Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
cni
0001-tighten-up-plugin-finding-logic.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-tighten-up-plugin-finding-logic.patch of Package cni
From ada67263b12ff0c65f1256e120f6d9f7f0277388 Mon Sep 17 00:00:00 2001 From: Casey Callendrello <cdc@redhat.com> Date: Tue, 19 Jan 2021 15:36:49 +0100 Subject: [PATCH] tighten up plugin-finding logic Signed-off-by: Casey Callendrello <cdc@redhat.com> --- pkg/invoke/find.go | 5 +++++ pkg/invoke/find_test.go | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/pkg/invoke/find.go b/pkg/invoke/find.go index e815404c..e62029eb 100644 --- a/pkg/invoke/find.go +++ b/pkg/invoke/find.go @@ -18,6 +18,7 @@ import ( "fmt" "os" "path/filepath" + "strings" ) // FindInPath returns the full path of the plugin by searching in the provided path @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) { return "", fmt.Errorf("no plugin name provided") } + if strings.ContainsRune(plugin, os.PathSeparator) { + return "", fmt.Errorf("invalid plugin name: %s", plugin) + } + if len(paths) == 0 { return "", fmt.Errorf("no paths provided") } diff --git a/pkg/invoke/find_test.go b/pkg/invoke/find_test.go index 58543131..dfa7440b 100644 --- a/pkg/invoke/find_test.go +++ b/pkg/invoke/find_test.go @@ -99,5 +99,13 @@ var _ = Describe("FindInPath", func() { Expect(err).To(MatchError(fmt.Sprintf("failed to find plugin %q in path %s", pluginName, pathsWithNothing))) }) }) + + Context("When the plugin contains a directory separator", func() { + It("returns an error", func() { + bogusPlugin := ".." + string(os.PathSeparator) + "pluginname" + _, err := invoke.FindInPath(bogusPlugin, []string{anotherTempDir}) + Expect(err).To(MatchError("invalid plugin name: " + bogusPlugin)) + }) + }) }) })
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor