Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use safe_path crate instead of our original secure_join #1911

Merged
merged 1 commit into from
May 13, 2023
Merged

Use safe_path crate instead of our original secure_join #1911

merged 1 commit into from
May 13, 2023

Conversation

utam0k
Copy link
Member

@utam0k utam0k commented May 13, 2023
edited
Loading

Our secure_join had a bug and did not work perfectly with K8s. It did not take into account the case where the symbolic destination is an absolute path.
https://github.com/cyphar/filepath-securejoin/blob/64536a8a66ae59588c981e2199f1dcf410508e07/join.go#L97-L99

Thus there are many cases where secure_join should be considered; it would be more worthwhile to use safe_path, which kata-container makes, and mature this one.

Fix: #1890

https://docs.rs/safe-path/latest/safe_path/

@utam0k
Use safe_path crate instead of our original secure_join
04b4892 
Our secure_join had a bug and did not work perfectly with K8s.
It did not take into account the case where the symbolic destination is an absolute path.
Thus there are many cases where secure_join should be considered;
it would be more worthwhile to use safe_path,
which kata-container makes, and mature this one.

Signed-off-by: utam0k <k0ma@utam0k.jp>
@utam0k utam0k changed the title Use safe_path crate instead of our original security_join Use safe_path crate instead of our original secure_join May 13, 2023
@codecov-commenter
Copy link

codecov-commenter commented May 13, 2023
edited
Loading

Codecov Report

Merging #1911 (04b4892) into main (dcc13ff) will decrease coverage by 0.23%.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1911      +/-   ##
==========================================
- Coverage   67.19%   66.97%   -0.23%     
==========================================
  Files         126      126              
  Lines       14288    14164     -124     
==========================================
- Hits         9601     9486     -115     
+ Misses       4687     4678       -9

@yihuaf yihuaf merged commit 91b476a into youki-dev:main May 13, 2023
@utam0k utam0k mentioned this pull request Aug 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yihuaf yihuaf yihuaf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove automountServiceAccountToken: false in tests/k8s/deploy.yaml
3 participants
@utam0k @codecov-commenter @yihuaf