From fed7e69c81eef1cf0686a5a73d01901c1584e169 Mon Sep 17 00:00:00 2001 From: Michelle Noorali Date: Sat, 14 Apr 2018 11:29:27 -0400 Subject: [PATCH] ref(pkg/plugin): create clean path for extracting plugins --- glide.lock | 10 ++- glide.yaml | 2 + pkg/plugin/installer/http_installer.go | 16 ++-- pkg/plugin/installer/http_installer_test.go | 88 +++++++++++++++++++++ 4 files changed, 108 insertions(+), 8 deletions(-) diff --git a/glide.lock b/glide.lock index 6c54c927c..a91c31b7b 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 6837936360d447b64aa7a09d3c89c18ac5540b009a57fc4d3227af299bf40268 -updated: 2018-04-03T08:17:14.801847688-07:00 +hash: 4023a1644d60060fbf2fdbbe5b73cbb4b957eb686ce925640d102db2d1858676 +updated: 2018-04-14T11:27:34.604716498-04:00 imports: - name: cloud.google.com/go version: 3b1ae45394a234c385be014e9a488f2bb6eef821 @@ -31,6 +31,8 @@ imports: version: 71acacd42f85e5e82f70a55327789582a5200a90 subpackages: - md2man +- name: github.com/cyphar/filepath-securejoin + version: 06bda8370f45268db985f7af15732444d94ed51c - name: github.com/davecgh/go-spew version: 782f4967f2dc4564575ca782fe2d04090b5faca8 subpackages: @@ -210,6 +212,8 @@ imports: version: ca53cad383cad2479bbba7f7a1a05797ec1386e4 - name: github.com/peterbourgon/diskv version: 5f041e8faa004a95c88a202771f4cc3e991971e6 +- name: github.com/pkg/errors + version: 645ef00459ed84a119197bfb8d8205042c6df63d - name: github.com/prometheus/client_golang version: c5b7fccd204277076155f10851dad72b76a49317 subpackages: @@ -641,7 +645,7 @@ imports: - pkg/util/proto - pkg/util/proto/validation - name: k8s.io/kubernetes - version: a22f9fd34871d9dc9e5db2c02c713821d18ab2cd + version: baab3992147260d47cb59b9c485a24fdeff2e457 subpackages: - pkg/api/events - pkg/api/legacyscheme diff --git a/glide.yaml b/glide.yaml index 7fcb16d0b..ce5d0e8c2 100644 --- a/glide.yaml +++ b/glide.yaml @@ -57,6 +57,8 @@ import: version: release-1.10 - package: k8s.io/apiserver version: release-1.10 +- package: github.com/cyphar/filepath-securejoin + version: ^0.2.1 testImports: - package: github.com/stretchr/testify diff --git a/pkg/plugin/installer/http_installer.go b/pkg/plugin/installer/http_installer.go index 91d497651..b5c205de6 100644 --- a/pkg/plugin/installer/http_installer.go +++ b/pkg/plugin/installer/http_installer.go @@ -21,14 +21,17 @@ import ( "compress/gzip" "fmt" "io" - "k8s.io/helm/pkg/getter" - "k8s.io/helm/pkg/helm/environment" - "k8s.io/helm/pkg/helm/helmpath" - "k8s.io/helm/pkg/plugin/cache" "os" "path/filepath" "regexp" "strings" + + fp "github.com/cyphar/filepath-securejoin" + + "k8s.io/helm/pkg/getter" + "k8s.io/helm/pkg/helm/environment" + "k8s.io/helm/pkg/helm/helmpath" + "k8s.io/helm/pkg/plugin/cache" ) // HTTPInstaller installs plugins from an archive served by a web server. @@ -181,7 +184,10 @@ func (g *TarGzExtractor) Extract(buffer *bytes.Buffer, targetDir string) error { return err } - path := filepath.Join(targetDir, header.Name) + path, err := fp.SecureJoin(targetDir, header.Name) + if err != nil { + return err + } switch header.Typeflag { case tar.TypeDir: diff --git a/pkg/plugin/installer/http_installer_test.go b/pkg/plugin/installer/http_installer_test.go index ca1a71e3e..bab5f7a92 100644 --- a/pkg/plugin/installer/http_installer_test.go +++ b/pkg/plugin/installer/http_installer_test.go @@ -16,12 +16,15 @@ limitations under the License. package installer // import "k8s.io/helm/pkg/plugin/installer" import ( + "archive/tar" "bytes" + "compress/gzip" "encoding/base64" "fmt" "io/ioutil" "k8s.io/helm/pkg/helm/helmpath" "os" + "path/filepath" "testing" ) @@ -187,3 +190,88 @@ func TestHTTPInstallerUpdate(t *testing.T) { t.Error("update method not implemented for http installer") } } + +func TestExtract(t *testing.T) { + //create a temp home + hh, err := ioutil.TempDir("", "helm-home-") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(hh) + + home := helmpath.Home(hh) + if err := os.MkdirAll(home.Plugins(), 0755); err != nil { + t.Fatalf("Could not create %s: %s", home.Plugins(), err) + } + + cacheDir := filepath.Join(home.Cache(), "plugins", "plugin-key") + if err := os.MkdirAll(cacheDir, 0755); err != nil { + t.Fatalf("Could not create %s: %s", cacheDir, err) + } + + //{"plugin.yaml", "plugin metadata up in here"}, + //{"README.md", "so you know what's upp"}, + //{"script.sh", "echo script"}, + + var tarbuf bytes.Buffer + tw := tar.NewWriter(&tarbuf) + var files = []struct { + Name, Body string + }{ + {"../../plugin.yaml", "sneaky plugin metadata"}, + {"README.md", "some text"}, + } + for _, file := range files { + hdr := &tar.Header{ + Name: file.Name, + Typeflag: tar.TypeReg, + Mode: 0600, + Size: int64(len(file.Body)), + } + if err := tw.WriteHeader(hdr); err != nil { + t.Fatal(err) + } + if _, err := tw.Write([]byte(file.Body)); err != nil { + t.Fatal(err) + } + } + if err := tw.Close(); err != nil { + t.Fatal(err) + } + + var buf bytes.Buffer + gz := gzip.NewWriter(&buf) + if _, err := gz.Write(tarbuf.Bytes()); err != nil { + t.Fatal(err) + } + gz.Close() + + source := "https://repo.localdomain/plugins/fake-plugin-0.0.1.tgz" + extr, err := NewExtractor(source) + if err != nil { + t.Fatal(err) + } + + if err = extr.Extract(&buf, cacheDir); err != nil { + t.Errorf("Did not expect error but got error: %v", err) + } + + pluginYAMLFullPath := filepath.Join(cacheDir, "plugin.yaml") + if _, err := os.Stat(pluginYAMLFullPath); err != nil { + if os.IsNotExist(err) { + t.Errorf("Expected %s to exist but doesn't", pluginYAMLFullPath) + } else { + t.Error(err) + } + } + + readmeFullPath := filepath.Join(cacheDir, "README.md") + if _, err := os.Stat(readmeFullPath); err != nil { + if os.IsNotExist(err) { + t.Errorf("Expected %s to exist but doesn't", readmeFullPath) + } else { + t.Error(err) + } + } + +}