Skip to content

[TT-15954] Make org session fetch non-blocking #7480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
imogenkraak wants to merge 21 commits into
base: master
Choose a base branch
from

Make storage layer context aware

bc5f13a
Select commit
Loading
Failed to load commit list.
Draft

[TT-15954] Make org session fetch non-blocking #7480

Make storage layer context aware
bc5f13a
Select commit
Loading
Failed to load commit list.
probelabs / Visor: security failed Nov 6, 2025 in 5m 27s

🚨 Check Failed

security check failed because fail_if condition was met.

Details

📊 Summary

  • Total Issues: 3
  • Critical Issues: 1
  • Error Issues: 1
  • Warning Issues: 1

🔍 Failure Condition Results

❌ Failed Conditions

  • global_fail_if: Global failure condition met
    • ⚠️ Severity: Error

🐛 Issues by Category

🔐 Security (2)

  • 🚨 gateway/middleware.go:353 - The fetchOrgSessionWithTimeout function spawns a goroutine to fetch session details, but the context is ignored by several storage handlers (MdcbStorage, RPCStorageHandler, LDAPStorageHandler). If a backend is unresponsive, the goroutine will block indefinitely and leak. A sustained backend issue could lead to resource exhaustion and a gateway crash, constituting a denial-of-service vulnerability.
  • ⚠️ gateway/middleware.go:408 - When an organization's session expiry is not found in the cache, the function immediately returns a hardcoded 7-day default (DEFAULT_ORG_SESSION_EXPIRATION) and refreshes in the background. If the backend is unavailable, this fail-open behavior overrides any organization-specific shorter session lifetimes configured for security, increasing the risk window for compromised tokens.

🧠 Logic (1)

  • system:0 - Global failure condition met

Powered by Visor from Probelabs

💡 TIP: You can chat with Visor using /visor ask <your question>

Annotations

Check failure on line 376 in gateway/middleware.go

See this annotation in the file changed.

@probelabs probelabs / Visor: security

security Issue 

The `fetchOrgSessionWithTimeout` function spawns a goroutine to fetch session details, but the context is ignored by several storage handlers (`MdcbStorage`, `RPCStorageHandler`, `LDAPStorageHandler`). If a backend is unresponsive, the goroutine will block indefinitely and leak. A sustained backend issue could lead to resource exhaustion and a gateway crash, constituting a denial-of-service vulnerability.
Raw output 
The `context.Context` must be honored in all implementations of the `storage.Handler` interface. Update the `...Context` methods in `storage/mdcb_storage.go`, `gateway/rpc_storage_handler.go`, and `gateway/ldap_auth_handler.go` to use the context to enforce timeouts and cancellation on their underlying network client operations.

Check warning on line 412 in gateway/middleware.go

See this annotation in the file changed.

@probelabs probelabs / Visor: security

security Issue 

When an organization's session expiry is not found in the cache, the function immediately returns a hardcoded 7-day default (`DEFAULT_ORG_SESSION_EXPIRATION`) and refreshes in the background. If the backend is unavailable, this fail-open behavior overrides any organization-specific shorter session lifetimes configured for security, increasing the risk window for compromised tokens.
Raw output 
Introduce a configuration option to allow administrators to choose the fail-safe behavior: either fail open with a configurable default TTL (current behavior) or fail closed by rejecting requests. The default TTL itself should also be configurable to allow for more conservative security postures.
View more details on probelabs