diff options
Diffstat (limited to 'pkg/api/handlers/compat/images_build.go')
| -rw-r--r-- | pkg/api/handlers/compat/images_build.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 200d72192..3aa1af71a 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -259,7 +259,19 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { arr := strings.SplitN(token, "=", 2) if len(arr) > 1 { if arr[0] == "src" { - modifiedSrc := fmt.Sprintf("src=%s", filepath.Join(contextDirectory, arr[1])) + /* move secret away from contextDir */ + /* to make sure we dont accidentally commit temporary secrets to image*/ + builderDirectory, _ := filepath.Split(contextDirectory) + // following path is outside build context + newSecretPath := filepath.Join(builderDirectory, arr[1]) + oldSecretPath := filepath.Join(contextDirectory, arr[1]) + err := os.Rename(oldSecretPath, newSecretPath) + if err != nil { + utils.BadRequest(w, "secrets", query.Secrets, err) + return + } + + modifiedSrc := fmt.Sprintf("src=%s", newSecretPath) modifiedOpt = append(modifiedOpt, modifiedSrc) } else { modifiedOpt = append(modifiedOpt, token) |