Skip to content

Commit

Permalink
Merge pull request #2238 from anthonydahanne/2237-workspace-sensitive
Browse files Browse the repository at this point in the history
Fix #2237: consider /workspace as a sensitive dir
  • Loading branch information
natalieparellano authored Jul 29, 2024
2 parents 3902749 + 5821ccd commit c253591
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 5 deletions.
6 changes: 4 additions & 2 deletions pkg/client/build_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2925,6 +2925,8 @@ api = "0.2"
"/cnb/nested",
"/layers",
"/layers/nested",
"/workspace",
"/workspace/bindings",
} {
p := p
it(fmt.Sprintf("warns when mounting to '%s'", p), func() {
Expand Down Expand Up @@ -2997,7 +2999,7 @@ api = "0.2"

when("mounting onto cnb spec'd dir", func() {
for _, p := range []string{
`/cnb`, `/cnb/buildpacks`, `/layers`,
`/cnb`, `/cnb/buildpacks`, `/layers`, `/workspace`,
} {
p := p
it(fmt.Sprintf("warns when mounting to '%s'", p), func() {
Expand Down Expand Up @@ -3067,7 +3069,7 @@ api = "0.2"

when("mounting onto cnb spec'd dir", func() {
for _, p := range []string{
`c:\cnb`, `c:\cnb\buildpacks`, `c:\layers`,
`c:\cnb`, `c:\cnb\buildpacks`, `c:\layers`, `c:\workspace`,
} {
p := p
it(fmt.Sprintf("warns when mounting to '%s'", p), func() {
Expand Down
4 changes: 2 additions & 2 deletions pkg/client/process_volumes.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,9 @@ func processVolumes(imgOS string, volumes []string) (processed []string, warning
return nil, nil, errors.Wrapf(err, "platform volume %q has invalid format", v)
}

sensitiveDirs := []string{"/cnb", "/layers"}
sensitiveDirs := []string{"/cnb", "/layers", "/workspace"}
if imgOS == "windows" {
sensitiveDirs = []string{`c:/cnb`, `c:\cnb`, `c:/layers`, `c:\layers`}
sensitiveDirs = []string{`c:/cnb`, `c:\cnb`, `c:/layers`, `c:\layers`, `c:/workspace`, `c:\workspace`}
}
for _, p := range sensitiveDirs {
if strings.HasPrefix(strings.ToLower(volume.Spec.Target), p) {
Expand Down
2 changes: 1 addition & 1 deletion pkg/client/process_volumes_darwin.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func processVolumes(imgOS string, volumes []string) (processed []string, warning
if err != nil {
return nil, nil, err
}
sensitiveDirs := []string{"/cnb", "/layers"}
sensitiveDirs := []string{"/cnb", "/layers", "/workspace"}
if imgOS == "windows" {
sensitiveDirs = []string{`c:/cnb`, `c:\cnb`, `c:/layers`, `c:\layers`}
}
Expand Down

0 comments on commit c253591

Please sign in to comment.