Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm: introduce customized chart loaders #663

Merged
merged 7 commits into from
Apr 11, 2022
Merged

helm: introduce customized chart loaders #663

merged 7 commits into from
Apr 11, 2022

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Apr 11, 2022

No description provided.

@hiddeco hiddeco added the area/helm Helm related issues and pull requests label Apr 11, 2022
@stefanprodan stefanprodan added the enhancement New feature or request label Apr 11, 2022
@hiddeco
helm: copy internal ignore and sympath modules
ad597b3 
We require these to be able to mimic Helm's own directory loader, and
surprisingly (for `ignore` at least), these are not public.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco
sympath: provide abs path after eval symlink
25f54ee 
This can be used to detect traversion outside of a certain path scope
while walking.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco
helm: drop github.com/pkg/errors
5ae30cb 
Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco
helm: introduce customized chart loaders
6fc066b 
This introduces our own `secureloader` package, with a directory
loader that's capable of following symlinks while validating they stay
within a certain root boundary.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco hiddeco force-pushed the helm-safe-dir-loader branch 4 times, most recently from 39d5bbb to f0a5e7a Compare April 11, 2022 08:15
pjbgf
pjbgf approved these changes Apr 11, 2022
View reviewed changes
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hiddeco great effort! LGTM

darkowlzz
darkowlzz approved these changes Apr 11, 2022
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@hiddeco
helm: add more test coverage for secureloader
b9063d7 
Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco
helm: switch to our own chart loader package
e85ea78 
This includes some rewiring of tests, and slight changes in how we work
with the local chart reference. `Path` is expected to be relative to
`WorkDir`, and both fields are now mandatory.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco
helm: attach loader to helm.MaxChartFileSize
9a17fd5 
Signed-off-by: Hidde Beydals <hello@hidde.co>
stefanprodan
stefanprodan approved these changes Apr 11, 2022
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @hiddeco

@hiddeco hiddeco merged commit 711780c into main Apr 11, 2022
@hiddeco hiddeco deleted the helm-safe-dir-loader branch April 11, 2022 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darkowlzz darkowlzz darkowlzz approved these changes

@stefanprodan stefanprodan stefanprodan approved these changes

@pjbgf pjbgf pjbgf approved these changes

Assignees
No one assigned
Labels
area/helm Helm related issues and pull requests enhancement New feature or request
Projects
Maintainers' Focus
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hiddeco @darkowlzz @stefanprodan @pjbgf