codeintel: Add missing authz conds for xrepo results (!29142) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge ef/authz into main Dec 16, 2021

Created by: efritz

I think the current state of code intel can allow for certain data (positions within source files, so repo names and paths within them) to be leaked about private repositories. This PR adds missing authz conditions to these queries

DefinitionDumps is called on xrepo go to definition to find the upload that provides a certain dependency version. This will now filter out any uploads defined in a repository that's not visible to the current user.
ReferenceIDsAndFilters is called on xrepo find reference operations to find the set of uploads to search in for a particular moniker. This will also now filter out any uploads defined in a repository that's not visible to the current user.

codeintel: Add missing authz conds for xrepo results

Merge request reports