github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 05:03:09 +00:00
Code Issues Projects Releases Wiki Activity

Validate git args are not flags prior to mounting

Browse Source
This commit is contained in:
Tim Allclair 2018-05-30 16:16:11 -07:00
parent 595059bb65
commit d5e05ca2ce
No known key found for this signature in database
GPG Key ID: 434D16BCEF479EAB
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/volume/git_repo/git_repo.go
View File

@ -90,6 +90,10 @@ func (plugin *gitRepoPlugin) SupportsBulkVolumeVerification() bool {
}
func (plugin *gitRepoPlugin) NewMounter(spec *volume.Spec, pod *v1.Pod, opts volume.VolumeOptions) (volume.Mounter, error) {
if err := validateVolume(spec.Volume.GitRepo); err != nil {
return nil, err
}
return &gitRepoVolumeMounter{
gitRepoVolume: &gitRepoVolume{
volName: spec.Name(),
@ -248,6 +252,19 @@ func (b *gitRepoVolumeMounter) execCommand(command string, args []string, dir st
return cmd.CombinedOutput()
}
func validateVolume(src *v1.GitRepoVolumeSource) error {
if err := validateNonFlagArgument(src.Repository, "repository"); err != nil {
return err
}
if err := validateNonFlagArgument(src.Revision, "revision"); err != nil {
return err
}
if err := validateNonFlagArgument(src.Directory, "directory"); err != nil {
return err
}
return nil
}
// gitRepoVolumeUnmounter cleans git repo volumes.
type gitRepoVolumeUnmounter struct {
*gitRepoVolume
@ -276,3 +293,10 @@ func getVolumeSource(spec *volume.Spec) (*v1.GitRepoVolumeSource, bool) {
return volumeSource, readOnly
}
func validateNonFlagArgument(arg, argName string) error {
if len(arg) > 0 && arg[0] == '-' {
return fmt.Errorf("%q is an invalid value for %s", arg, argName)
}
return nil
}

38
pkg/volume/git_repo/git_repo_test.go
View File

@ -200,6 +200,44 @@ func TestPlugin(t *testing.T) {
},
isExpectedFailure: false,
},
{
name: "invalid-repository",
vol: &v1.Volume{
Name: "vol1",
VolumeSource: v1.VolumeSource{
GitRepo: &v1.GitRepoVolumeSource{
Repository: "--foo",
},
},
},
isExpectedFailure: true,
},
{
name: "invalid-revision",
vol: &v1.Volume{
Name: "vol1",
VolumeSource: v1.VolumeSource{
GitRepo: &v1.GitRepoVolumeSource{
Repository: gitUrl,
Revision: "--bar",
},
},
},
isExpectedFailure: true,
},
{
name: "invalid-directory",
vol: &v1.Volume{
Name: "vol1",
VolumeSource: v1.VolumeSource{
GitRepo: &v1.GitRepoVolumeSource{
Repository: gitUrl,
Directory: "-b",
},
},
},
isExpectedFailure: true,
},
}
for _, scenario := range scenarios {