temporary patch to avoid shipping a major security hole

tayloraswift · tayloraswift · commit 1bec7239fd5a · 2024-07-11T23:34:21.000Z
diff --git a/Sources/UnidocServer/Operations/Procedures/Unidoc.BuildArtifact (ext).swift b/Sources/UnidocServer/Operations/Procedures/Unidoc.BuildArtifact (ext).swift
@@ -5,12 +5,13 @@ import S3Client
 extension Unidoc.BuildArtifact
 {
     mutating
-    func export(from server:Unidoc.Server) async throws -> [Unidoc.BuildLogType]
+    func export(from server:Unidoc.Server,
+        _logsIncluded:Bool = true) async throws -> [Unidoc.BuildLogType]
     {
         var logs:[Unidoc.BuildLogType] = []
 
         let logsToExport:Int = self.logs.count
-        if  logsToExport > 0
+        if  logsToExport > 0 && _logsIncluded
         {
             if  let bucket:AWS.S3.Bucket = server.bucket.assets
             {
diff --git a/Sources/UnidocServer/Operations/Procedures/Unidoc.BuilderUploadOperation.swift b/Sources/UnidocServer/Operations/Procedures/Unidoc.BuilderUploadOperation.swift
@@ -40,11 +40,12 @@ extension Unidoc.BuilderUploadOperation:Unidoc.BlockingOperation
 
         case .labeled:
             var artifact:Unidoc.BuildArtifact = try .init(bson: bson)
-            let logs:[Unidoc.BuildLogType] = try await artifact.export(from: server)
+            let logs:[Unidoc.BuildLogType]
 
             switch artifact.outcome
             {
             case .failure(let reason):
+                logs = try await artifact.export(from: server)
                 try await server.db.packageBuilds.finishBuild(
                     package: artifact.package,
                     failure: reason,
@@ -54,11 +55,27 @@ extension Unidoc.BuilderUploadOperation:Unidoc.BlockingOperation
             case .success(let snapshot):
                 /// A successful (labeled) build also sets the platform preference, since we now
                 /// know that the package can be built on that platform.
-                let _:Unidoc.PackageMetadata? = try await server.db.packages.reset(
+                let _metadata:Unidoc.PackageMetadata? = try await server.db.packages.reset(
                     platformPreference: snapshot.metadata.triple,
                     of: snapshot.id.package,
                     with: session)
 
+                /// Right now, exporting build logs for private repositories is a security
+                /// hazard, because the logs contain secrets, and the log URLs are easily
+                /// predicted. For now, we just discard the logs for private repositories.
+                let _logsIncluded:Bool
+                if  case .github(let origin)? = _metadata?.repo?.origin,
+                    case _? = origin.installation
+                {
+                    _logsIncluded = false
+                }
+                else
+                {
+                    _logsIncluded = true
+                }
+
+                logs = try await artifact.export(from: server, _logsIncluded: _logsIncluded)
+
                 try await server.db.packageBuilds.finishBuild(
                     package: artifact.package,
                     failure: nil,

Original file line number	Diff line number	Diff line change
`@@ -5,12 +5,13 @@ import S3Client`
`5`	`5`	`extension Unidoc.BuildArtifact`
`6`	`6`	`{`
`7`	`7`	`mutating`
`8`		`- func export(from server:Unidoc.Server) async throws -> [Unidoc.BuildLogType]`
	`8`	`+ func export(from server:Unidoc.Server,`
	`9`	`+ _logsIncluded:Bool = true) async throws -> [Unidoc.BuildLogType]`
`9`	`10`	`{`
`10`	`11`	`var logs:[Unidoc.BuildLogType] = []`
`11`	`12`
`12`	`13`	`let logsToExport:Int = self.logs.count`
`13`		`- if logsToExport > 0`
	`14`	`+ if logsToExport > 0 && _logsIncluded`
`14`	`15`	`{`
`15`	`16`	`if let bucket:AWS.S3.Bucket = server.bucket.assets`
`16`	`17`	`{`