shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb3aef1883eeb2bca266a267f474e8ddb062b406
coder/coderd
T
History
Jakub Domeracki fb3aef1883 Merge commit from fork 
* fix(coderd): Harden Azure identity certificate fetch

- Restrict cert fetches to a host+port allowlist (Microsoft and
  DigiCert on 80/443).
- Route requests through a dedicated `http.Client` that resolves
  the host once and dials the validated IP directly.
- Reject loopback, private (RFC 1918 / IPv6 ULA), link-local,
  multicast, unspecified, CGNAT, benchmarking, and IPv4-mapped
  IPv6 addresses.
- Cap the certificate response body at 1 MiB.
- Log the underlying error via slog and return a generic detail
  to the caller.
- Add unit tests for the URL allowlist, IP classification, and
  dialer.

* fix(coderd/azureidentity): add IPv6 special-use ranges to SSRF blocklist

The extraBlockedNetworks list only contained IPv4 CIDRs. Add IPv6
equivalents that Go's stdlib classification methods do not cover:

  - 64:ff9b:1::/48  RFC 8215 NAT64 translation
  - 100::/64         RFC 6666 discard-only
  - 2001:2::/48      RFC 5180 benchmarking
  - 2001:db8::/32    RFC 3849 documentation

IPv6 ranges already handled by stdlib (unchanged):

  - ::1/128   (IsLoopback)
  - fc00::/7  (IsPrivate, ULA)
  - fe80::/10 (IsLinkLocalUnicast)
  - ff00::/8  (IsMulticast)
  - ::/128    (IsUnspecified)
2026-05-13 11:55:41 +02:00
..
agentapi
test: use typed atomics in test files (#25071)
2026-05-11 08:41:17 -06:00
agentmetrics
aibridge
feat: add ai_model_prices table (#24932)
2026-05-08 16:45:14 -04:00
aiseats
feat: track ai seat usage (#22682)
2026-03-16 12:36:26 -05:00
apidoc
feat: add AI budget policy and period deployment config (#25122)
2026-05-12 10:48:36 -04:00
apikey
fix: initialize API key LastUsed to Unix epoch instead of zero time (#22327)
2026-03-02 16:02:01 +01:00
appearance
audit
feat: audit user secret create, update, and delete (#24756)
2026-04-29 12:57:47 -06:00
autobuild
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
awsidentity
azureidentity
Merge commit from fork
2026-05-13 11:55:41 +02:00
boundaryusage
fix: make boundary usage telemetry collection atomic (#21907)
2026-02-06 09:52:17 -07:00
cachecompress
fix(site): avoid duplicating bin download headers (#22981)
2026-03-13 00:22:55 +11:00
coderdtest
test(coderd): centralize chat test harness and stabilize flakes (#25171)
2026-05-12 22:13:55 +10:00
connectionlog
feat: batch connection logs to avoid DB lock contention (#23727)
2026-04-03 15:47:26 -05:00
cryptokeys
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
database
fix: bump sqlc fork to v1.31.1 merge, strip pg_dump meta-commands (#25105)
2026-05-13 18:55:24 +10:00
devtunnel
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
dynamicparameters
feat: add secret requirement contract to dynamic parameters (#24785)
2026-04-29 16:38:26 -07:00
entitlements
feat: add Prometheus metrics for license warnings and errors (#21749)
2026-01-29 13:50:15 +01:00
externalauth
fix(coderd/externalauth): isolate TestValidateToken transports to fix flake (#25015)
2026-05-07 08:38:20 -06:00
files
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
gitsshkey
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
healthcheck
fix(coderd/healthcheck/derphealth): avoid data races in DERP report (#24795)
2026-04-28 13:06:45 -07:00
httpapi
fix: prioritize context cancellation in WebSocket sendEvent (#23756)
2026-03-29 20:11:30 -04:00
httpmw
test: use typed atomics in test files (#25071)
2026-05-11 08:41:17 -06:00
idpsync
test: remove unnecessary dbauthz.AsSystemRestricted calls in tests (#22663)
2026-03-05 20:29:49 +00:00
jobreaper
refactor: extract test helpers in coderd/jobreaper to reduce duplication (#23001)
2026-03-19 21:51:26 +00:00
jwtutils
mcp
fix(coderd): enforce ActionSSH in MCP HTTP agent connection path (#24607)
2026-04-22 12:34:17 +02:00
metricscache
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
notifications
feat: chat auto-archive owner digest notifications (#24643)
2026-04-28 08:56:36 +01:00
oauth2provider
fix: redirect OAuth2 authorization page to dashboard (#24499)
2026-04-27 23:26:17 +03:00
oauthpki
portsharing
pproflabel
chore: add tallyman events for ai seat tracking (#22689)
2026-03-18 09:30:22 -05:00
prebuilds
fix: make prebuild claiming durable and idempotent (#23108)
2026-04-02 23:51:02 +02:00
prometheusmetrics
feat: event driven agent connection metric (#24355)
2026-05-11 14:27:40 -05:00
promoauth
fix!: remove deprecated prometheus metrics (#21788)
2026-01-30 13:30:06 +01:00
provisionerdserver
feat: plumb user secrets through provisioner chain to terraform (#24542)
2026-04-27 08:26:07 -06:00
provisionerkey
proxyhealth
pubsub
fix!: persist structured chat errors (#24919)
2026-05-05 12:56:06 +10:00
rbac
feat: add ai_model_prices table (#24932)
2026-05-08 16:45:14 -04:00
render
runtimeconfig
schedule
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
searchquery
perf: cap count queries and emit native UUID comparisons for audit/connection logs (#23835)
2026-04-07 07:24:53 -07:00
taskname
fix(coderd/taskname): parse task name JSON with trailing text (#25005)
2026-05-07 17:10:50 +01:00
telemetry
fix: wipe user secrets when user is soft-deleted (#24985)
2026-05-11 09:07:30 -06:00
testdata
feat: add secret requirement contract to dynamic parameters (#24785)
2026-04-29 16:38:26 -07:00
tracing
test: use typed atomics in test files (#25071)
2026-05-11 08:41:17 -06:00
updatecheck
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
usage
chore: add tallyman events for ai seat tracking (#22689)
2026-03-18 09:30:22 -05:00
userpassword
usersecretspubsub
feat: refresh dynamic parameters on secret changes (#24786)
2026-05-06 09:27:24 -07:00
util
fix(coderd): actually wire the chat template allowlist into tools (#23626)
2026-03-25 22:15:27 +00:00
webpush
fix: recover web push subscriptions after PWA reinstall (#24720)
2026-04-26 14:49:10 -07:00
workspaceapps
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspacestats
feat: add Prometheus metrics for chatd subsystem (#24371)
2026-04-15 19:53:10 +01:00
wsbuilder
test: use typed atomics in test files (#25071)
2026-05-11 08:41:17 -06:00
wspubsub
feat: add WatchAllWorkspaceBuilds endpoint for autostart scaletests (#22057)
2026-03-13 20:37:41 -07:00
x
feat: add opt-in Coder identity headers for MCP servers (#25153)
2026-05-12 08:54:53 -04:00
activitybump_test.go
test: add testutil.WaitBuffer and replace time.Sleep in tests (#22922)
2026-03-12 18:07:52 +02:00
aitasks_internal_test.go
fix: set codersdk.Task current_state during task initialization (#20692)
2025-11-17 13:24:12 +00:00
aitasks_test.go
fix: return 409 Conflict instead of 502 when task agent is busy (#23424)
2026-03-23 09:52:34 +00:00
aitasks.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
apikey_scopes_validation_test.go
apikey_test.go
fix: persist session cookie to disk to prevent PWA logout (#23746)
2026-04-01 09:54:59 -04:00
apikey.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
apiroot.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
audit_internal_test.go
feat: make database.Chat auditable (#24485)
2026-04-21 11:11:56 +01:00
audit_test.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
audit.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
authorize_test.go
authorize.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
chat_testhooks.go
test(coderd): centralize chat test harness and stabilize flakes (#25171)
2026-05-12 22:13:55 +10:00
client_test.go
coderd_internal_test.go
coderd_test.go
test: use typed atomics in test files (#25071)
2026-05-11 08:41:17 -06:00
coderd.go
test(coderd): centralize chat test harness and stabilize flakes (#25171)
2026-05-12 22:13:55 +10:00
csp.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
debug_test.go
feat(coderd): add consolidated /debug/profile endpoint for pprof collection (#22892)
2026-03-13 14:09:39 +00:00
debug.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
deployment_test.go
deployment.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
deprecated.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
exp_chats_internal_test.go
feat(coderd): accept parameters in start_workspace tool (#24434)
2026-04-21 11:36:20 +10:00
exp_chats_test.go
test: use default provider in TestPatchChatMessage/ChangesModel (#25189)
2026-05-12 14:05:08 +00:00
exp_chats.go
fix: allow changing model when editing earlier chat message (#25084)
2026-05-12 14:51:55 +02:00
experiments_test.go
experiments.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
export_test.go
feat(coderd): add stop_workspace chatd tool and recovery classification (#24997)
2026-05-11 16:23:07 +10:00
externalauth_test.go
feat(coderd/rbac): make organization-member a per-org system custom role (#21359)
2026-01-12 18:19:19 -08:00
externalauth.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
files_test.go
test: share coderdtest instances to stop paying the startup tax 22 times (#23454)
2026-03-23 19:54:43 +00:00
files.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
gitsshkey_test.go
chore: distinct operations for provisioner's 'parse', 'init', 'plan', 'apply', 'graph' (#21064)
2025-12-15 11:26:41 -06:00
gitsshkey.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
inboxnotifications_internal_test.go
inboxnotifications_test.go
inboxnotifications.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
initscript_test.go
test: share coderdtest instances to stop paying the startup tax 22 times (#23454)
2026-03-23 19:54:43 +00:00
initscript.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
insights_internal_test.go
insights_test.go
fix(coderd): fix flaky TestGetUserStatusCounts timezone boundary (#22639)
2026-03-04 18:01:56 -08:00
insights.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
latencycheck.go
mcp_http.go
fix(coderd): enforce ActionSSH in MCP HTTP agent connection path (#24607)
2026-04-22 12:34:17 +02:00
mcp_internal_test.go
feat: add user_oidc auth type for MCP servers (#24793)
2026-05-03 11:31:48 -04:00
mcp_test.go
feat: add opt-in Coder identity headers for MCP servers (#25153)
2026-05-12 08:54:53 -04:00
mcp.go
feat: add opt-in Coder identity headers for MCP servers (#25153)
2026-05-12 08:54:53 -04:00
members_test.go
feat: make service accounts a Premium feature (#24020)
2026-04-07 12:25:32 -06:00
members.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
notifications_test.go
chore: return 404, not 400 if missing or authz deny (#22069)
2026-02-13 08:19:07 -06:00
notifications.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
oauth2_error_compliance_test.go
test: reduce number of coderdtest instances (#23463)
2026-03-25 09:53:06 +00:00
oauth2_metadata_test.go
refactor: add RFC-compliant enum types and use SDK as source of truth (#21468)
2026-01-15 12:41:28 +03:00
oauth2_metadata_validation_test.go
test: share coderdtest instances in OAuth2 validation tests (#23455)
2026-03-23 21:03:34 +00:00
oauth2_security_test.go
test: reduce number of coderdtest instances (#23463)
2026-03-25 09:53:06 +00:00
oauth2_test.go
fix(coderd): use dbtime.Now() instead of time.Now() in test assertions against DB timestamps (#22685)
2026-03-06 09:14:11 +00:00
oauth2.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
organizations_test.go
organizations.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
pagination_test.go
pagination.go
parameters_internal_test.go
feat: refresh dynamic parameters on secret changes (#24786)
2026-05-06 09:27:24 -07:00
parameters_test.go
feat: refresh dynamic parameters on secret changes (#24786)
2026-05-06 09:27:24 -07:00
parameters.go
feat: refresh dynamic parameters on secret changes (#24786)
2026-05-06 09:27:24 -07:00
presets_test.go
chore: remove unnecessary loop variable captures (#22180)
2026-02-19 09:02:19 +00:00
presets.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
provisionerdaemons_test.go
provisionerdaemons.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
provisionerjobs_internal_test.go
provisionerjobs_test.go
feat: add workspace build transition to provisioner job list (#24131)
2026-04-10 09:50:11 -05:00
provisionerjobs.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
roles_test.go
roles.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
scopes_catalog_api_test.go
scopes_catalog.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
swagger_request_interceptor.js
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
tailnet_test.go
test: use typed atomics in test files (#25071)
2026-05-11 08:41:17 -06:00
tailnet.go
fix: synchronize access to drpc Send (#24600)
2026-05-06 14:14:10 -05:00
templates_meta_update_internal_test.go
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
templates_meta_update.go
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
templates_test.go
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
templates.go
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
templateversions_test.go
chore!: remove api.ts unnecessary calls (#22168)
2026-04-23 06:20:35 +10:00
templateversions.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
updatecheck_test.go
updatecheck.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
userauth_test.go
test: reduce number of coderdtest instances (#23463)
2026-03-25 09:53:06 +00:00
userauth.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
users_test.go
feat: add Cmd/Ctrl+Enter send setting (#25062)
2026-05-12 10:09:34 +02:00
users.go
feat: add Cmd/Ctrl+Enter send setting (#25062)
2026-05-12 10:09:34 +02:00
usersecrets_audit_test.go
feat: audit user secret create, update, and delete (#24756)
2026-04-29 12:57:47 -06:00
usersecrets_test.go
feat: add secret value and file path validation (#24269)
2026-04-13 07:24:34 -06:00
usersecrets.go
feat: refresh dynamic parameters on secret changes (#24786)
2026-05-06 09:27:24 -07:00
webpush_internal_test.go
fix(coderd): validate webpush subscription endpoints (#24347)
2026-04-15 11:31:43 +02:00
webpush_test.go
fix: recover web push subscriptions after PWA reinstall (#24720)
2026-04-26 14:49:10 -07:00
webpush.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspaceagentportshare_test.go
feat(coderd/rbac): make organization-member a per-org system custom role (#21359)
2026-01-12 18:19:19 -08:00
workspaceagentportshare.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspaceagents_active_chat_internal_test.go
refactor: add dbgen chat generators and migrate test boilerplate (#24497)
2026-05-01 13:29:33 +01:00
workspaceagents_chat_context_internal_test.go
refactor: add dbgen chat generators and migrate test boilerplate (#24497)
2026-05-01 13:29:33 +01:00
workspaceagents_chat_context_test.go
refactor: add dbgen chat generators and migrate test boilerplate (#24497)
2026-05-01 13:29:33 +01:00
workspaceagents_internal_test.go
fix(coderd): enforce workspace authz on watchChatGit (#24477)
2026-04-20 21:33:35 +10:00
workspaceagents_test.go
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
workspaceagents.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspaceagentsrpc_internal_test.go
feat: event driven agent connection metric (#24355)
2026-05-11 14:27:40 -05:00
workspaceagentsrpc_test.go
test: add testutil.WaitBuffer and replace time.Sleep in tests (#22922)
2026-03-12 18:07:52 +02:00
workspaceagentsrpc.go
feat: event driven agent connection metric (#24355)
2026-05-11 14:27:40 -05:00
workspaceapps_test.go
workspaceapps.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspacebuilds_test.go
feat: add link for viewing raw build logs in workspace and template build jobs (#21727)
2026-02-03 09:45:23 +00:00
workspacebuilds.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspaceproxies_test.go
workspaceproxies.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspaceresourceauth_test.go
fix(coderd): filter build instance agents in SQL (#25031)
2026-05-12 14:55:56 +02:00
workspaceresourceauth.go
Merge commit from fork
2026-05-13 11:55:41 +02:00
workspaces_scoped_test.go
fix: isolate test HTTP clients (#25038)
2026-05-11 11:03:38 +02:00
workspaces_test.go
feat!: patchTemplateMeta to use optional fields (#24984)
2026-05-11 12:43:52 -05:00
workspaces.go
fix: correct SCIM Swagger try it out URLs (#24779)
2026-05-05 02:54:03 +05:00
workspaceupdates_test.go
workspaceupdates.go
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00