Browse code
Add another symlink breakout test
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Conflicts:
integration-cli/docker_cli_build_test.go
Tibor Vass authored on 2014/12/04 04:04:51Showing 1 changed files
| ... | ... |
@@ -3592,3 +3592,57 @@ RUN [ $(ls -l /test | awk '{print $3":"$4}') = 'root:root' ]
|
| 3592 | 3592 |
|
| 3593 | 3593 |
logDone("build - change permission on single file")
|
| 3594 | 3594 |
} |
| 3595 |
+ |
|
| 3596 |
+func TestBuildSymlinkBreakout(t *testing.T) {
|
|
| 3597 |
+ name := "testbuildsymlinkbreakout" |
|
| 3598 |
+ tmpdir, err := ioutil.TempDir("", name)
|
|
| 3599 |
+ if err != nil {
|
|
| 3600 |
+ t.Fatal(err) |
|
| 3601 |
+ } |
|
| 3602 |
+ defer os.RemoveAll(tmpdir) |
|
| 3603 |
+ ctx := filepath.Join(tmpdir, "context") |
|
| 3604 |
+ if err := os.MkdirAll(ctx, 0755); err != nil {
|
|
| 3605 |
+ t.Fatal(err) |
|
| 3606 |
+ } |
|
| 3607 |
+ if err := ioutil.WriteFile(filepath.Join(ctx, "Dockerfile"), []byte(` |
|
| 3608 |
+ from busybox |
|
| 3609 |
+ add symlink.tar / |
|
| 3610 |
+ add inject /symlink/ |
|
| 3611 |
+ `), 0644); err != nil {
|
|
| 3612 |
+ t.Fatal(err) |
|
| 3613 |
+ } |
|
| 3614 |
+ inject := filepath.Join(ctx, "inject") |
|
| 3615 |
+ if err := ioutil.WriteFile(inject, nil, 0644); err != nil {
|
|
| 3616 |
+ t.Fatal(err) |
|
| 3617 |
+ } |
|
| 3618 |
+ f, err := os.Create(filepath.Join(ctx, "symlink.tar")) |
|
| 3619 |
+ if err != nil {
|
|
| 3620 |
+ t.Fatal(err) |
|
| 3621 |
+ } |
|
| 3622 |
+ w := tar.NewWriter(f) |
|
| 3623 |
+ w.WriteHeader(&tar.Header{
|
|
| 3624 |
+ Name: "symlink2", |
|
| 3625 |
+ Typeflag: tar.TypeSymlink, |
|
| 3626 |
+ Linkname: "/../../../../../../../../../../../../../../", |
|
| 3627 |
+ Uid: os.Getuid(), |
|
| 3628 |
+ Gid: os.Getgid(), |
|
| 3629 |
+ }) |
|
| 3630 |
+ w.WriteHeader(&tar.Header{
|
|
| 3631 |
+ Name: "symlink", |
|
| 3632 |
+ Typeflag: tar.TypeSymlink, |
|
| 3633 |
+ Linkname: filepath.Join("symlink2", tmpdir),
|
|
| 3634 |
+ Uid: os.Getuid(), |
|
| 3635 |
+ Gid: os.Getgid(), |
|
| 3636 |
+ }) |
|
| 3637 |
+ w.Close() |
|
| 3638 |
+ f.Close() |
|
| 3639 |
+ if _, err := buildImageFromContext(name, &FakeContext{Dir: ctx}, false); err != nil {
|
|
| 3640 |
+ t.Fatal(err) |
|
| 3641 |
+ } |
|
| 3642 |
+ if _, err := os.Lstat(filepath.Join(tmpdir, "inject")); err == nil {
|
|
| 3643 |
+ t.Fatal("symlink breakout - inject")
|
|
| 3644 |
+ } else if !os.IsNotExist(err) {
|
|
| 3645 |
+ t.Fatalf("unexpected error: %v", err)
|
|
| 3646 |
+ } |
|
| 3647 |
+ logDone("build - symlink breakout")
|
|
| 3648 |
+} |