The way that repository caches are implemented in the git step, once #58 is implemented, a pipeline running on an agent would be able to access another git repository even if it doesn't have the right authentication credentials granted to it.
This is basically because the agent side caching system is too stupid.
Some approaches here to consider:
Disable caching for authenticated repositories :frowning_face:
Use the authentication details as part of the cache-path computation.
Technically any workload that is capable of running on the agent could do some directory traversal and potentially find cached data lying around if it's stored on the agent. This might be something worth addressing with a setting to not "trust" agents so much. Alternatively, if there were a simple way to chroot each pipeline :thinking:
The way that repository caches are implemented in the
git
step, once #58 is implemented, a pipeline running on an agent would be able to access another git repository even if it doesn't have the right authentication credentials granted to it.This is basically because the agent side caching system is too stupid.
Some approaches here to consider:
Technically any workload that is capable of running on the agent could do some directory traversal and potentially find cached data lying around if it's stored on the agent. This might be something worth addressing with a setting to not "trust" agents so much. Alternatively, if there were a simple way to chroot each pipeline :thinking: