github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

GitRepo command hardening

Browse Source
This commit is contained in:
Tim Allclair 2018-05-31 13:35:04 -07:00
parent d5e05ca2ce
commit ce730d96b7
No known key found for this signature in database
GPG Key ID: 434D16BCEF479EAB
2 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/volume/git_repo/git_repo.go
View File

@ -20,6 +20,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"path" "path"
"path/filepath"
"strings" "strings"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
@ -194,7 +195,7 @@ func (b *gitRepoVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
return err return err
} }
args := []string{"clone", b.source} args := []string{"clone", "--", b.source}
if len(b.target) != 0 { if len(b.target) != 0 {
args = append(args, b.target) args = append(args, b.target)
@ -218,7 +219,7 @@ func (b *gitRepoVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
var subdir string var subdir string
switch { switch {
case b.target == ".": case len(b.target) != 0 && filepath.Clean(b.target) == ".":
// if target dir is '.', use the current dir // if target dir is '.', use the current dir
subdir = path.Join(dir) subdir = path.Join(dir)
case len(files) == 1: case len(files) == 1:

38
pkg/volume/git_repo/git_repo_test.go
View File

@ -93,7 +93,7 @@ func TestPlugin(t *testing.T) {
}, },
expecteds: []expectedCommand{ expecteds: []expectedCommand{
{ {
cmd: []string{"git", "clone", gitUrl, "target_dir"}, cmd: []string{"git", "clone", "--", gitUrl, "target_dir"},
dir: "", dir: "",
}, },
{ {
@ -120,7 +120,7 @@ func TestPlugin(t *testing.T) {
}, },
expecteds: []expectedCommand{ expecteds: []expectedCommand{
{ {
cmd: []string{"git", "clone", gitUrl, "target_dir"}, cmd: []string{"git", "clone", "--", gitUrl, "target_dir"},
dir: "", dir: "",
}, },
}, },
@ -138,7 +138,7 @@ func TestPlugin(t *testing.T) {
}, },
expecteds: []expectedCommand{ expecteds: []expectedCommand{
{ {
cmd: []string{"git", "clone", gitUrl}, cmd: []string{"git", "clone", "--", gitUrl},
dir: "", dir: "",
}, },
}, },
@ -158,7 +158,7 @@ func TestPlugin(t *testing.T) {
}, },
expecteds: []expectedCommand{ expecteds: []expectedCommand{
{ {
cmd: []string{"git", "clone", gitUrl}, cmd: []string{"git", "clone", "--", gitUrl},
dir: "", dir: "",
}, },
{ {
@ -186,7 +186,35 @@ func TestPlugin(t *testing.T) {
}, },
expecteds: []expectedCommand{ expecteds: []expectedCommand{
{ {
cmd: []string{"git", "clone", gitUrl, "."}, cmd: []string{"git", "clone", "--", gitUrl, "."},
dir: "",
},
{
cmd: []string{"git", "checkout", revision},
dir: "",
},
{
cmd: []string{"git", "reset", "--hard"},
dir: "",
},
},
isExpectedFailure: false,
},
{
name: "current-dir-mess",
vol: &v1.Volume{
Name: "vol1",
VolumeSource: v1.VolumeSource{
GitRepo: &v1.GitRepoVolumeSource{
Repository: gitUrl,
Revision: revision,
Directory: "./.",
},
},
},
expecteds: []expectedCommand{
{
cmd: []string{"git", "clone", "--", gitUrl, "./."},
dir: "", dir: "",
}, },
{ {