From ed34526d5caee882ca4c3267f5161167598871f9 Mon Sep 17 00:00:00 2001 From: Ivan Pozdeev Date: Fri, 3 Jul 2020 17:41:53 +0300 Subject: [PATCH 1/4] Show a helpful error message if debug mode is not enabled First check access so as not to expose debug mode status to untrusted parties --- lib/travis/api/v3.rb | 1 + lib/travis/api/v3/services/job/debug.rb | 4 ++-- spec/v3/services/job/debug_spec.rb | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/travis/api/v3.rb b/lib/travis/api/v3.rb index a4503c2bfa..2da0a3f51a 100644 --- a/lib/travis/api/v3.rb +++ b/lib/travis/api/v3.rb @@ -32,6 +32,7 @@ def location(env) AlreadySyncing = ClientError .create('sync already in progress', status: 409) BuildAlreadyRunning = ClientError .create('build already running, cannot restart', status: 409) BuildNotCancelable = ClientError .create('build is not running, cannot cancel', status: 409) + DebugUnavailable = ClientError .create('debug mode not enabled', status: 403) DuplicateResource = ClientError .create('resource already exists', status: 409) EntityMissing = NotFound .create(type: 'not_found') InsufficientAccess = ClientError .create(status: 403) diff --git a/lib/travis/api/v3/services/job/debug.rb b/lib/travis/api/v3/services/job/debug.rb index 66f1f5ca24..bd5c83d0b4 100644 --- a/lib/travis/api/v3/services/job/debug.rb +++ b/lib/travis/api/v3/services/job/debug.rb @@ -6,9 +6,9 @@ class Services::Job::Debug < Service def run @job = check_login_and_find(:job) - raise WrongCredentials unless job.repository.debug_tools_enabled? - access_control.permissions(job).debug! + raise DebugUnavailable unless job.repository.debug_tools_enabled? + return repo_migrated if migrated?(job.repository) job.debug_options = debug_data diff --git a/spec/v3/services/job/debug_spec.rb b/spec/v3/services/job/debug_spec.rb index 58ff11d64a..54d8472856 100644 --- a/spec/v3/services/job/debug_spec.rb +++ b/spec/v3/services/job/debug_spec.rb @@ -78,8 +78,8 @@ example { expect(last_response.status).to be == 403 } example { expect(JSON.load(body)).to include( "@type" => "error", - "error_message" => "access denied", - "error_type" => "wrong_credentials" + "error_message" => "debug mode not enabled", + "error_type" => "debug_unavailable" )} end end From fe256c8bd49d80a0129df21918e8e413085ae09d Mon Sep 17 00:00:00 2001 From: Ivan Pozdeev Date: Fri, 3 Jul 2020 18:14:15 +0300 Subject: [PATCH 2/4] fix config check warning --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index f287c85bc5..140f5ed9da 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,9 +8,9 @@ rvm: 2.6.5 script: "bundle exec rake knapsack:rspec" addons: - - snaps: - - name: docker - channel: latest/beta + snaps: + - name: docker + channel: latest/beta env: global: From b22b53fe70bae529aa315c23ff7b63fd87ad63af Mon Sep 17 00:00:00 2001 From: Ivan Pozdeev Date: Fri, 3 Jul 2020 18:17:00 +0300 Subject: [PATCH 3/4] Don't try to deploy PR builds --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 140f5ed9da..ba2213d0ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,4 +38,4 @@ jobs: install: echo skip before_script: echo skip script: make ship - if: commit_message =~ /ship:docker/ OR env(SHIP_DOCKER) = true or branch = master + if: (commit_message =~ /ship:docker/ OR env(SHIP_DOCKER) = true or branch = master) and type != pull_request From 0df3531dfad4fa9316b0e2c4cb8d19be25a4e4f5 Mon Sep 17 00:00:00 2001 From: Ivan Pozdeev Date: Wed, 23 Sep 2020 20:52:53 +0300 Subject: [PATCH 4/4] (blank to restart pr check)