MCPcopy Index your code
hub / github.com/coder/coder / dbauthzAuthorizationContext

Function dbauthzAuthorizationContext

scripts/rules.go:30–46  ·  view source on GitHub ↗

dbauthzAuthorizationContext is a lint rule that protects the usage of system contexts. This is a dangerous pattern that can lead to leaking database information as a system context can be essentially "sudo". Anytime a function like "AsSystem" is used, it should be accompanied by a comment explainin

(m dsl.Matcher)

Source from the content-addressed store, hash-verified

28// Anytime a function like "AsSystem" is used, it should be accompanied by a comment
29// explaining why it's ok and a nolint.
30func dbauthzAuthorizationContext(m dsl.Matcher) {
31 m.Import("context")
32 m.Import("github.com/coder/coder/v2/coderd/database/dbauthz")
33
34 m.Match(
35 `dbauthz.$f($c)`,
36 ).
37 Where(
38 m["c"].Type.Implements("context.Context") &&
39 // Only report on functions that start with "As".
40 m["f"].Text.Matches("^As") &&
41 // Ignore test usages of dbauthz contexts.
42 !m.File().Name.Matches(`_test\.go$`),
43 ).
44 // Instructions for fixing the lint error should be included on the dangerous function.
45 Report("Using '$f' is dangerous and should be accompanied by a comment explaining why it's ok and a nolint.")
46}
47
48// testingWithOwnerUser is a lint rule that detects potential permission bugs.
49// Calling clitest.SetupConfig with a client authenticated as the Owner user

Callers

nothing calls this directly

Calls 3

MatchMethod · 0.80
ReportMethod · 0.65
MatchesMethod · 0.45

Tested by

no test coverage detected