Skip to content

codeintel: Add missing authz conds for xrepo results

Administrator requested to merge ef/authz into main

Created by: efritz

I think the current state of code intel can allow for certain data (positions within source files, so repo names and paths within them) to be leaked about private repositories. This PR adds missing authz conditions to these queries

  • DefinitionDumps is called on xrepo go to definition to find the upload that provides a certain dependency version. This will now filter out any uploads defined in a repository that's not visible to the current user.
  • ReferenceIDsAndFilters is called on xrepo find reference operations to find the set of uploads to search in for a particular moniker. This will also now filter out any uploads defined in a repository that's not visible to the current user.

Merge request reports

Loading