pkg/containerfs: make ResolveScopedPath a free fn
Signed-off-by: Cory Snider <csnider@mirantis.com>
This commit is contained in:
Cory Snider
parent
fd16e003fb
commit
a7c8fdc55b
7 changed files with 13 additions and 21 deletions
|
|
@ -45,7 +45,7 @@ type copyInfo struct {
|
|||
}
|
||||
|
||||
func (c copyInfo) fullPath() (string, error) {
|
||||
return c.root.ResolveScopedPath(c.path, true)
|
||||
return containerfs.ResolveScopedPath(c.root.Path(), c.path)
|
||||
}
|
||||
|
||||
func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo {
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ func (c *archiveContext) Hash(path string) (string, error) {
|
|||
|
||||
func normalize(path string, root containerfs.ContainerFS) (cleanPath, fullPath string, err error) {
|
||||
cleanPath = root.Clean(string(root.Separator()) + path)[1:]
|
||||
fullPath, err = root.ResolveScopedPath(path, true)
|
||||
fullPath, err = containerfs.ResolveScopedPath(root.Path(), path)
|
||||
if err != nil {
|
||||
return "", "", errors.Wrapf(err, "forbidden path outside the build context: %s (%s)", path, cleanPath)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/docker/docker/builder"
|
||||
"github.com/docker/docker/builder/remotecontext/urlutil"
|
||||
"github.com/docker/docker/errdefs"
|
||||
"github.com/docker/docker/pkg/containerfs"
|
||||
"github.com/docker/docker/pkg/fileutils"
|
||||
"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
|
||||
"github.com/moby/buildkit/frontend/dockerfile/parser"
|
||||
|
|
@ -175,7 +176,7 @@ func StatAt(remote builder.Source, path string) (os.FileInfo, error) {
|
|||
|
||||
// FullPath is a helper for getting a full path for a path from a source
|
||||
func FullPath(remote builder.Source, path string) (string, error) {
|
||||
fullPath, err := remote.Root().ResolveScopedPath(path, true)
|
||||
fullPath, err := containerfs.ResolveScopedPath(remote.Root().Path(), path)
|
||||
if err != nil {
|
||||
if runtime.GOOS == "windows" {
|
||||
return "", fmt.Errorf("failed to resolve scoped path %s (%s): %s. Possible cause is a forbidden path outside the build context", path, fullPath, err)
|
||||
|
|
|
|||
|
|
@ -304,7 +304,7 @@ func (container *Container) GetResourcePath(path string) (string, error) {
|
|||
}
|
||||
// IMPORTANT - These are paths on the OS where the daemon is running, hence
|
||||
// any filepath operations must be done in an OS agnostic way.
|
||||
r, e := container.BaseFS.ResolveScopedPath(path, false)
|
||||
r, e := containerfs.ResolveScopedPath(container.BaseFS.Path(), containerfs.CleanScopedPath(path))
|
||||
|
||||
// Log this here on the daemon side as there's otherwise no indication apart
|
||||
// from the error being propagated all the way back to the client. This makes
|
||||
|
|
|
|||
|
|
@ -14,13 +14,6 @@ type ContainerFS interface {
|
|||
// on the local system, so the continuity operations must be used
|
||||
Path() string
|
||||
|
||||
// ResolveScopedPath evaluates the given path scoped to the root.
|
||||
// For example, if root=/a, and path=/b/c, then this function would return /a/b/c.
|
||||
// If rawPath is true, then the function will not preform any modifications
|
||||
// before path resolution. Otherwise, the function will clean the given path
|
||||
// by making it an absolute path.
|
||||
ResolveScopedPath(path string, rawPath bool) (string, error)
|
||||
|
||||
Driver
|
||||
}
|
||||
|
||||
|
|
@ -52,10 +45,8 @@ func (l *local) Path() string {
|
|||
return l.path
|
||||
}
|
||||
|
||||
func (l *local) ResolveScopedPath(path string, rawPath bool) (string, error) {
|
||||
cleanedPath := path
|
||||
if !rawPath {
|
||||
cleanedPath = cleanScopedPath(path)
|
||||
}
|
||||
return symlink.FollowSymlinkInScope(filepath.Join(l.path, cleanedPath), l.path)
|
||||
// ResolveScopedPath evaluates the given path scoped to the root.
|
||||
// For example, if root=/a, and path=/b/c, then this function would return /a/b/c.
|
||||
func ResolveScopedPath(root, path string) (string, error) {
|
||||
return symlink.FollowSymlinkInScope(filepath.Join(root, path), root)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ package containerfs // import "github.com/docker/docker/pkg/containerfs"
|
|||
|
||||
import "path/filepath"
|
||||
|
||||
// cleanScopedPath preappends a to combine with a mnt path.
|
||||
func cleanScopedPath(path string) string {
|
||||
// CleanScopedPath preappends a to combine with a mnt path.
|
||||
func CleanScopedPath(path string) string {
|
||||
return filepath.Join(string(filepath.Separator), path)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@ package containerfs // import "github.com/docker/docker/pkg/containerfs"
|
|||
|
||||
import "path/filepath"
|
||||
|
||||
// cleanScopedPath removes the C:\ syntax, and prepares to combine
|
||||
// CleanScopedPath removes the C:\ syntax, and prepares to combine
|
||||
// with a volume path
|
||||
func cleanScopedPath(path string) string {
|
||||
func CleanScopedPath(path string) string {
|
||||
if len(path) >= 2 {
|
||||
c := path[0]
|
||||
if path[1] == ':' && ('a' <= c && c <= 'z' || 'A' <= c && c <= 'Z') {
|
||||
|
|
|
|||
Loading…
Reference in a new issue