Allow symlinks within a repository

[gg-kialo]

The fix for GHSA-6gcg-hp2x-q54h (in this commit: d36d95d), feels overly strict. It prevents symlinking to files that aren't in the directory root, but are in the same repository.

I would prefer if symlinks were only prevented from reaching outside of their own repository root.

I trust all the commits in my repo, and I make use of symlinks to deduplicate identical manifest files, i.e. a directory application contains yaml files, and a symlink to another directory of yaml files shared with other applications.

If this is still considered too insecure, then perhaps it could be a setting that could be enabled on the project or application level. I would be interested in contributing such changes if they are desirable.

If there are any other approaches to create an application of non-overlapping directories, I'd be eager to hear them.

[rumstead]

It sounds like you are describing kustomize.

Kustomize allows you to reference resources from different directories and even ones that are remote.

1. Referencing bases - https://github.com/kubernetes-sigs/kustomize/tree/master/examples/multibases
2. Referencing remote bases - https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md

[gg-kialo]

Thanks for the tip. We've started using kustomize for this.

[crenshaw-dev]

You're quite right, symlinks within the repo should be allowed. I believe this was fixed with GHSA-jhqp-vf4w-rpwq.

There's even a unit test for this exact case. Here's the current bounds check:

argo-cd/reposerver/repository/repository.go

Line 1257 in 2ac7bd3

if !files.Inbound(realPath, repoRoot) {