckerAuthServer	 	 	 100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/auth_server.go:41:	Auth		85.7%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/auth_server.go:59:	getAgent	100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:70:		Context		100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:74:		SetContext	100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:78:		newStreamContextWrapper	 	 	 100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:92:		NewAuthorizer	100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:97:		StreamInterceptor100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:111:	UnaryInterceptor100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/authorizer.go:121:	authorize	100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/filter.go:27:		createFilterFunc90.5%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/filter.go:76:		requiredLabelsMissing	 	 	 100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/jwt_manager.go:40:	NewJWTManager	100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/jwt_manager.go:45:	Generate	100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/jwt_manager.go:64:	Verify		90.9%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:57:		Next		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:106:		Wait		40.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:130:		Extend		66.7%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:149:		Update		80.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:237:		Init		73.8%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:318:		Done		66.7%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:437:		Log		78.6%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:499:		RegisterAgent	86.7%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:526:		UnregisterAgent	0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:542:		ReportHealth	0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:558:		completeChildrenIfParentCompleted	 25.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:568:		updateForgeStatus30.8%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:592:		notify		83.3%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:610:		getAgentFromContext	 	 	 81.8%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:630:		getHostnameFromContext	 	 	 83.3%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/rpc.go:641:		updateAgentLastWork	 	 	 83.3%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/sanitize.go:31:		checkAgentPermissionByWorkflow	 	 69.6%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/sanitize.go:71:		checkPipelineState	 	 	 100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/sanitize.go:94:		checkWorkflowStepStates	 	 	 100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/sanitize.go:131:		allowAppendingLogs	 	 	 100.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:40:		NewWoodpeckerServer	 	 	 0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:63:		Version		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:71:		Next		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:91:		Init		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:103:		Update		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:120:		Done		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:134:		Wait		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:142:		Extend		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:148:		Log		0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:186:		RegisterAgent	0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:201:		UnregisterAgent	0.0%
go.woodpecker-ci.org/woodpecker/v3/server/rpc/server.go:207:		ReportHealth	0.0%
total:									(statements)	63.4%

@6543 6543 added enhancement improve existing features security labels Mar 23, 2026
@codecov

codecov Bot commented Mar 23, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 78.43137% with 22 lines in your changes missing coverage. Please review.
✅ Project coverage is 34.58%. Comparing base (7a29f49) to head (2c59c90).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
server/rpc/sanitize.go 79.72% 11 Missing and 4 partials ⚠️
server/rpc/rpc.go 80.76% 5 Missing ⚠️
server/model/agent.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6308      +/-   ##
==========================================
+ Coverage   33.30%   34.58%   +1.27%     
==========================================
  Files         420      421       +1     
  Lines       28347    28415      +68     
==========================================
+ Hits         9440     9826     +386     
+ Misses      18029    17669     -360     
- Partials      878      920      +42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@6543 6543 marked this pull request as ready for review March 23, 2026 18:39
@6543

6543 commented Mar 23, 2026

Copy link
Copy Markdown
Member Author

works:

image

@6543 6543 requested a review from a team March 23, 2026 18:56
@6543 6543 changed the title Sanitize agent introduced pipeline/workflow/step state changes Sanitize agent introduced pipeline/workflow/step state changes and log streaming Mar 23, 2026
qwerty287
qwerty287 reviewed Mar 25, 2026
View reviewed changes
Comment thread server/model/agent.go
Comment thread server/rpc/rpc.go Outdated
@6543 6543 requested a review from qwerty287 April 2, 2026 12:53
@qwerty287

qwerty287 commented Apr 2, 2026

Copy link
Copy Markdown
Contributor

Didn't test it

@6543

6543 commented Apr 3, 2026

Copy link
Copy Markdown
Member Author

looks like latestvrefactorings broke stuff here :/

@6543 6543 enabled auto-merge (squash) April 3, 2026 07:29
@6543 6543 merged commit 823843f into woodpecker-ci:main Apr 3, 2026
6 of 7 checks passed
@woodpecker-bot woodpecker-bot mentioned this pull request Apr 3, 2026
Merged
1 task
@6543 6543 deleted the sanitize-agent-input branch April 3, 2026 08:59
@6543 6543 mentioned this pull request Apr 6, 2026
Merged
@6543

6543 commented Apr 8, 2026

Copy link
Copy Markdown
Member Author

we sanitized to much ... the cancle case was not respected ...
fix: #6394

@woodpecker-bot woodpecker-bot mentioned this pull request Apr 15, 2026
Merged
1 task
@woodpecker-bot woodpecker-bot mentioned this pull request Apr 27, 2026
Merged
1 task
@BrewTestBot BrewTestBot mentioned this pull request May 1, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qwerty287 qwerty287 qwerty287 approved these changes

Assignees

No one assigned

Labels

enhancement improve existing features security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Hardening: sanitize agent input

2 participants

@6543 @qwerty287