fix(cli): include generic auth credentials in permission checks by nkoorty · Pull Request #1 · Gecko-Security/n8n

nkoorty · 2026-03-09T20:59:55Z

Active-credential filtering omitted credentials selected via node parameters like genericAuthType, which allowed HTTP Request nodes using generic credential mode to bypass pre-execution project-sharing checks.
The change restores correct enforcement so credentials chosen at runtime are included in the pre-execution permission check.

Add genericAuthType to the set of active credential types in CredentialsPermissionChecker.getActiveCredentialTypes so generic-mode credentials are treated like nodeCredentialType and validated before execution.
Ensure mapCredIdsToNodes will include credential IDs for types produced by genericAuthType through the existing active-type filtering.
Add a regression test should check generic auth credential type selected by genericAuthType to packages/cli/src/executions/pre-execution-checks/__tests__/credentials-permission-checker.test.ts verifying the selected generic credential is passed to accessibility checks.

Ran a full repository build with pnpm build > build.log 2>&1, which completed (build output captured in build.log).
Attempted the targeted unit test with pnpm test for the modified test file, but the Jest run failed in this environment due to missing built workspace runtime/test modules (e.g. @n8n/db, @n8n/backend-test-utils) rather than due to assertion failures.
Ran pnpm eslint and pnpm typecheck in packages/cli, which produced only lint warnings and passed type checking with tsc --noEmit.

fix(cli): include generic auth credentials in permission checks

6f52823

nkoorty added codex aardvark labels Mar 9, 2026 — with ChatGPT Codex Connector

Provide feedback