From dc3eeef5b113ffd6bd6e18092f40c6ea4da274a6 Mon Sep 17 00:00:00 2001
From: Fedor Korotkov <fedor.korotkov@gmail.com>
Date: Tue, 24 Oct 2023 13:01:34 -0400
Subject: [PATCH] Support URLs in hostDir policies (#146)

* Support URLs in hostDir policies

We can't just blindly allow remote URLs since they might contain symlinks leading to outside the archive. Instead, let's support specifying URLs where the remote archive can come from.

Fixes #145

* Ignore Lint issue

* Reverted old validation logic
---
 pkg/resource/v1/host_dir_policy.go      |  7 +++++++
 pkg/resource/v1/host_dir_policy_test.go | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/pkg/resource/v1/host_dir_policy.go b/pkg/resource/v1/host_dir_policy.go
index 502d210..e4b2936 100644
--- a/pkg/resource/v1/host_dir_policy.go
+++ b/pkg/resource/v1/host_dir_policy.go
@@ -14,6 +14,13 @@ type HostDirPolicy struct {
 }
 
 func NewHostDirPolicyFromString(s string) (HostDirPolicy, error) {
+	if strings.HasPrefix(s, "http://") || strings.HasPrefix(s, "https://") {
+		return HostDirPolicy{
+			PathPrefix: strings.TrimSuffix(s, ":ro"),
+			ReadOnly:   strings.HasSuffix(s, ":ro"),
+		}, nil
+	}
+
 	parts := strings.Split(s, ":")
 
 	if len(parts) > 2 {
diff --git a/pkg/resource/v1/host_dir_policy_test.go b/pkg/resource/v1/host_dir_policy_test.go
index 49b7cc0..8c3a78c 100644
--- a/pkg/resource/v1/host_dir_policy_test.go
+++ b/pkg/resource/v1/host_dir_policy_test.go
@@ -61,3 +61,14 @@ func TestHostDirPolicyString(t *testing.T) {
 	policyRo := &v1.HostDirPolicy{PathPrefix: "/Users/ci/src", ReadOnly: true}
 	require.EqualValues(t, "/Users/ci/src:ro", policyRo.String())
 }
+
+func TestHTTPHostDirPolicyString(t *testing.T) {
+	policy, err := v1.NewHostDirPolicyFromString("https://github.com/actions/runner/releases/download")
+	require.NoError(t, err)
+	require.EqualValues(t, v1.HostDirPolicy{
+		PathPrefix: "https://github.com/actions/runner/releases/download",
+		ReadOnly:   false,
+	}, policy)
+	//nolint: lll
+	require.True(t, policy.Validate("https://github.com/actions/runner/releases/download/v2.309.0/actions-runner-osx-arm64-2.309.0.tar.gz", false))
+}