When we use Job.new, we need to do some extra processing only when we submit the job. Use interface "initialized?" to determine whether to submit a job. However, there is a vulnerability. If a job with all fields initialized is submitted, the job can be successfully submitted without checking the account.
Signed-off-by: Wu Zhende wuzhende666@163.com --- src/lib/job.cr | 29 ++++++++++------------------- src/scheduler/submit_job.cr | 1 + 2 files changed, 11 insertions(+), 19 deletions(-)
diff --git a/src/lib/job.cr b/src/lib/job.cr index 9b52d88..964c520 100644 --- a/src/lib/job.cr +++ b/src/lib/job.cr @@ -55,25 +55,6 @@ class Job @es = Elasticsearch::Client.new @account_info = Hash(String, JSON::Any).new @log = JSONLogger.new - - # init job with "-1", or use the original job_content["id"] - id = "-1" if "#{id}" == "" - - if initialized? - if @hash["id"] == "#{id}" - return unless @hash.has_key?("my_uuid") || @hash.has_key?("my_token") - - check_account_info() - set_sshr_info() - return - end - end - - @hash["id"] = JSON::Any.new("#{id}") - - check_required_keys() - check_account_info() - set_defaults() end
METHOD_KEYS = %w( @@ -155,6 +136,16 @@ class Job end end
+ def submit(id = nil) + # init job with "-1", or use the original job_content["id"] + id = "-1" if "#{id}" == "" + @hash["id"] = JSON::Any.new("#{id}") + + check_required_keys() + check_account_info() + set_defaults() + end + private def set_defaults append_init_field() set_docker_os() diff --git a/src/scheduler/submit_job.cr b/src/scheduler/submit_job.cr index bcb265f..1837cb1 100644 --- a/src/scheduler/submit_job.cr +++ b/src/scheduler/submit_job.cr @@ -7,6 +7,7 @@ class Sched
job_content = JSON.parse(body) job = Job.new(job_content, job_content["id"]?) + job.submit(job_content["id"]?) job["commit_date"] = get_commit_date(job)
cluster_file = job["cluster"]