Use env varaibles for passing path

The subpath could be passed a powershell subexpression which would be executed by kubelet with privilege. Switching to pass the arguments via environment variables means the subexpression won't be evaluated. Signed-off-by: James Sturtevant <jstur@microsoft.com>
2025-08-10 12:32:03 +00:00 · 2023-07-20 17:00:29 +00:00 · 2023-07-20 17:00:29 +00:00 · c761c16562
commit c761c16562
parent fb785f1f42
1 changed files with 8 additions and 4 deletions
--- a/pkg/volume/util/subpath/subpath_windows.go
+++ b/pkg/volume/util/subpath/subpath_windows.go
@ -76,8 +76,10 @@ func getUpperPath(path string) string {
 // Check whether a directory/file is a link type or not
 // LinkType could be SymbolicLink, Junction, or HardLink
 func isLinkPath(path string) (bool, error) {
-	cmd := fmt.Sprintf("(Get-Item -LiteralPath %q).LinkType", path)
-	output, err := exec.Command("powershell", "/c", cmd).CombinedOutput()
+	cmd := exec.Command("powershell", "/c", "$ErrorActionPreference = 'Stop'; (Get-Item -Force -LiteralPath $env:linkpath).LinkType")
+	cmd.Env = append(os.Environ(), fmt.Sprintf("linkpath=%s", path))
+	klog.V(8).Infof("Executing command: %q", cmd.String())
+	output, err := cmd.CombinedOutput()
 	if err != nil {
 		return false, err
 	}
@ -115,8 +117,10 @@ func evalSymlink(path string) (string, error) {
 	}
 	// This command will give the target path of a given symlink
 	// The -Force parameter will allow Get-Item to also evaluate hidden folders, like AppData.
-	cmd := fmt.Sprintf("(Get-Item -Force -LiteralPath %q).Target", upperpath)
-	output, err := exec.Command("powershell", "/c", cmd).CombinedOutput()
+	cmd := exec.Command("powershell", "/c", "$ErrorActionPreference = 'Stop'; (Get-Item -Force -LiteralPath $env:linkpath).Target")
+	cmd.Env = append(os.Environ(), fmt.Sprintf("linkpath=%s", upperpath))
+	klog.V(8).Infof("Executing command: %q", cmd.String())
+	output, err := cmd.CombinedOutput()
 	if err != nil {
 		return "", err
 	}