Fix kubectl-delivery security issues (#368)

kubeflow · Jun 22, 2021 · 53e2922 · 53e2922
1 parent 336fa6d
commit 53e2922
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/cmd/kubectl-delivery/app/server.go b/cmd/kubectl-delivery/app/server.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"io"
 	"os"
+	"path/filepath"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -91,11 +92,15 @@ func Run(opt *options.ServerOption) error {
 
 	kubeInformerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, 0, kubeinformers.WithNamespace(namespace))
 
-	fp, err := os.Open(filename)
+	fp, err := os.Open(filepath.Clean(filename))
 	if err != nil {
 		klog.Fatalf("Error open file[%s]: %v", filename, err)
 	}
-	defer fp.Close()
+	defer func() {
+		if err := fp.Close(); err != nil {
+			klog.Fatalf("Error closing file[%s]: %v", filename, err)
+		}
+	}()
 	bufReader := bufio.NewReader(fp)
 	pods := []string{}