Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helm: introduce customized chart loaders #663

Merged
merged 7 commits into from
Apr 11, 2022
Merged

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Apr 11, 2022

No description provided.

@hiddeco hiddeco added the area/helm Helm related issues and pull requests label Apr 11, 2022
@stefanprodan stefanprodan added the enhancement New feature or request label Apr 11, 2022
We require these to be able to mimic Helm's own directory loader, and
surprisingly (for `ignore` at least), these are not public.

Signed-off-by: Hidde Beydals <hello@hidde.co>
This can be used to detect traversion outside of a certain path scope
while walking.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This introduces our own `secureloader` package, with a directory
loader that's capable of following symlinks while validating they stay
within a certain root boundary.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco hiddeco force-pushed the helm-safe-dir-loader branch 4 times, most recently from 39d5bbb to f0a5e7a Compare April 11, 2022 08:15
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hiddeco great effort! LGTM

Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes some rewiring of tests, and slight changes in how we work
with the local chart reference. `Path` is expected to be relative to
`WorkDir`, and both fields are now mandatory.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @hiddeco

@hiddeco hiddeco merged commit 711780c into main Apr 11, 2022
@hiddeco hiddeco deleted the helm-safe-dir-loader branch April 11, 2022 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/helm Helm related issues and pull requests enhancement New feature or request
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

4 participants