github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 07:47:56 +00:00
Code Issues Projects Releases Wiki Activity

Fix prefixing bug in import verifier

Browse Source 
In order to check if an import is of an allowed tree, we need to check
that the import is either literally to the base of the tree or that the
import is below the tree (the import, suffixed with `/`, should be a
prefix) instead of checking simply that the import is a prefix of the
allowed tree, as that causes issues with packages that are prefixes of
each other, like `k8s.io/api` and `k8s.io/apimachinery`.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
This commit is contained in:
Steve Kuznetsov 2017-08-23 12:13:18 -07:00
parent 2f00e6d72c
commit 3c3e0f1489
No known key found for this signature in database
GPG Key ID: 366E054B30FC03A2
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/importverifier/OWNERS Normal file
View File

@ -0,0 +1,8 @@
reviewers:
- stevekuznetsov
- deads2k
- sttts
approvers:
- stevekuznetsov
- deads2k
- sttts

4
cmd/importverifier/importverifier.go
View File

@ -152,7 +152,9 @@ func (i *ImportRestriction) isForbidden(imp string) bool {
importsBelowBase := strings.HasPrefix(imp, i.BaseDir)
importsAllowed := false
for _, allowed := range i.AllowedImports {
importsAllowed = importsAllowed || strings.HasPrefix(imp, allowed)
exactlyImportsAllowed := imp == allowed
importsBelowAllowed := strings.HasPrefix(imp, fmt.Sprintf("%s/", allowed))
importsAllowed = importsAllowed || (importsBelowAllowed || exactlyImportsAllowed)
}
return importsBelowRoot && !importsBelowBase && !importsAllowed