-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix possible path traversal attack when supporting Helm values.yaml
#2452
Conversation
@@ -227,7 +227,7 @@ func helmTemplate(appPath string, q *apiclient.ManifestRequest) ([]*unstructured | |||
} | |||
templateOpts.Values = appHelm.ValueFiles | |||
if appHelm.Values != "" { | |||
file, err := ioutil.TempFile("", "values-*.yaml") | |||
file, err := ioutil.TempFile(appPath, "values-*.yaml") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As part of this change, all values stemming from Helm.Values
will now have to be saved in a temp file within the application path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clever
Looks good so far. Need to find out why e2e test failed |
Codecov Report
@@ Coverage Diff @@
## master #2452 +/- ##
======================================
Coverage 39.2% 39.2%
======================================
Files 108 108
Lines 15862 15862
======================================
Hits 6218 6218
Misses 8864 8864
Partials 780 780 Continue to review full report at Codecov.
|
@simster7 you haven't removed the 'not ready for review' label, so I'll assume you don't want a review yet. |
@alexec I don't have permissions to add or remove labels haha, but this should be ready for review! |
@alexec Added the extra tests! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conditional approval. You must fix the lint error!
@alexec @simster7 Hm, I think this PR went a little over the goal. The behaviour of this change now forbids usage of values files outside the Chart folder, but should it not rather forbid usage of values files outside the repository root? It broke a few of our Helm applications that have a structure in repo like after we updated our integration environment to 1.3 today:
Was this the intention? |
Correct, the directory used as "root" for Helm apps is the directory the argo-cd/reposerver/repository/repository.go Lines 159 to 164 in 09808b5
I think it would be up to discussion to determine if we should support files/directories outside of the One one hand, supporting the repo as a whole may allow an attacker to use a An easy and flexible solution to this could be to introduce a flag to allow the user to disable the directory enforcer. |
A lot of our deployments use shared values outside of the root but in the same repo. I think a flag to enable this would be good. |
Yes, a switch would be fine. Regardless of its setting, it should prevent jumping out the repo root, tho. |
Will work on a PR. |
Fixes #2447 by addressing #2020 (comment).
Currently looking for other possible path traversal attacks.