Skip to content

Protect testcase task-log downloads#5214

Open
M0nd0R wants to merge 6 commits intogoogle:masterfrom
M0nd0R:fix-task-log-access
Open

Protect testcase task-log downloads#5214
M0nd0R wants to merge 6 commits intogoogle:masterfrom
M0nd0R:fix-task-log-access

Conversation

@M0nd0R
Copy link
Copy Markdown

@M0nd0R M0nd0R commented Mar 21, 2026

This change protects /testcase-detail/task-log by enforcing testcase access checks before returning log content.

It also escapes task log filter values before building the Cloud Logging query so user-controlled task parameters cannot alter the intended filter.

@M0nd0R
Testcase detail: protect task logs
340b60c 
Require testcase access before serving task logs and escape Cloud Logging filter values so task parameters cannot bypass the intended query constraints.
@M0nd0R M0nd0R requested a review from a team as a code owner March 21, 2026 01:59
@google-cla
Copy link
Copy Markdown

google-cla bot commented Mar 21, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@ViniciustCosta
Copy link
Copy Markdown
Collaborator

ViniciustCosta commented Mar 27, 2026

/gcbrun

M0nd0R and others added 4 commits March 28, 2026 08:07
@M0nd0R
Merge branch 'master' into fix-task-log-access
9231506
@M0nd0R
Local install: ensure bootstrap can import pipenv
98b36da 
Install pipenv into the activated virtualenv before bootstrap runs so the later python3.11 -m pipenv requirements export does not fail when pipenv is only available globally.
@M0nd0R
Merge remote-tracking branch 'origin/master' into fix-task-log-access
d09eff7
@M0nd0R
Merge remote-tracking branch 'mondor/fix-task-log-access' into fix-ta…
e72d0fc 
…sk-log-access
@M0nd0R
Copy link
Copy Markdown
Author

M0nd0R commented Apr 1, 2026
edited
Loading

Updated this branch with the latest master and addressed the two concrete CI failures seen on the previous head:

  • basic tests: fixed the task-log handler follow-up formatting/lint issues
  • Kubernetes e2e: switched the bootstrap requirement export calls to use pipenv directly with stderr surfaced, and changed the e2e setup to pipenv sync --dev so CI uses the lockfile instead of relocking

I also verified locally that the task-log filter export commands now succeed, and I checked google/oss-fuzz for a matching source-side dependency on this handler path; there is no direct /testcase-detail/task-log or TaskLogHandler usage there that needs a paired patch.

The new GitHub Actions runs for head e21aa24d21f9df67c90b1748178afb2f77b55d3d are currently awaiting maintainer approval, and the Cloud Build checks will also need a collaborator to rerun /gcbrun for this updated head.

@decoNR
Copy link
Copy Markdown
Contributor

decoNR commented Apr 1, 2026

/gcbrun

@M0nd0R
Testcase detail: fix PR CI regressions
e21aa24 
Keep the task-log changes lint-clean, use pipenv's CLI directly for bootstrap requirement exports so the active interpreter can resolve it more reliably, and switch the Kubernetes e2e setup to sync from the lock file instead of relocking in CI.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@M0nd0R @ViniciustCosta @decoNR