public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix - Incomplete regular expression for hostnames (#1993) 

Fixed the codeql issue
```
Sanitizing untrusted URLs is an important technique for preventing attacks such as request forgeries and malicious redirections. Often, this is done by checking that the host of a URL is in a set of allowed hosts.

If a regular expression implements such a check, it is easy to accidentally make the check too permissive by not escaping regular-expression meta-characters such as ..

Even if the check is not used in a security-critical context, the incomplete check may still cause undesirable behavior when it accidentally succeeds.

```
This commit is contained in:
Naveen 2022-03-15 23:16:04 -05:00 committed by GitHub
parent 34b2c347c9
commit 783979948d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/constants/constants.go
View File

@ -20,7 +20,7 @@ const (
// RootDir is the path to the root directory // RootDir is the path to the root directory
RootDir = "/" RootDir = "/"
//KanikoDir is the path to the Kaniko directory // KanikoDir is the path to the Kaniko directory
KanikoDir = "/kaniko" KanikoDir = "/kaniko"
IgnoreListPath = "/proc/self/mountinfo" IgnoreListPath = "/proc/self/mountinfo"
@ -76,8 +76,9 @@ const (
var ScratchEnvVars = []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"} var ScratchEnvVars = []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}
// AzureBlobStorageHostRegEx is ReqEX for Valid azure blob storage host suffix in url for AzureCloud, AzureChinaCloud, AzureGermanCloud and AzureUSGovernment // AzureBlobStorageHostRegEx is ReqEX for Valid azure blob storage host suffix in url for AzureCloud, AzureChinaCloud, AzureGermanCloud and AzureUSGovernment
var AzureBlobStorageHostRegEx = []string{"https://(.+?).blob.core.windows.net/(.+)", var AzureBlobStorageHostRegEx = []string{
"https://(.+?).blob.core.chinacloudapi.cn/(.+)", "https://(.+?)\\.blob\\.core\\.windows\\.net/(.+)",
"https://(.+?).blob.core.cloudapi.de/(.+)", "https://(.+?)\\.blob\\.core\\.chinacloudapi\\.cn/(.+)",
"https://(.+?).blob.core.usgovcloudapi.net/(.+)", "https://(.+?)\\.blob\\.core\\.cloudapi\\.de/(.+)",
"https://(.+?)\\.blob\\.core\\.usgovcloudapi\\.net/(.+)",
} }