From 720c28f4c517a72f71b294d35193825cbeeb7e53 Mon Sep 17 00:00:00 2001 From: Arash Deshmeh Date: Wed, 17 Apr 2019 15:01:56 -0400 Subject: [PATCH] fix(helm): improve error message for content outside base dir Signed-off-by: Arash Deshmeh --- pkg/chartutil/load.go | 2 +- pkg/chartutil/load_test.go | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/chartutil/load.go b/pkg/chartutil/load.go index b0927a5cf..a4b8815f8 100644 --- a/pkg/chartutil/load.go +++ b/pkg/chartutil/load.go @@ -118,7 +118,7 @@ func loadArchiveFiles(in io.Reader) ([]*BufferedFile, error) { n = path.Clean(n) if n == "." { // In this case, the original path was relative when it should have been absolute. - return nil, errors.New("chart illegally contains empty path") + return nil, fmt.Errorf("chart illegally contains content outside the base directory: %q", hd.Name) } if strings.HasPrefix(n, "..") { return nil, errors.New("chart illegally references parent directory") diff --git a/pkg/chartutil/load_test.go b/pkg/chartutil/load_test.go index c031a6a96..e0539925c 100644 --- a/pkg/chartutil/load_test.go +++ b/pkg/chartutil/load_test.go @@ -90,9 +90,10 @@ func TestLoadArchive_InvalidArchive(t *testing.T) { {"illegal-dots2.tgz", "/foo/../../malformed-helm-test", "chart illegally references parent directory"}, {"illegal-dots3.tgz", "/../../malformed-helm-test", "chart illegally references parent directory"}, {"illegal-dots4.tgz", "./../../malformed-helm-test", "chart illegally references parent directory"}, - {"illegal-name.tgz", "./.", "chart illegally contains empty path"}, - {"illegal-name2.tgz", "/./.", "chart illegally contains empty path"}, - {"illegal-name3.tgz", "missing-leading-slash", "chart illegally contains empty path"}, + {"illegal-name.tgz", "./.", "chart illegally contains content outside the base directory: \"./.\""}, + {"illegal-name2.tgz", "/./.", "chart illegally contains content outside the base directory: \"/./.\""}, + {"illegal-name3.tgz", "missing-leading-slash", "chart illegally contains content outside the base directory: \"missing-leading-slash\""}, + {"illegal-name5.tgz", "content-outside-base-dir", "chart illegally contains content outside the base directory: \"content-outside-base-dir\""}, {"illegal-name4.tgz", "/missing-leading-slash", "chart metadata (Chart.yaml) missing"}, {"illegal-abspath.tgz", "//foo", "chart illegally contains absolute paths"}, {"illegal-abspath2.tgz", "///foo", "chart illegally contains absolute paths"},