GitList

Browse code

Replace uses of blacklist/whitelist

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2020/07/14 17:41:34
Showing 3 changed files

builder/dockerfile/copy_windows.go index 3f0ea32..77cd866 100644
plugin/manager.go index 17b1788..6bdf53c 100644
profiles/seccomp/seccomp_default.go index 9e6508e..6444815 100644

@@ -14,7 +14,7 @@ import (
 	"golang.org/x/sys/windows"
 )
 
-var pathBlacklist = map[string]bool{
+var pathDenyList = map[string]bool{
 	"c:\\":        true,
 	"c:\\windows": true,
 }
@@ -98,7 +98,7 @@ func validateCopySourcePath(imageSource *imageMount, origPath, platform string)
 			p = filepath.Join("c:\\", p)
 		}
 	}
-	if _, blacklisted := pathBlacklist[p]; blacklisted {
+	if _, ok := pathDenyList[p]; ok {
 		return errors.New("copy from c:\\ or c:\\windows is not allowed on windows")
 	}
 	return nil

plugin/manager.go

History View file @ 3895dd5

@@ -298,17 +298,17 @@ func (pm *Manager) GC() {
                      	pm.muGC.Lock()
                      	defer pm.muGC.Unlock()
                     -	whitelist := make(map[digest.Digest]struct{})
                     +	used := make(map[digest.Digest]struct{})
                      	for _, p := range pm.config.Store.GetAll() {
                     -		whitelist[p.Config] = struct{}{}
                     +		used[p.Config] = struct{}{}
                      		for _, b := range p.Blobsums {
                     -			whitelist[b] = struct{}{}
                     +			used[b] = struct{}{}
+                     		}
+                     	}
                      	ctx := context.TODO()
                      	pm.blobStore.Walk(ctx, func(info content.Info) error {
                     -		_, ok := whitelist[info.Digest]
                     +		_, ok := used[info.Digest]
                      		if ok {
                      			return nil
+                     		}

profiles/seccomp/seccomp_default.go

History View file @ 3895dd5

@@ -40,7 +40,7 @@ func arches() []types.Architecture {
 	}
 }
 
-// DefaultProfile defines the whitelist for the default seccomp profile.
+// DefaultProfile defines the allowed syscalls for the default seccomp profile.
 func DefaultProfile() *types.Seccomp {
 	syscalls := []*types.Syscall{
 		{

...	...	@@ -14,7 +14,7 @@ import (
14	14	"golang.org/x/sys/windows"
15	15	)
16	16
17		-var pathBlacklist = map[string]bool{
	17	+var pathDenyList = map[string]bool{
18	18	"c:\\": true,
19	19	"c:\\windows": true,
20	20	}
...	...	@@ -98,7 +98,7 @@ func validateCopySourcePath(imageSource *imageMount, origPath, platform string)
98	98	p = filepath.Join("c:\\", p)
99	99	}
100	100	}
101		- if _, blacklisted := pathBlacklist[p]; blacklisted {
	101	+ if _, ok := pathDenyList[p]; ok {
102	102	return errors.New("copy from c:\\ or c:\\windows is not allowed on windows")
103	103	}
104	104	return nil

...	...	@@ -40,7 +40,7 @@ func arches() []types.Architecture {
40	40	}
41	41	}
42	42
43		-// DefaultProfile defines the whitelist for the default seccomp profile.
	43	+// DefaultProfile defines the allowed syscalls for the default seccomp profile.
44	44	func DefaultProfile() *types.Seccomp {
45	45	syscalls := []*types.Syscall{
46	46	{