fix(registry): defense-in-depth cross-org check on sync_repository

topher-lo · claude · topher-lo · commit dfa7e14f9e9e · 2026-04-25T22:00:25.000-04:00
The service method now accepts a RegistryRepository instance and trusts
the caller to have done the org-scoped lookup. Both real callers (the
HTTP route's get_repository_by_id and the MCP tool's list_repositories)
do filter by org, so no exploit exists today, but a future caller that
bypasses those lookups would expose IDOR.

Add an inline assertion on repository.organization_id == self.organization_id
inside sync_repository. On mismatch raise the existing domain exception
RegistryNotFound("Registry repository not found"); the route catches it
before the broader RegistryError clause and maps it to the same 404 it
already returns for missing IDs. Cross-org probing is therefore
indistinguishable from a missing repository.

Add a focused unit test covering the cross-org rejection.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/tests/unit/test_registry_repositories_service.py b/tests/unit/test_registry_repositories_service.py
@@ -9,7 +9,7 @@
 
 from tracecat.auth.types import Role
 from tracecat.db.models import RegistryRepository
-from tracecat.exceptions import ScopeDeniedError
+from tracecat.exceptions import RegistryNotFound, ScopeDeniedError
 from tracecat.registry.repositories.schemas import RegistryRepositorySync
 from tracecat.registry.repositories.service import RegistryReposService
 
@@ -115,3 +115,26 @@ async def test_list_repositories_requires_registry_read_scope(
     service = RegistryReposService(AsyncMock(), role=role_without_registry_scopes)
     with pytest.raises(ScopeDeniedError):
         await service.list_repositories()
+
+
+@pytest.mark.anyio
+async def test_sync_repository_rejects_cross_org_repository() -> None:
+    """Cross-org repository must surface RegistryNotFound (probing-resistant)."""
+    role_with_update = Role(
+        type="service",
+        service_id="tracecat-api",
+        workspace_id=uuid.uuid4(),
+        organization_id=uuid.uuid4(),
+        user_id=uuid.uuid4(),
+        scopes=frozenset({"org:registry:update"}),
+    )
+    service = RegistryReposService(AsyncMock(), role=role_with_update)
+    foreign_repository = RegistryRepository(
+        organization_id=uuid.uuid4(),  # different org
+        origin="custom_actions",
+    )
+
+    with pytest.raises(RegistryNotFound):
+        await service.sync_repository(
+            foreign_repository, RegistryRepositorySync(force=False)
+        )
diff --git a/tracecat/registry/repositories/router.py b/tracecat/registry/repositories/router.py
@@ -17,6 +17,7 @@
     EntitlementRequired,
     RegistryActionValidationError,
     RegistryError,
+    RegistryNotFound,
     TracecatCredentialsNotFoundError,
     TracecatValidationError,
 )
@@ -98,6 +99,13 @@ async def sync_registry_repository(
 
     try:
         return await repos_service.sync_repository(repo, sync_params)
+    except RegistryNotFound as e:
+        # Service-level defense-in-depth (cross-org repository) collapses
+        # into the same 404 response as a missing repository.
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Registry repository not found",
+        ) from e
     except RegistryActionValidationError as e:
         logger.warning("Validation errors while syncing repository", exc=e)
         raise HTTPException(
diff --git a/tracecat/registry/repositories/service.py b/tracecat/registry/repositories/service.py
@@ -9,7 +9,7 @@
 
 from tracecat.authz.controls import require_scope
 from tracecat.db.models import RegistryRepository, RegistryVersion
-from tracecat.exceptions import RegistryError
+from tracecat.exceptions import RegistryError, RegistryNotFound
 from tracecat.registry.constants import DEFAULT_REGISTRY_ORIGIN
 from tracecat.registry.repositories.schemas import (
     RegistryRepositoryCreate,
@@ -100,9 +100,13 @@ async def sync_repository(
         the org-scoped lookup has happened.
 
         Raises:
+            RegistryNotFound: if the repository does not belong to the
+                caller's organization. Surfaced as the same 404 the route
+                returns for missing IDs so this defense-in-depth check
+                cannot be used to probe for cross-org repository IDs.
             EntitlementRequired: for non-default origins without the entitlement.
-            RegistryError, RegistryActionValidationError,
-            TracecatCredentialsNotFoundError: surfaced from the underlying sync.
+            RegistryActionValidationError, TracecatCredentialsNotFoundError:
+                surfaced from the underlying sync.
         """
         # parse_git_url and RegistryActionsService are imported lazily
         # because tracecat.git.utils and tracecat.registry.repository both
@@ -111,6 +115,13 @@ async def sync_repository(
         from tracecat.git.utils import parse_git_url
         from tracecat.registry.actions.service import RegistryActionsService
 
+        # Defense-in-depth: real callers already org-scope via
+        # get_repository_by_id / list_repositories, but this method accepts a
+        # RegistryRepository instance directly. Treat a wrong-org repository
+        # the same as "not found" so this check cannot enable probing.
+        if repository.organization_id != self.organization_id:
+            raise RegistryNotFound("Registry repository not found")
+
         if repository.origin != DEFAULT_REGISTRY_ORIGIN:
             await check_entitlement(
                 self.session, self.role, Entitlement.CUSTOM_REGISTRY
