Skip to content

helm: introduce customized chart loaders #663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 11, 2022
Merged

helm: introduce customized chart loaders #663

merged 7 commits into from
Apr 11, 2022

Conversation

@hiddeco
Copy link
Member

@hiddeco hiddeco commented Apr 11, 2022

No description provided.

@hiddeco hiddeco force-pushed the helm-safe-dir-loader branch from 1b7a559 to 05008d5 Compare April 11, 2022 07:26
@hiddeco hiddeco added the area/helm Helm related issues and pull requests label Apr 11, 2022
@hiddeco hiddeco force-pushed the helm-safe-dir-loader branch from 05008d5 to d6488b4 Compare April 11, 2022 07:29
@stefanprodan stefanprodan added the enhancement New feature or request label Apr 11, 2022
hiddeco added 4 commits April 11, 2022 09:36
@hiddeco
helm: copy internal ignore and sympath modules
ad597b3 
We require these to be able to mimic Helm's own directory loader, and
surprisingly (for `ignore` at least), these are not public.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
sympath: provide abs path after eval symlink
25f54ee 
This can be used to detect traversion outside of a certain path scope
while walking.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
helm: drop github.com/pkg/errors
5ae30cb 
Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
helm: introduce customized chart loaders
6fc066b 
This introduces our own `secureloader` package, with a directory
loader that's capable of following symlinks while validating they stay
within a certain root boundary.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco hiddeco force-pushed the helm-safe-dir-loader branch 4 times, most recently from 39d5bbb to f0a5e7a Compare April 11, 2022 08:15
pjbgf
pjbgf approved these changes Apr 11, 2022
View reviewed changes
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hiddeco great effort! LGTM

darkowlzz
darkowlzz approved these changes Apr 11, 2022
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

stefanprodan
stefanprodan reviewed Apr 11, 2022
View reviewed changes
hiddeco added 3 commits April 11, 2022 11:47
@hiddeco
helm: add more test coverage for secureloader
b9063d7 
Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
helm: switch to our own chart loader package
e85ea78 
This includes some rewiring of tests, and slight changes in how we work
with the local chart reference. `Path` is expected to be relative to
`WorkDir`, and both fields are now mandatory.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
helm: attach loader to helm.MaxChartFileSize
9a17fd5 
Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco hiddeco force-pushed the helm-safe-dir-loader branch from f0a5e7a to 9a17fd5 Compare April 11, 2022 09:47
stefanprodan
stefanprodan approved these changes Apr 11, 2022
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @hiddeco

@hiddeco hiddeco merged commit 711780c into main Apr 11, 2022
@hiddeco hiddeco deleted the helm-safe-dir-loader branch April 11, 2022 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@pjbgf pjbgf pjbgf approved these changes

+1 more reviewer

@darkowlzz darkowlzz darkowlzz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/helm Helm related issues and pull requests enhancement New feature or request

Projects

Maintainers' Focus
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hiddeco @darkowlzz @stefanprodan @pjbgf