0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/pkg
History
Cory Snider 833139f390 pkg/archive: audit gosec file-traversal lints 
The recently-upgraded gosec linter has a rule for archive extraction
code which may be vulnerable to directory traversal attacks, a.k.a. Zip
Slip. Gosec's detection is unfortunately prone to false positives,
however: it flags any filepath.Join call with an argument derived from a
tar.Header value, irrespective of whether the resultant path is used for
filesystem operations or if directory traversal attacks are guarded
against.

All of the lint errors reported by gosec appear to be false positives.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 15:42:22 -05:00
..
aaparser Also trim "~..." from AppArmor versions 2020-10-08 17:03:51 -07:00
archive pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
authorization refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
broadcaster Various code-cleanup 2018-05-23 17:50:54 +02:00
capabilities Add more import comments 2019-04-10 16:59:33 +02:00
chrootarchive chrootarchive: don't create parent dirs outside of chroot 2021-10-05 09:57:04 +02:00
containerfs Remove local fork of archive/tar package 2022-02-18 13:40:19 -05:00
devicemapper Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
directory refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
dmesg Use Klogctl from x/sys/unix to read Linux kernel log 2019-08-22 08:25:13 +02:00
filenotify refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
fileutils Avoid platform-specific NewPatternMatcher function in TestCompile 2022-01-20 09:08:16 -08:00
fsutils refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
homedir Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
idtools refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
ioutils Merge pull request #42543 from rainrambler/patch-1 2021-09-01 13:26:30 +02:00
jsonmessage gosimple: S1039: unnecessary use of fmt.Sprintf 2021-06-10 13:03:27 +02:00
locker replace pkg/locker with github.com/moby/locker 2020-09-10 22:15:40 +02:00
longpath Add canonical import comment 2018-02-05 16:51:57 -05:00
loopback Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
mount Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
namesgenerator Merge pull request #43210 from tianon/frozen-names-generator 2022-02-10 20:38:44 +01:00
parsers refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
pidfile refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
platform Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
plugingetter Move plugin client to separate interface 2018-05-30 15:22:10 -04:00
plugins Merge pull request #41215 from cpuguy83/better_plugin_errors 2021-10-24 12:37:07 +09:00
pools bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
progress refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
pubsub docker stats: fix 'panic: close of closed channel' 2020-10-24 11:48:56 +08:00
reexec Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
signal pkg/signal: remove DefaultStopSignal const 2021-08-11 10:31:29 +02:00
stack refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
stdcopy refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
streamformatter bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
stringid Entropy cannot be saved 2019-06-07 11:54:45 +01:00
symlink replace pkg/symlink with github.com/moby/sys/symlink 2020-11-03 11:17:12 +01:00
sysinfo Merge pull request #42796 from thaJeztah/containerd_seccomp_check 2021-08-29 03:05:59 +09:00
system pkg/system: rewrite IsWindowsClient() using golang.org/x/sys/windows 2022-01-26 13:39:03 +01:00
tailfile refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
tarsum pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
term Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
truncindex Entropy cannot be saved 2019-06-07 11:54:45 +01:00
urlutil Be explicit about github.com prefix being a legacy feature 2018-05-30 11:09:14 +02:00
useragent Add canonical import comment 2018-02-05 16:51:57 -05:00
README.md Rename a few docker to moby 2017-10-25 13:56:12 +02:00

README.md

pkg/ is a collection of utility packages used by the Moby project without being specific to its internals.

Utility packages are kept separate from the moby core codebase to keep it as small and concise as possible. If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the Moby organization, to facilitate re-use by other projects. However that is not the priority.

The directory pkg is named after the same directory in the camlistore project. Since Brad is a core Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!

Because utility packages are small and neatly separated from the rest of the codebase, they are a good place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them!