Merge pull request #10819 from jsdir/10815-relative-path-fix
Fixed relative filepath check
This commit is contained in:
commit
08544a89eb
4 changed files with 45 additions and 2 deletions
|
@ -4879,3 +4879,20 @@ func TestBuildEmptyScratch(t *testing.T) {
|
|||
}
|
||||
logDone("build - empty scratch Dockerfile")
|
||||
}
|
||||
|
||||
func TestBuildDotDotFile(t *testing.T) {
|
||||
defer deleteImages("sc")
|
||||
ctx, err := fakeContext("FROM busybox\n",
|
||||
map[string]string{
|
||||
"..gitme": "",
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer ctx.Close()
|
||||
|
||||
if _, err = buildImageFromContext("sc", ctx, false); err != nil {
|
||||
t.Fatalf("Build was supposed to work: %s", err)
|
||||
}
|
||||
logDone("build - ..file")
|
||||
}
|
||||
|
|
|
@ -525,7 +525,7 @@ loop:
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if strings.HasPrefix(rel, "..") {
|
||||
if strings.HasPrefix(rel, "../") {
|
||||
return breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest))
|
||||
}
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@ func UnpackLayer(dest string, layer ArchiveReader) (size int64, err error) {
|
|||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
if strings.HasPrefix(rel, "..") {
|
||||
if strings.HasPrefix(rel, "../") {
|
||||
return 0, breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest))
|
||||
}
|
||||
base := filepath.Base(path)
|
||||
|
|
|
@ -99,3 +99,29 @@ func TestChrootApplyEmptyArchiveFromSlowReader(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestChrootApplyDotDotFile(t *testing.T) {
|
||||
tmpdir, err := ioutil.TempDir("", "docker-TestChrootApplyDotDotFile")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer os.RemoveAll(tmpdir)
|
||||
src := filepath.Join(tmpdir, "src")
|
||||
if err := os.MkdirAll(src, 0700); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := ioutil.WriteFile(filepath.Join(src, "..gitme"), []byte(""), 0644); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
stream, err := archive.Tar(src, archive.Uncompressed)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
dest := filepath.Join(tmpdir, "dest")
|
||||
if err := os.MkdirAll(dest, 0700); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if _, err := ApplyLayer(dest, stream); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue