From 6a2f1fa7da3b35dd9ec8d1431163f4cbeb808f7e Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Wed, 19 Sep 2018 15:44:36 +0300 Subject: Verify that task repository location is remote --- bbot/agent/agent.cxx | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/bbot/agent/agent.cxx b/bbot/agent/agent.cxx index 4760578..82a5f69 100644 --- a/bbot/agent/agent.cxx +++ b/bbot/agent/agent.cxx @@ -1044,7 +1044,7 @@ try } else { - for (const string& u: controllers) + for (string& u: controllers) { task_response_manifest r; @@ -1101,14 +1101,23 @@ try if (!r.session.empty ()) // Got a task. { - url = u; - const task_manifest& t (*r.task); + + // For security reasons let's require the repository location to be + // remote. + // + if (t.repository.local ()) + { + error << "local repository from " << u << ": " << t.repository; + continue; + } + l2 ([&]{trace << "task for " << t.name << '/' << t.version << " " << "on " << t.machine << " " - << "from " << url;}); + << "from " << u;}); - tr = move (r); + tr = move (r); + url = move (u); break; } } -- cgit v1.1