fix(docker): nested dockerfile/chalk mark in /tmp/ folder for snap pe…

…rmissions looks like docker when installed via snap cant access tmp files directly inside /tmp but it can access them when they are nested inside another folder in /tmp this is important as chalk passes chalkmark and Dockerfile in some cases via tmp files and so it needs to write it to a place which will be accessible by docker
crashappsec · Nov 3, 2023 · 01f33aa · 01f33aa
1 parent 8c5799f
commit 01f33aa
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/chalk.nimble b/chalk.nimble
@@ -8,7 +8,7 @@ bin           = @["chalk"]
 
 # Dependencies
 requires "nim >= 2.0.0"
-requires "https://github.com/crashappsec/con4m#e6d8bd6dd75543389d84689054e5675cb30ca511"
+requires "https://github.com/crashappsec/con4m#dbf34a6487564ae575225fd1e06e3a1dad5093a2"
 requires "https://github.com/viega/zippy == 0.10.7" # MIT
 requires "https://github.com/aruZeta/QRgen == 3.0.0" # MIT
 

diff --git a/src/commands/cmd_docker.nim b/src/commands/cmd_docker.nim
@@ -75,7 +75,7 @@ proc launchDockerSubscan(ctx:     DockerInvocation,
 proc writeChalkMark(ctx: DockerInvocation, mark: string) =
   # We are going to move this file, so don't autoclean.
   var
-    (f, path) = getNewTempFile(autoClean = false)
+    (f, path) = getNewTempFile(autoClean = false, nestInDir = true)
 
   try:
     info("Creating temporary chalk file: " & path)
@@ -176,7 +176,7 @@ proc writeNewDockerFileIfNeeded(ctx: DockerInvocation) =
   # should properly be using a temporary file, because it's a place
   # we're generally guaranteed to be able to write.
 
-  let (f, path) = getNewTempFile()
+  let (f, path) = getNewTempFile(nestInDir = true)
 
   info("Created temporary Dockerfile at: " & path)