summaryrefslogtreecommitdiff
path: root/pkg/api/handlers/compat/images_build.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/api/handlers/compat/images_build.go')
-rw-r--r--pkg/api/handlers/compat/images_build.go14
1 files changed, 13 insertions, 1 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 200d72192..3aa1af71a 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -259,7 +259,19 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
arr := strings.SplitN(token, "=", 2)
if len(arr) > 1 {
if arr[0] == "src" {
- modifiedSrc := fmt.Sprintf("src=%s", filepath.Join(contextDirectory, arr[1]))
+ /* move secret away from contextDir */
+ /* to make sure we dont accidentally commit temporary secrets to image*/
+ builderDirectory, _ := filepath.Split(contextDirectory)
+ // following path is outside build context
+ newSecretPath := filepath.Join(builderDirectory, arr[1])
+ oldSecretPath := filepath.Join(contextDirectory, arr[1])
+ err := os.Rename(oldSecretPath, newSecretPath)
+ if err != nil {
+ utils.BadRequest(w, "secrets", query.Secrets, err)
+ return
+ }
+
+ modifiedSrc := fmt.Sprintf("src=%s", newSecretPath)
modifiedOpt = append(modifiedOpt, modifiedSrc)
} else {
modifiedOpt = append(modifiedOpt, token)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-01 09:28:23 +0000