fix robot issues

fixes #13980 fixes #13981 1, add the robot prefix to the audit log 2, add duration maximum checking Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-13 16:17:34 +08:00 · 2021-01-13 16:17:34 +08:00 · 77347c54cf
parent 18cf7ef0df
commit 77347c54cf
3 changed files with 18 additions and 5 deletions
--- a/src/server/middleware/security/robot2.go
+++ b/src/server/middleware/security/robot2.go
@ -28,10 +28,9 @@ func (r *robot2) Generate(req *http.Request) security.Context {
 	if !strings.HasPrefix(name, config.RobotPrefix()) {
 		return nil
 	}
-	name = strings.TrimPrefix(name, config.RobotPrefix())
 	// The robot name can be used as the unique identifier to locate robot as it contains the project name.
 	robots, err := robot_ctl.Ctl.List(req.Context(), q.New(q.KeyWords{
-		"name": name,
+		"name": strings.TrimPrefix(name, config.RobotPrefix()),
 	}), &robot_ctl.Option{
 		WithPermission: true,
 	})
--- a/src/server/v2.0/handler/robot.go
+++ b/src/server/v2.0/handler/robot.go
@ -15,6 +15,7 @@ import (
 	"github.com/goharbor/harbor/src/server/v2.0/handler/model"
 	"github.com/goharbor/harbor/src/server/v2.0/models"
 	operation "github.com/goharbor/harbor/src/server/v2.0/restapi/operations/robot"
+	"math"
 	"regexp"
 	"strconv"
 	"strings"
@ -254,11 +255,11 @@ func (rAPI *robotAPI) requireAccess(ctx context.Context, level string, projectID
 // more validation
 func (rAPI *robotAPI) validate(d int64, level string, permissions []*models.Permission) error {
 	if !isValidDuration(d) {
-		return errors.New(nil).WithMessage("bad request error duration input").WithCode(errors.BadRequestCode)
+		return errors.New(nil).WithMessage("bad request error duration input: %d", d).WithCode(errors.BadRequestCode)
 	}

 	if !isValidLevel(level) {
-		return errors.New(nil).WithMessage("bad request error level input").WithCode(errors.BadRequestCode)
+		return errors.New(nil).WithMessage("bad request error level input: %s", level).WithCode(errors.BadRequestCode)
 	}

 	if len(permissions) == 0 {
@ -337,7 +338,7 @@ func isValidLevel(l string) bool {
 }

 func isValidDuration(d int64) bool {
-	return d >= int64(-1)
+	return d >= int64(-1) && d < math.MaxInt32
 }

 func isValidSec(sec string) bool {
--- a/src/server/v2.0/handler/robot_test.go
+++ b/src/server/v2.0/handler/robot_test.go
@ -1,6 +1,7 @@
 package handler

 import (
+	"math"
 	"testing"
 )

@ -62,6 +63,18 @@ func TestValidDuration(t *testing.T) {
 			9999,
 			true,
 		},
+		{"duration max",
+			math.MaxInt32 - 1,
+			true,
+		},
+		{"duration max",
+			math.MaxInt32,
+			false,
+		},
+		{"duration 999999999999",
+			999999999999,
+			false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {