Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-02-13 13:06:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add safe guards for relative paths

Browse Source 
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.

The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.

The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.

Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit is contained in:
Hidde Beydals
2020-12-14 14:21:41 +01:00
parent 008b3b8408
commit 5ea4e814f5
13 changed files with 180 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/flux/create_kustomization.go
View File

@@ -74,7 +74,7 @@ var createKsCmd = &cobra.Command{
var (
ksSource flags.KustomizationSource
ksPath string
ksPath flags.SafeRelativePath = "./"
ksPrune bool
ksDependsOn []string
ksValidation string
@@ -88,7 +88,7 @@ var (
func init() {
createKsCmd.Flags().Var(&ksSource, "source", ksSource.Description())
createKsCmd.Flags().StringVar(&ksPath, "path", "./", "path to the directory containing a kustomization.yaml file")
createKsCmd.Flags().Var(&ksPath, "path", "path to the directory containing a kustomization.yaml file")
createKsCmd.Flags().BoolVar(&ksPrune, "prune", false, "enable garbage collection")
createKsCmd.Flags().StringArrayVar(&ksHealthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
createKsCmd.Flags().DurationVar(&ksHealthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
@@ -110,7 +110,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
if ksPath == "" {
return fmt.Errorf("path is required")
}
if !strings.HasPrefix(ksPath, "./") {
if !strings.HasPrefix(ksPath.String(), "./") {
return fmt.Errorf("path must begin with ./")
}
@@ -134,7 +134,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
Interval: metav1.Duration{
Duration: interval,
},
Path: ksPath,
Path: ksPath.String(),
Prune: ksPrune,
SourceRef: kustomizev1.CrossNamespaceSourceReference{
Kind: ksSource.Kind,