opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-15 03:02:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bump github.com/cyphar/filepath-securejoin from 0.2.2 to 0.2.3

Browse Source 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.2...v0.2.3)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot]
2021-07-05 12:20:31 +00:00
committed by GitHub
parent 2681484d7c
commit 518457b354
9 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -21,7 +21,7 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2 github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283 github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283
github.com/cyphar/filepath-securejoin v0.2.2 github.com/cyphar/filepath-securejoin v0.2.3
github.com/davecgh/go-spew v1.1.1 github.com/davecgh/go-spew v1.1.1
github.com/digitalocean/go-qemu v0.0.0-20210209191958-152a1535e49f github.com/digitalocean/go-qemu v0.0.0-20210209191958-152a1535e49f
github.com/docker/distribution v2.7.1+incompatible github.com/docker/distribution v2.7.1+incompatible

3
go.sum
View File

@ -289,8 +289,9 @@ github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283 h1:7FyIYKksGvRF8XjMkG5T6uIxg8PcgZoPyO+f6kHT5+s= github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283 h1:7FyIYKksGvRF8XjMkG5T6uIxg8PcgZoPyO+f6kHT5+s=
github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283/go.mod h1:vingr1ztOAzP2WyTgGbpMov9dFhbjNxdLtDv0+PhAvY= github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283/go.mod h1:vingr1ztOAzP2WyTgGbpMov9dFhbjNxdLtDv0+PhAvY=
github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=
github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=

8
vendor/github.com/cyphar/filepath-securejoin/.travis.yml generated vendored
View File

@ -4,10 +4,12 @@
language: go language: go
go: go:
- 1.7.x - 1.13.x
- 1.8.x - 1.16.x
- tip - tip
arch:
- AMD64
- ppc64le
os: os:
- linux - linux
- osx - osx

20
vendor/github.com/cyphar/filepath-securejoin/README.md generated vendored
View File

@ -7,6 +7,19 @@ standard library][go#20126]. The purpose of this function is to be a "secure"
alternative to `filepath.Join`, and in particular it provides certain alternative to `filepath.Join`, and in particular it provides certain
guarantees that are not provided by `filepath.Join`. guarantees that are not provided by `filepath.Join`.
> **NOTE**: This code is *only* safe if you are not at risk of other processes
> modifying path components after you've used `SecureJoin`. If it is possible
> for a malicious process to modify path components of the resolved path, then
> you will be vulnerable to some fairly trivial TOCTOU race conditions. [There
> are some Linux kernel patches I'm working on which might allow for a better
> solution.][lwn-obeneath]
>
> In addition, with a slightly modified API it might be possible to use
> `O_PATH` and verify that the opened path is actually the resolved one -- but
> I have not done that yet. I might add it in the future as a helper function
> to help users verify the path (we can't just return `/proc/self/fd/<foo>`
> because that doesn't always work transparently for all users).
This is the function prototype: This is the function prototype:
```go ```go
@ -16,8 +29,8 @@ func SecureJoin(root, unsafePath string) (string, error)
This library **guarantees** the following: This library **guarantees** the following:
* If no error is set, the resulting string **must** be a child path of * If no error is set, the resulting string **must** be a child path of
`SecureJoin` and will not contain any symlink path components (they will all `root` and will not contain any symlink path components (they will all be
be expanded). expanded).
* When expanding symlinks, all symlink path components **must** be resolved * When expanding symlinks, all symlink path components **must** be resolved
relative to the provided root. In particular, this can be considered a relative to the provided root. In particular, this can be considered a
@ -25,7 +38,7 @@ This library **guarantees** the following:
these symlinks will **not** be expanded lexically (`filepath.Clean` is not these symlinks will **not** be expanded lexically (`filepath.Clean` is not
called on the input before processing). called on the input before processing).
* Non-existant path components are unaffected by `SecureJoin` (similar to * Non-existent path components are unaffected by `SecureJoin` (similar to
`filepath.EvalSymlinks`'s semantics). `filepath.EvalSymlinks`'s semantics).
* The returned path will always be `filepath.Clean`ed and thus not contain any * The returned path will always be `filepath.Clean`ed and thus not contain any
@ -57,6 +70,7 @@ func SecureJoin(root, unsafePath string) (string, error) {
} }
``` ```
[lwn-obeneath]: https://lwn.net/Articles/767547/
[go#20126]: https://github.com/golang/go/issues/20126 [go#20126]: https://github.com/golang/go/issues/20126
### License ### ### License ###

2
vendor/github.com/cyphar/filepath-securejoin/VERSION generated vendored
View File

@ -1 +1 @@
0.2.2 0.2.3

3
vendor/github.com/cyphar/filepath-securejoin/go.mod generated vendored Normal file
View File

@ -0,0 +1,3 @@
module github.com/cyphar/filepath-securejoin
go 1.13

25
vendor/github.com/cyphar/filepath-securejoin/join.go generated vendored
View File

@ -12,39 +12,20 @@ package securejoin
import ( import (
"bytes" "bytes"
"errors"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"syscall" "syscall"
"github.com/pkg/errors"
) )
// ErrSymlinkLoop is returned by SecureJoinVFS when too many symlinks have been
// evaluated in attempting to securely join the two given paths.
var ErrSymlinkLoop = errors.Wrap(syscall.ELOOP, "secure join")
// IsNotExist tells you if err is an error that implies that either the path // IsNotExist tells you if err is an error that implies that either the path
// accessed does not exist (or path components don't exist). This is // accessed does not exist (or path components don't exist). This is
// effectively a more broad version of os.IsNotExist. // effectively a more broad version of os.IsNotExist.
func IsNotExist(err error) bool { func IsNotExist(err error) bool {
// If it's a bone-fide ENOENT just bail.
if os.IsNotExist(errors.Cause(err)) {
return true
}
// Check that it's not actually an ENOTDIR, which in some cases is a more // Check that it's not actually an ENOTDIR, which in some cases is a more
// convoluted case of ENOENT (usually involving weird paths). // convoluted case of ENOENT (usually involving weird paths).
var errno error return errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) || errors.Is(err, syscall.ENOENT)
switch err := errors.Cause(err).(type) {
case *os.PathError:
errno = err.Err
case *os.LinkError:
errno = err.Err
case *os.SyscallError:
errno = err.Err
}
return errno == syscall.ENOTDIR || errno == syscall.ENOENT
} }
// SecureJoinVFS joins the two given path components (similar to Join) except // SecureJoinVFS joins the two given path components (similar to Join) except
@ -68,7 +49,7 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) {
n := 0 n := 0
for unsafePath != "" { for unsafePath != "" {
if n > 255 { if n > 255 {
return "", ErrSymlinkLoop return "", &os.PathError{Op: "SecureJoin", Path: root + "/" + unsafePath, Err: syscall.ELOOP}
} }
// Next path component, p. // Next path component, p.

1
vendor/github.com/cyphar/filepath-securejoin/vendor.conf generated vendored
View File

@ -1 +0,0 @@
github.com/pkg/errors v0.8.0

2
vendor/modules.txt vendored
View File

@ -257,7 +257,7 @@ github.com/coreos/stream-metadata-go/stream
github.com/coreos/stream-metadata-go/stream/rhcos github.com/coreos/stream-metadata-go/stream/rhcos
# github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283 # github.com/cri-o/ocicni v0.2.1-0.20210621164014-d0acc7862283
github.com/cri-o/ocicni/pkg/ocicni github.com/cri-o/ocicni/pkg/ocicni
# github.com/cyphar/filepath-securejoin v0.2.2 # github.com/cyphar/filepath-securejoin v0.2.3
github.com/cyphar/filepath-securejoin github.com/cyphar/filepath-securejoin
# github.com/davecgh/go-spew v1.1.1 # github.com/davecgh/go-spew v1.1.1
github.com/davecgh/go-spew/spew github.com/davecgh/go-spew/spew