From 8dce272473e5f2a7bf58ce79bb5c3691db54c96b Mon Sep 17 00:00:00 2001
From: Matt Farina <matt@mattfarina.com>
Date: Tue, 29 Oct 2019 12:40:22 -0400
Subject: [PATCH] Fix error when loading irregular files

Signed-off-by: Matt Farina <matt@mattfarina.com>
---
 pkg/chartutil/load.go                         |   7 ++++
 pkg/chartutil/load_test.go                    |  35 ++++++++++++++++++
 pkg/chartutil/testdata/bad_symlink/Chart.yaml |   4 ++
 pkg/chartutil/testdata/bad_symlink/LICENSE    |   1 +
 pkg/chartutil/testdata/bad_symlink/README.md  |  11 ++++++
 pkg/chartutil/testdata/bad_symlink/dnull      |   1 +
 .../bad_symlink/templates/template.tpl        |   1 +
 .../testdata/bad_symlink/values.yaml          |   6 +++
 .../testdata/frobnitz_symlinks/.helmignore    |   1 +
 .../testdata/frobnitz_symlinks/Chart.yaml     |  20 ++++++++++
 .../testdata/frobnitz_symlinks/INSTALL.txt    |   1 +
 .../testdata/frobnitz_symlinks/LICENSE        |   1 +
 .../frobnitz_symlinks/charts/_ignore_me       |   1 +
 .../charts/alpine/Chart.yaml                  |   5 +++
 .../frobnitz_symlinks/charts/alpine/README.md |   9 +++++
 .../charts/alpine/charts/mast1/Chart.yaml     |   5 +++
 .../charts/alpine/charts/mast1/values.yaml    |   4 ++
 .../charts/alpine/templates/alpine-pod.yaml   |  14 +++++++
 .../charts/alpine/values.yaml                 |   2 +
 .../charts/mariner-4.3.2.tgz                  | Bin 0 -> 967 bytes
 .../testdata/frobnitz_symlinks/docs/README.md |   1 +
 .../testdata/frobnitz_symlinks/icon.svg       |   8 ++++
 .../testdata/frobnitz_symlinks/ignore/me.txt  |   0
 .../frobnitz_symlinks/requirements.lock       |   8 ++++
 .../frobnitz_symlinks/requirements.yaml       |   7 ++++
 .../frobnitz_symlinks/templates/template.tpl  |   1 +
 .../testdata/frobnitz_symlinks/values.yaml    |   6 +++
 pkg/sympath/walk.go                           |   2 +
 28 files changed, 162 insertions(+)
 create mode 100644 pkg/chartutil/testdata/bad_symlink/Chart.yaml
 create mode 100644 pkg/chartutil/testdata/bad_symlink/LICENSE
 create mode 100644 pkg/chartutil/testdata/bad_symlink/README.md
 create mode 120000 pkg/chartutil/testdata/bad_symlink/dnull
 create mode 100644 pkg/chartutil/testdata/bad_symlink/templates/template.tpl
 create mode 100644 pkg/chartutil/testdata/bad_symlink/values.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/.helmignore
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/Chart.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/INSTALL.txt
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/LICENSE
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/_ignore_me
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/Chart.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/README.md
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/Chart.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/values.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/templates/alpine-pod.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/values.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/charts/mariner-4.3.2.tgz
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/docs/README.md
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/icon.svg
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/ignore/me.txt
 create mode 100755 pkg/chartutil/testdata/frobnitz_symlinks/requirements.lock
 create mode 100755 pkg/chartutil/testdata/frobnitz_symlinks/requirements.yaml
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/templates/template.tpl
 create mode 100644 pkg/chartutil/testdata/frobnitz_symlinks/values.yaml

diff --git a/pkg/chartutil/load.go b/pkg/chartutil/load.go
index 0cbc956d1..13724671a 100644
--- a/pkg/chartutil/load.go
+++ b/pkg/chartutil/load.go
@@ -355,6 +355,13 @@ func LoadDir(dir string) (*chart.Chart, error) {
 			return nil
 		}
 
+		// Irregular files include devices, sockets, and other uses of files that
+		// are not regular files. In Go they have a file mode type bit set.
+		// See https://golang.org/pkg/os/#FileMode for examples.
+		if !fi.Mode().IsRegular() {
+			return fmt.Errorf("cannot load irregular file %s as it has file mode type bits set", name)
+		}
+
 		data, err := ioutil.ReadFile(name)
 		if err != nil {
 			return fmt.Errorf("error reading %s: %s", n, err)
diff --git a/pkg/chartutil/load_test.go b/pkg/chartutil/load_test.go
index 8ef45e01f..17da4b172 100644
--- a/pkg/chartutil/load_test.go
+++ b/pkg/chartutil/load_test.go
@@ -23,6 +23,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"testing"
 	"time"
@@ -51,6 +52,40 @@ func TestLoadNonV1Chart(t *testing.T) {
 	t.Fatalf("chart with v2 apiVersion should not load")
 }
 
+func TestLoadDirWithSymlinks(t *testing.T) {
+	sym := filepath.Join("..", "frobnitz", "README.md")
+	link := filepath.Join("testdata", "frobnitz_symlinks", "README.md")
+
+	if err := os.Symlink(sym, link); err != nil {
+		t.Fatal(err)
+	}
+
+	defer os.Remove(link)
+
+	c, err := Load("testdata/frobnitz_symlinks")
+	if err != nil {
+		t.Fatalf("Failed to load testdata: %s", err)
+	}
+	verifyFrobnitz(t, c)
+	verifyChart(t, c)
+	verifyRequirements(t, c)
+}
+
+func TestLoadDirWithBadSymlinks(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("test only works on unix systems with /dev/null present")
+	}
+
+	_, err := Load("testdata/bad_symlink")
+	if err == nil {
+		t.Fatal("Failed to detect bad symlink")
+	}
+
+	if !strings.HasPrefix(err.Error(), "cannot load irregular file") {
+		t.Errorf("Expected bad symlink error got %q", err)
+	}
+}
+
 func TestLoadFile(t *testing.T) {
 	c, err := Load("testdata/frobnitz-1.2.3.tgz")
 	if err != nil {
diff --git a/pkg/chartutil/testdata/bad_symlink/Chart.yaml b/pkg/chartutil/testdata/bad_symlink/Chart.yaml
new file mode 100644
index 000000000..8efc8bd68
--- /dev/null
+++ b/pkg/chartutil/testdata/bad_symlink/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+name: badsymlink
+description: A bad symlink is in here
+version: "1.0.0"
diff --git a/pkg/chartutil/testdata/bad_symlink/LICENSE b/pkg/chartutil/testdata/bad_symlink/LICENSE
new file mode 100644
index 000000000..6121943b1
--- /dev/null
+++ b/pkg/chartutil/testdata/bad_symlink/LICENSE
@@ -0,0 +1 @@
+LICENSE placeholder.
diff --git a/pkg/chartutil/testdata/bad_symlink/README.md b/pkg/chartutil/testdata/bad_symlink/README.md
new file mode 100644
index 000000000..8cf4cc3d7
--- /dev/null
+++ b/pkg/chartutil/testdata/bad_symlink/README.md
@@ -0,0 +1,11 @@
+# Frobnitz
+
+This is an example chart.
+
+## Usage
+
+This is an example. It has no usage.
+
+## Development
+
+For developer info, see the top-level repository.
diff --git a/pkg/chartutil/testdata/bad_symlink/dnull b/pkg/chartutil/testdata/bad_symlink/dnull
new file mode 120000
index 000000000..dc1dc0cde
--- /dev/null
+++ b/pkg/chartutil/testdata/bad_symlink/dnull
@@ -0,0 +1 @@
+/dev/null
\ No newline at end of file
diff --git a/pkg/chartutil/testdata/bad_symlink/templates/template.tpl b/pkg/chartutil/testdata/bad_symlink/templates/template.tpl
new file mode 100644
index 000000000..c651ee6a0
--- /dev/null
+++ b/pkg/chartutil/testdata/bad_symlink/templates/template.tpl
@@ -0,0 +1 @@
+Hello {{.Name | default "world"}}
diff --git a/pkg/chartutil/testdata/bad_symlink/values.yaml b/pkg/chartutil/testdata/bad_symlink/values.yaml
new file mode 100644
index 000000000..61f501258
--- /dev/null
+++ b/pkg/chartutil/testdata/bad_symlink/values.yaml
@@ -0,0 +1,6 @@
+# A values file contains configuration.
+
+name: "Some Name"
+
+section:
+  name: "Name in a section"
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/.helmignore b/pkg/chartutil/testdata/frobnitz_symlinks/.helmignore
new file mode 100644
index 000000000..9973a57b8
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/.helmignore
@@ -0,0 +1 @@
+ignore/
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/Chart.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/Chart.yaml
new file mode 100644
index 000000000..134cd1109
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+name: frobnitz
+description: This is a frobnitz.
+version: "1.2.3"
+keywords:
+  - frobnitz
+  - sprocket
+  - dodad
+maintainers:
+  - name: The Helm Team
+    email: helm@example.com
+  - name: Someone Else
+    email: nobody@example.com
+sources:
+  - https://example.com/foo/bar
+home: http://example.com
+icon: https://example.com/64x64.png
+annotations:
+  extrakey: extravalue
+  anotherkey: anothervalue
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/INSTALL.txt b/pkg/chartutil/testdata/frobnitz_symlinks/INSTALL.txt
new file mode 100644
index 000000000..2010438c2
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/INSTALL.txt
@@ -0,0 +1 @@
+This is an install document. The client may display this.
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/LICENSE b/pkg/chartutil/testdata/frobnitz_symlinks/LICENSE
new file mode 100644
index 000000000..6121943b1
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/LICENSE
@@ -0,0 +1 @@
+LICENSE placeholder.
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/_ignore_me b/pkg/chartutil/testdata/frobnitz_symlinks/charts/_ignore_me
new file mode 100644
index 000000000..2cecca682
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/_ignore_me
@@ -0,0 +1 @@
+This should be ignored by the loader, but may be included in a chart.
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/Chart.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/Chart.yaml
new file mode 100644
index 000000000..79e0d65db
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+name: alpine
+description: Deploy a basic Alpine Linux pod
+version: 0.1.0
+home: https://helm.sh/helm
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/README.md b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/README.md
new file mode 100644
index 000000000..b30b949dd
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/README.md
@@ -0,0 +1,9 @@
+This example was generated using the command `helm create alpine`.
+
+The `templates/` directory contains a very simple pod resource with a
+couple of parameters.
+
+The `values.toml` file contains the default values for the
+`alpine-pod.yaml` template.
+
+You can install this example using `helm install ./alpine`.
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/Chart.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/Chart.yaml
new file mode 100644
index 000000000..1c9dd5fa4
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+name: mast1
+description: A Helm chart for Kubernetes
+version: 0.1.0
+home: ""
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/values.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/values.yaml
new file mode 100644
index 000000000..42c39c262
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/charts/mast1/values.yaml
@@ -0,0 +1,4 @@
+# Default values for mast1.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name = "value"
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/templates/alpine-pod.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/templates/alpine-pod.yaml
new file mode 100644
index 000000000..21ae20aad
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/templates/alpine-pod.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{.Release.Name}}-{{.Chart.Name}}
+  labels:
+    app.kubernetes.io/managed-by: {{.Release.Service}}
+    app.kubernetes.io/name: {{.Chart.Name}}
+    helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
+spec:
+  restartPolicy: {{default "Never" .restart_policy}}
+  containers:
+  - name: waiter
+    image: "alpine:3.9"
+    command: ["/bin/sleep","9000"]
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/values.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/values.yaml
new file mode 100644
index 000000000..6c2aab7ba
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/charts/alpine/values.yaml
@@ -0,0 +1,2 @@
+# The pod name
+name: "my-alpine"
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/charts/mariner-4.3.2.tgz b/pkg/chartutil/testdata/frobnitz_symlinks/charts/mariner-4.3.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3190136b050e62c628b3c817fd963ac9dc4a9e25
GIT binary patch
literal 967
zcmV;&133I2iwFR+9h6)E1MQb<XcR{rz^_PKS%@t@2-T(;FA7S?-tO(=@EQ|Bv<6Hh
zL{Z`^&RynmOZRb|olT7*El5F)TEwV`nuzp6)emYPp9BRpS`dt{#^i%ap<*CLvDLF8
zG0yGfjwGT{n~R9^<6vg*X8-@W`9H^iSThm!c`}F~2mwU_?x?EnDEQ^%*bfjTSylv5
z73o|MB~es7K*{8$QaCn&m~I7PglzQUb#z%I@)9}y|06xVBN+YmFO5P>_y%a`Bd>#=
zhbqf2w!b6}wZ9@rvIhtwzm?~C&+QLm+G2!l%`$_aUgS(@pdjdX3a%E}VXVc7`)dg(
zL%IRN2}c1D3xoMi2w@WuWOMZ?5i&3FelBVyq<FnlKn$6+$P8=94srk#fTRMbhakb0
zZPV`nz$j+f8nJLg5JU-y*+HKVt%gQSM|{{ad?_DwRVQCbEA$Gy$O~TXZJ*=2%HXrj
zOc{99{4YzYDk>_Ce_8fREdP%NDf<&d!wu3{&VUQNs{N%vK$Ha~k^gB2!0bO7r0ic0
zbqCp*X#j?=|H@GNONsuE)&I<s2j-v%baVoe9^h8?!qT#msznP*D&`jPTpm~y)oegN
z5LA~`lo!wy1|$U4f`~>dbh>2MX(Z}|+=@*sLod*wS?A8Ugp#mMPuMO0NnZmos9_rr
z3xpDL+otj~lRh?B4hHFTl+d5-8NBXmUXB~EyF^bx7m*+!*g>obczvGF|8xkWsHN8;
z%#+wiWP{=2pC*98@$VNzzsll&G#D7&11-;D>HT0x|DV2?6}a~*p46@R|2l??e_8dX
z@Bb>D3t~VC_*wjq2Dy!6J-_5ME%%J+xmsbK5<dNKReMqEhB1|U&TMST2`xPM<Zf1Z
z*|hcBdcecDQ#JXgLl?6i%v*OeGO-ok+1#>a#qO>ZV?Wt`d|TDdrB^B&LqFr@lYdUA
zs&4-JAg3&uc4dA0gv*bXU9QePa9^8wR{HovA)j@)JOAIkak0Jl)aKqA_3XLM#?H=V
z-{tlG=xy^os=1Z><jAl7hc!3WOl^65uebQOwmYTW@ku#5I`-r&k-y-M{dF|nGj-g(
z><53;&+C4=zp|%rwv!)UyY=%k_t%Y|wNRQl`C6N_Z&S;S+~wb1=)2Uh_4I81`y>DO
zoLPSt=btB&x{CUK`0DA&){efW_O36RxnsYZNT0r;JbTLR{H4M3C$8(Cee==aQ~Gbq
p$`5v3?NB{4-j0<R3<iV2U@#aA27|$1Fc^$C;~7HLiNF9T006nP>XQHf

literal 0
HcmV?d00001

diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/docs/README.md b/pkg/chartutil/testdata/frobnitz_symlinks/docs/README.md
new file mode 100644
index 000000000..d40747caf
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/docs/README.md
@@ -0,0 +1 @@
+This is a placeholder for documentation.
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/icon.svg b/pkg/chartutil/testdata/frobnitz_symlinks/icon.svg
new file mode 100644
index 000000000..892130606
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/icon.svg
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg"
+    xmlns:xlink="http://www.w3.org/1999/xlink"
+    version="1.0" width="256" height="256" id="test">
+  <desc>Example icon</desc>
+  <rect id="first" x="2" y="2" width="40" height="60" fill="navy"/>
+  <rect id="second" x="15" y="4" width="40" height="60" fill="red"/>
+</svg>
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/ignore/me.txt b/pkg/chartutil/testdata/frobnitz_symlinks/ignore/me.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/requirements.lock b/pkg/chartutil/testdata/frobnitz_symlinks/requirements.lock
new file mode 100755
index 000000000..6fcc2ed9f
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/requirements.lock
@@ -0,0 +1,8 @@
+dependencies:
+  - name: alpine
+    version: "0.1.0"
+    repository: https://example.com/charts
+  - name: mariner
+    version: "4.3.2"
+    repository: https://example.com/charts
+digest: invalid
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/requirements.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/requirements.yaml
new file mode 100755
index 000000000..5eb0bc98b
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/requirements.yaml
@@ -0,0 +1,7 @@
+dependencies:
+  - name: alpine
+    version: "0.1.0"
+    repository: https://example.com/charts
+  - name: mariner
+    version: "4.3.2"
+    repository: https://example.com/charts
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/templates/template.tpl b/pkg/chartutil/testdata/frobnitz_symlinks/templates/template.tpl
new file mode 100644
index 000000000..c651ee6a0
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/templates/template.tpl
@@ -0,0 +1 @@
+Hello {{.Name | default "world"}}
diff --git a/pkg/chartutil/testdata/frobnitz_symlinks/values.yaml b/pkg/chartutil/testdata/frobnitz_symlinks/values.yaml
new file mode 100644
index 000000000..61f501258
--- /dev/null
+++ b/pkg/chartutil/testdata/frobnitz_symlinks/values.yaml
@@ -0,0 +1,6 @@
+# A values file contains configuration.
+
+name: "Some Name"
+
+section:
+  name: "Name in a section"
diff --git a/pkg/sympath/walk.go b/pkg/sympath/walk.go
index 175d3fa95..9a62261d0 100644
--- a/pkg/sympath/walk.go
+++ b/pkg/sympath/walk.go
@@ -22,6 +22,7 @@ package sympath
 
 import (
 	"fmt"
+	"log"
 	"os"
 	"path/filepath"
 	"sort"
@@ -69,6 +70,7 @@ func symwalk(path string, info os.FileInfo, walkFn filepath.WalkFunc) error {
 		if err != nil {
 			return fmt.Errorf("error evaluating symlink %s: %s", path, err)
 		}
+		log.Printf("found symbolic link in path: %s resolves to %s", path, resolved)
 		if info, err = os.Lstat(resolved); err != nil {
 			return err
 		}