Use upstream yaml.v2

To mitigate against malicious YAML (as described here: kubernetes/kubernetes#83253) we used a patched version of yaml.v2. There is now a fix upstream so we can leverage that. Signed-off-by: Christopher Crone <christopher.crone@docker.com>
chris-crone · Oct 1, 2019 · 4d9974d · 4d9974d
1 parent 6a85478
commit 4d9974d
Show file tree

Hide file tree

Showing 16 changed files with 256 additions and 776 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -62,11 +62,6 @@
   name = "github.com/Masterminds/semver"
   version = "v1.3.1"
 
-[[override]]
-  name = "gopkg.in/yaml.v2"
-  source = "https://github.com/simonferquel/yaml"
-  revision = "c86e64ed9581b7588e736f0c3e6ecc02cc22996e"
-
 # Use GitHub mirror to not require Mercurial
 [[override]]
   name = "bitbucket.org/ww/goautoneg"
@@ -80,7 +75,7 @@
 
 [[override]]
   name = "github.com/docker/cli"
-  branch = "19.03"
+  revision = "d83cd90464377d4164c8f70248d064b979e5ca98"
 
 [[override]]
   name = "github.com/docker/docker"

diff --git a/internal/parsing/loader.go b/internal/parsing/loader.go
@@ -1,26 +1,12 @@
 package parsing
 
 import (
-	"bytes"
-
 	"github.com/docker/cli/cli/compose/loader"
 	composetypes "github.com/docker/cli/cli/compose/types"
-	"gopkg.in/yaml.v2"
 )
 
-const maxDecodedValues = 100000 // tested with yaml-bomb case, yields about 4MB consumption before error, and seems more than large enough for compose cases
-// This mainly guards from YAML bombs
-func validateYAML(buf []byte) error {
-	d := yaml.NewDecoder(bytes.NewBuffer(buf), yaml.WithLimitDecodedValuesCount(maxDecodedValues))
-	var v map[interface{}]interface{}
-	return d.Decode(&v)
-}
-
 // LoadStackData loads a stack from its []byte representation
 func LoadStackData(binary []byte, env map[string]string) (*composetypes.Config, error) {
-	if err := validateYAML(binary); err != nil {
-		return nil, err
-	}
 	parsed, err := loader.ParseYAML(binary)
 	if err != nil {
 		return nil, err

diff --git a/internal/parsing/loader_test.go b/internal/parsing/loader_test.go
@@ -1,19 +1,11 @@
 package parsing
 
 import (
-	"io/ioutil"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 )
 
-func TestVeryLargeStillLegitComposefile(t *testing.T) {
-	data, err := ioutil.ReadFile("very-large-composefile.yml")
-	assert.NoError(t, err)
-	err = validateYAML(data)
-	assert.NoError(t, err)
-}
-
 func TestYamlBomb(t *testing.T) {
 	data := []byte(`version: "3"
 services: &services ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
@@ -25,6 +17,6 @@ f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
 g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
 h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
 i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]`)
-	err := validateYAML(data)
-	assert.EqualError(t, err, "yaml: exceeded max number of decoded values (100000)")
+	_, err := LoadStackData(data, nil)
+	assert.EqualError(t, err, "yaml: document contains excessive aliasing")
 }