public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Ignore symlinks during file extraction if link is whitelisted

This commit is contained in:
Priya Wadhwa 2018-05-07 15:02:00 -07:00
parent 168bed87d9
commit d040c89af6
No known key found for this signature in database
GPG Key ID: 0D0DAFD8F7AA73AE
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
integration_tests/dockerfiles/Dockerfile_test_copy
View File

@ -1,4 +1,4 @@
FROM gcr.io/distroless/base FROM alpine:3.7
COPY context/foo foo COPY context/foo foo
COPY context/foo /foodir/ COPY context/foo /foodir/
COPY context/bar/b* bar/ COPY context/bar/b* bar/

6
pkg/util/fs_util.go
View File

@ -94,6 +94,12 @@ func GetFSFromImage(img v1.Image) error {
logrus.Infof("Not adding %s because it is whitelisted", path) logrus.Infof("Not adding %s because it is whitelisted", path)
continue continue
} }
if hdr.Typeflag == tar.TypeSymlink {
if checkWhitelist(hdr.Linkname, whitelist) {
logrus.Debugf("skipping symlink from %s to %s because %s is whitelisted", hdr.Linkname, path, hdr.Linkname)
continue
}
}
fs[path] = struct{}{} fs[path] = struct{}{}
if err := extractFile("/", hdr, tr); err != nil { if err := extractFile("/", hdr, tr); err != nil {