Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Path field optional and add safe guards for relative paths #211

Merged
merged 3 commits into from
Dec 16, 2020
Merged

Make Path field optional and add safe guards for relative paths #211

merged 3 commits into from
Dec 16, 2020

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Dec 16, 2020

This commit ensures that relative (user configurable) paths never
traverse outside their working directory.

It does not provide protection against path traversal within
kustomization.yaml files.

@hiddeco hiddeco force-pushed the safe-rel-path branch 2 times, most recently from 6ab7466 to 753d0a2 Compare December 16, 2020 11:27
@hiddeco hiddeco added the enhancement New feature or request label Dec 16, 2020
@hiddeco
Add safe guards for relative paths
6a4bf74 
This commit ensures that relative (user configurable) paths never
traverse outside their working directory.

It does _not_ provide protection against path traversal within
`kustomization.yaml` files.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco
Make Path an optional field and remove validation
69a7e75 
As due to secure joins, the requirement on both providing a path
and/or requiring it to be in a certain format offers little value
over the UX experience of not having to provide it when you just
want to reconcile whatever can be found in the root of the source
reference.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco hiddeco changed the title Add safe guards for relative paths Make Path field optional and add safe guards for relative paths Dec 16, 2020
@hiddeco
Write KubeConfig to tmp file in working dir
d7a0dea 
Instead of using the name of the secret, as this can cause unexpected
collisions in edge case scenarios.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco hiddeco merged commit 6a3c585 into main Dec 16, 2020
@hiddeco hiddeco deleted the safe-rel-path branch December 16, 2020 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hiddeco @stefanprodan