github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-28 19:54:35 +00:00
Code Issues Projects Releases Wiki Activity

runitme-rs: unify base64 encoding for direct-volume

Browse Source 
Direct-volume needs to use the same base64 character set as
kata-runtime/direct-volume does.

Fixes: #8175

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
This commit is contained in:
alex.lyn 2023-10-09 20:56:21 +08:00
parent 1280f85343
commit 73e81f5e39
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libs/kata-types/src/mount.rs
View File

@ -480,14 +480,14 @@ impl<H> StorageHandlerManager<H> {
/// Join user provided volume path with kata direct-volume root path. /// Join user provided volume path with kata direct-volume root path.
/// ///
/// The `volume_path` is base64-encoded and then safely joined to the `prefix` /// The `volume_path` is base64-url-encoded and then safely joined to the `prefix`
pub fn join_path(prefix: &str, volume_path: &str) -> Result<PathBuf> { pub fn join_path(prefix: &str, volume_path: &str) -> Result<PathBuf> {
if volume_path.is_empty() { if volume_path.is_empty() {
return Err(anyhow!("volume path must not be empty")); return Err(anyhow!("volume path must not be empty"));
} }
let b64_encoded_path = base64::encode(volume_path.as_bytes()); let b64_url_encoded_path = base64::encode_config(volume_path.as_bytes(), base64::URL_SAFE);
Ok(safe_path::scoped_join(prefix, b64_encoded_path)?) Ok(safe_path::scoped_join(prefix, b64_url_encoded_path)?)
} }
/// get DirectVolume mountInfo from mountinfo.json. /// get DirectVolume mountInfo from mountinfo.json.

15
src/tools/kata-ctl/src/ops/volume_ops.rs
View File

@ -207,11 +207,13 @@ mod tests {
let root_fs_str = root_fs.to_str().unwrap(); let root_fs_str = root_fs.to_str().unwrap();
let relative_secret_path = "../../etc/passwd"; let relative_secret_path = "../../etc/passwd";
let b64_relative_secret_path = base64::encode(relative_secret_path); let b64_relative_secret_path =
base64::encode_config(relative_secret_path, base64::URL_SAFE);
// this byte array b64encodes to "/abcdddd" // byte array of "abcdddd"
let b64_abs_path = vec![253, 166, 220, 117, 215, 93]; let b64_abs_path = vec![97, 98, 99, 100, 100, 100, 100];
let converted_relative_path = "abcdddd"; // b64urlencoded string of "abcdddd"
let b64urlencodes_relative_path = "YWJjZGRkZA==";
let tests = &[ let tests = &[
TestData { TestData {
@ -227,14 +229,15 @@ mod tests {
TestData { TestData {
rootfs: root_fs_str, rootfs: root_fs_str,
volume_path: unsafe { std::str::from_utf8_unchecked(&b64_abs_path) }, volume_path: unsafe { std::str::from_utf8_unchecked(&b64_abs_path) },
result: Ok(root_fs.join(converted_relative_path)), result: Ok(root_fs.join(b64urlencodes_relative_path)),
}, },
]; ];
for (i, d) in tests.iter().enumerate() { for (i, d) in tests.iter().enumerate() {
let msg = format!("test[{}]: {:?}", i, d); let msg = format!("test[{}]: {:?}", i, d);
let result = join_path(d.rootfs, d.volume_path); let result = join_path(d.rootfs, d.volume_path);
let msg = format!("{}, result: {:?}", msg, result); let msg = format!("{}, result: {:?}", msg, result);
if d.result.is_ok() { if result.is_ok() {
assert!( assert!(
result.as_ref().unwrap() == d.result.as_ref().unwrap(), result.as_ref().unwrap() == d.result.as_ref().unwrap(),
"{}", "{}",