From c80a2e4495f877bc0f6a522e99b511de6c0d525d Mon Sep 17 00:00:00 2001
From: Aditya Rajan <arajan@redhat.com>
Date: Tue, 30 Nov 2021 14:15:53 +0530
Subject: podman-remote: prevent leaking secret into image

Prevents temp secrets leaking into image by moving it away from context
directory to parent builder directory. Builder directory automatically
gets cleaned up when we are done with the build.

Signed-off-by: Aditya Rajan <arajan@redhat.com>
---
 pkg/api/handlers/compat/images_build.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'pkg/api')

diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 200d72192..3aa1af71a 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -259,7 +259,19 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 					arr := strings.SplitN(token, "=", 2)
 					if len(arr) > 1 {
 						if arr[0] == "src" {
-							modifiedSrc := fmt.Sprintf("src=%s", filepath.Join(contextDirectory, arr[1]))
+							/* move secret away from contextDir */
+							/* to make sure we dont accidentally commit temporary secrets to image*/
+							builderDirectory, _ := filepath.Split(contextDirectory)
+							// following path is outside build context
+							newSecretPath := filepath.Join(builderDirectory, arr[1])
+							oldSecretPath := filepath.Join(contextDirectory, arr[1])
+							err := os.Rename(oldSecretPath, newSecretPath)
+							if err != nil {
+								utils.BadRequest(w, "secrets", query.Secrets, err)
+								return
+							}
+
+							modifiedSrc := fmt.Sprintf("src=%s", newSecretPath)
 							modifiedOpt = append(modifiedOpt, modifiedSrc)
 						} else {
 							modifiedOpt = append(modifiedOpt, token)
-- 
cgit v1.2.3-54-g00ecf