Refactor installation and runner scripts for enhanced usability and security
- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing. - Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`. - Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback. - Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users. - Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
This commit is contained in:
@@ -128,6 +128,20 @@ func ExtractTarStripPrefix(reader io.Reader, destDir string) error {
|
||||
if err := os.MkdirAll(filepath.Dir(targetPath), 0755); err != nil {
|
||||
return err
|
||||
}
|
||||
// Reject absolute or escaping symlink targets so extraction cannot
|
||||
// plant links that point outside destDir.
|
||||
linkTarget := header.Linkname
|
||||
if linkTarget == "" {
|
||||
return fmt.Errorf("invalid empty symlink target in tar: %s", header.Name)
|
||||
}
|
||||
if filepath.IsAbs(linkTarget) {
|
||||
return fmt.Errorf("absolute symlink target not allowed in tar: %s -> %s", header.Name, linkTarget)
|
||||
}
|
||||
resolvedLink := filepath.Clean(filepath.Join(filepath.Dir(targetPath), linkTarget))
|
||||
cleanDest := filepath.Clean(destDir)
|
||||
if resolvedLink != cleanDest && !strings.HasPrefix(resolvedLink, cleanDest+string(os.PathSeparator)) {
|
||||
return fmt.Errorf("symlink target escapes extract root: %s -> %s", header.Name, linkTarget)
|
||||
}
|
||||
os.Remove(targetPath) // Remove existing symlink if present
|
||||
if err := os.Symlink(header.Linkname, targetPath); err != nil {
|
||||
return err
|
||||
|
||||
@@ -24,6 +24,25 @@ func createTarBuffer(files map[string]string) *bytes.Buffer {
|
||||
return &buf
|
||||
}
|
||||
|
||||
func TestExtractTarStripPrefix_RejectsEscapingSymlink(t *testing.T) {
|
||||
destDir := t.TempDir()
|
||||
var buf bytes.Buffer
|
||||
tw := tar.NewWriter(&buf)
|
||||
// Top-level prefix like Blender archives
|
||||
_ = tw.WriteHeader(&tar.Header{Name: "blender-x/", Typeflag: tar.TypeDir, Mode: 0755})
|
||||
_ = tw.WriteHeader(&tar.Header{
|
||||
Name: "blender-x/evil",
|
||||
Typeflag: tar.TypeSymlink,
|
||||
Linkname: "../../outside",
|
||||
Mode: 0777,
|
||||
})
|
||||
_ = tw.Close()
|
||||
|
||||
if err := ExtractTarStripPrefix(&buf, destDir); err == nil {
|
||||
t.Fatal("expected escaping symlink to be rejected")
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractTar(t *testing.T) {
|
||||
destDir := t.TempDir()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user