Skip to content

Commit 15d7b78

Browse files
BrunoQuaresmaBrunoQuaresma
authored
fix: Handle invalid resource types and actions (#4341)
* fix: Handle invalid resource types and actions * Return all values if invalid * Use types
1 parent cb62e16 commit 15d7b78

File tree

2 files changed

+42
-2
lines changed

2 files changed

+42
-2
lines changed

coderd/audit.go

+27-2
Original file line numberDiff line numberDiff line change
@@ -259,12 +259,37 @@ func auditSearchQuery(query string) (database.GetAuditLogsOffsetParams, []coders
259259
// other parsing.
260260
parser := httpapi.NewQueryParamParser()
261261
filter := database.GetAuditLogsOffsetParams{
262-
ResourceType: parser.String(searchParams, "", "resource_type"),
262+
ResourceType: resourceTypeFromString(parser.String(searchParams, "", "resource_type")),
263263
ResourceID: parser.UUID(searchParams, uuid.Nil, "resource_id"),
264-
Action: parser.String(searchParams, "", "action"),
264+
Action: actionFromString(parser.String(searchParams, "", "action")),
265265
Username: parser.String(searchParams, "", "username"),
266266
Email: parser.String(searchParams, "", "email"),
267267
}
268268

269269
return filter, parser.Errors
270270
}
271+
272+
func resourceTypeFromString(resourceTypeString string) string {
273+
switch codersdk.ResourceType(resourceTypeString) {
274+
case codersdk.ResourceTypeOrganization:
275+
case codersdk.ResourceTypeTemplate:
276+
case codersdk.ResourceTypeTemplateVersion:
277+
case codersdk.ResourceTypeUser:
278+
case codersdk.ResourceTypeWorkspace:
279+
case codersdk.ResourceTypeGitSSHKey:
280+
case codersdk.ResourceTypeAPIKey:
281+
return resourceTypeString
282+
}
283+
return ""
284+
}
285+
286+
func actionFromString(actionString string) string {
287+
switch codersdk.AuditAction(actionString) {
288+
case codersdk.AuditActionCreate:
289+
case codersdk.AuditActionWrite:
290+
case codersdk.AuditActionDelete:
291+
return actionString
292+
default:
293+
}
294+
return ""
295+
}

coderd/audit_test.go

+15
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,21 @@ func TestAuditLogsFilter(t *testing.T) {
112112
SearchQuery: "resource_id:" + userResourceID.String(),
113113
ExpectedResult: 2,
114114
},
115+
{
116+
Name: "FilterInvalidSingleValue",
117+
SearchQuery: "invalid",
118+
ExpectedResult: 3,
119+
},
120+
{
121+
Name: "FilterWithInvalidResourceType",
122+
SearchQuery: "resource_type:invalid",
123+
ExpectedResult: 3,
124+
},
125+
{
126+
Name: "FilterWithInvalidAction",
127+
SearchQuery: "action:invalid",
128+
ExpectedResult: 3,
129+
},
115130
}
116131

117132
for _, testCase := range testCases {

0 commit comments

Comments
 (0)