Skip to content

Commit c098da7

Browse files
committed
fix(cas): make audit dispatcher nil-claims safe
Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 0c60a332-e0f1-4c2b-94ae-533467e52f5c
1 parent 399e646 commit c098da7

2 files changed

Lines changed: 2 additions & 1 deletion

File tree

app/artifact-cas/internal/service/auditor.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ func NewAuditDispatcher(publisher *auditor.AuditLogPublisher, logger log.Logger)
5353
// shouldEmit returns true when Dispatch would actually publish an event for the
5454
// given claims. Hooks use it to skip extra work (e.g. backend Describe round-trips).
5555
func (d *AuditDispatcher) shouldEmit(claims *casJWT.Claims) bool {
56-
return d != nil && d.publisher != nil && !claims.SourceInternal
56+
return d != nil && d.publisher != nil && claims != nil && !claims.SourceInternal
5757
}
5858

5959
// Dispatch generates and publishes an audit event with a SYSTEM actor and the

app/artifact-cas/internal/service/auditor_test.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ func TestAuditDispatcherShouldEmit(t *testing.T) {
149149
}{
150150
{name: "nil dispatcher", dispatcher: nil, claims: &casJWT.Claims{}, want: false},
151151
{name: "nil publisher", dispatcher: newTestDispatcher(nil), claims: &casJWT.Claims{}, want: false},
152+
{name: "nil claims", dispatcher: newTestDispatcher(&fakePublisher{}), claims: nil, want: false},
152153
{name: "internal traffic", dispatcher: newTestDispatcher(&fakePublisher{}), claims: &casJWT.Claims{SourceInternal: true}, want: false},
153154
{name: "client traffic", dispatcher: newTestDispatcher(&fakePublisher{}), claims: &casJWT.Claims{}, want: true},
154155
}

0 commit comments

Comments
 (0)