From d040c89af6a41667db34f12aca43bf880f516322 Mon Sep 17 00:00:00 2001
From: Priya Wadhwa <priyawadhwa@google.com>
Date: Mon, 7 May 2018 15:02:00 -0700
Subject: [PATCH] Ignore symlinks during file extraction if link is whitelisted

---
 integration_tests/dockerfiles/Dockerfile_test_copy | 2 +-
 pkg/util/fs_util.go                                | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/integration_tests/dockerfiles/Dockerfile_test_copy b/integration_tests/dockerfiles/Dockerfile_test_copy
index 99c179c11..fd184394d 100644
--- a/integration_tests/dockerfiles/Dockerfile_test_copy
+++ b/integration_tests/dockerfiles/Dockerfile_test_copy
@@ -1,4 +1,4 @@
-FROM gcr.io/distroless/base
+FROM alpine:3.7
 COPY context/foo foo
 COPY context/foo /foodir/
 COPY context/bar/b* bar/
diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go
index 3d8b46bc5..f167f18a5 100644
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@@ -94,6 +94,12 @@ func GetFSFromImage(img v1.Image) error {
 				logrus.Infof("Not adding %s because it is whitelisted", path)
 				continue
 			}
+			if hdr.Typeflag == tar.TypeSymlink {
+				if checkWhitelist(hdr.Linkname, whitelist) {
+					logrus.Debugf("skipping symlink from %s to %s because %s is whitelisted", hdr.Linkname, path, hdr.Linkname)
+					continue
+				}
+			}
 			fs[path] = struct{}{}
 
 			if err := extractFile("/", hdr, tr); err != nil {