summaryrefslogtreecommitdiff
path: root/pkg/api/handlers
diff options
context:
space:
mode:
authorAditya Rajan <arajan@redhat.com>2021-11-30 14:15:53 +0530
committerAditya Rajan <arajan@redhat.com>2021-11-30 15:44:10 +0530
commitc80a2e4495f877bc0f6a522e99b511de6c0d525d (patch)
treecdddb70203a49f8f0a9a3789651e689d2b700e59 /pkg/api/handlers
parente7204178e175d8ad619faa626ba284c777886cd3 (diff)
downloadpodman-c80a2e4495f877bc0f6a522e99b511de6c0d525d.tar.gz
podman-c80a2e4495f877bc0f6a522e99b511de6c0d525d.tar.bz2
podman-c80a2e4495f877bc0f6a522e99b511de6c0d525d.zip
podman-remote: prevent leaking secret into image
Prevents temp secrets leaking into image by moving it away from context directory to parent builder directory. Builder directory automatically gets cleaned up when we are done with the build. Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'pkg/api/handlers')
-rw-r--r--pkg/api/handlers/compat/images_build.go14
1 files changed, 13 insertions, 1 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 200d72192..3aa1af71a 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -259,7 +259,19 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
arr := strings.SplitN(token, "=", 2)
if len(arr) > 1 {
if arr[0] == "src" {
- modifiedSrc := fmt.Sprintf("src=%s", filepath.Join(contextDirectory, arr[1]))
+ /* move secret away from contextDir */
+ /* to make sure we dont accidentally commit temporary secrets to image*/
+ builderDirectory, _ := filepath.Split(contextDirectory)
+ // following path is outside build context
+ newSecretPath := filepath.Join(builderDirectory, arr[1])
+ oldSecretPath := filepath.Join(contextDirectory, arr[1])
+ err := os.Rename(oldSecretPath, newSecretPath)
+ if err != nil {
+ utils.BadRequest(w, "secrets", query.Secrets, err)
+ return
+ }
+
+ modifiedSrc := fmt.Sprintf("src=%s", newSecretPath)
modifiedOpt = append(modifiedOpt, modifiedSrc)
} else {
modifiedOpt = append(modifiedOpt, token)