SYNC: Merge branch 'feature/audit-logs'

2026-04-24 06:06:00 +00:00 · 2025-06-27 13:05:26 +02:00
parent e3c6d05a0a
commit 90bbdd563b
24 changed files with 781 additions and 63 deletions
--- a/packages/api/src/controllers/runners.js
+++ b/packages/api/src/controllers/runners.js
@@ -20,6 +20,7 @@ const { handleProcessCommunication } = require('../utility/processComm');
 const processArgs = require('../utility/processArgs');
 const platformInfo = require('../utility/platformInfo');
 const { checkSecureDirectories, checkSecureDirectoriesInScript } = require('../utility/security');
+const { sendToAuditLog, logJsonRunnerScript } = require('../utility/auditlog');
 const logger = getLogger('runners');

 function extractPlugins(script) {
@@ -270,7 +271,7 @@ module.exports = {
  },

  start_meta: true,
-  async start({ script }) {
+  async start({ script }, req) {
    const runid = crypto.randomUUID();

    if (script.type == 'json') {
@@ -280,14 +281,36 @@ module.exports = {
        }
      }

+      logJsonRunnerScript(req, script);
+
      const js = await jsonScriptToJavascript(script);
      return this.startCore(runid, scriptTemplate(js, false));
    }

    if (!platformInfo.allowShellScripting) {
+      sendToAuditLog(req, {
+        category: 'shell',
+        component: 'RunnersController',
+        event: 'script.runFailed',
+        action: 'script',
+        severity: 'warn',
+        detail: script,
+        message: 'Scripts are not allowed',
+      });
+
      return { errorMessage: 'Shell scripting is not allowed' };
    }

+    sendToAuditLog(req, {
+      category: 'shell',
+      component: 'RunnersController',
+      event: 'script.run.shell',
+      action: 'script',
+      severity: 'info',
+      detail: script,
+      message: 'Running JS script',
+    });
+
    return this.startCore(runid, scriptTemplate(script, false));
  },