test: cover template symlink skip
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped
CI / Detect changes (pull_request) Successful in 43s
Harness Replays / detect-changes (pull_request) Successful in 24s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 47s
E2E API Smoke Test / detect-changes (pull_request) Successful in 51s
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 45s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 23s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 55s
qa-review / approved (pull_request) Successful in 19s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 47s
gate-check-v3 / gate-check (pull_request) Successful in 36s
security-review / approved (pull_request) Refired via /security-recheck by hongming
sop-checklist / na-declarations (pull_request) N/A: qa-review
sop-tier-check / tier-check (pull_request) Successful in 22s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 10s
sop-checklist / all-items-acked (pull_request) Successful in 23s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m20s
Harness Replays / Harness Replays (pull_request) Successful in 10s
CI / Python Lint & Test (pull_request) Successful in 11s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 7s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m22s
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 6m0s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5m10s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9m35s
CI / Canvas (Next.js) (pull_request) Successful in 17m16s
CI / Platform (Go) (pull_request) Successful in 18m51s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Successful in 13s
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped
CI / Detect changes (pull_request) Successful in 43s
Harness Replays / detect-changes (pull_request) Successful in 24s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 47s
E2E API Smoke Test / detect-changes (pull_request) Successful in 51s
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 45s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 23s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 55s
qa-review / approved (pull_request) Successful in 19s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 47s
gate-check-v3 / gate-check (pull_request) Successful in 36s
security-review / approved (pull_request) Refired via /security-recheck by hongming
sop-checklist / na-declarations (pull_request) N/A: qa-review
sop-tier-check / tier-check (pull_request) Successful in 22s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 10s
sop-checklist / all-items-acked (pull_request) Successful in 23s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m20s
Harness Replays / Harness Replays (pull_request) Successful in 10s
CI / Python Lint & Test (pull_request) Successful in 11s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 7s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m22s
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 6m0s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5m10s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9m35s
CI / Canvas (Next.js) (pull_request) Successful in 17m16s
CI / Platform (Go) (pull_request) Successful in 18m51s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Successful in 13s
This commit is contained in:
hongming-codex-laptop
@@ -773,6 +773,15 @@ func ApplyTierConfig(hostCfg *container.HostConfig, cfg WorkspaceConfig, configM
|
||||
|
||||
// CopyTemplateToContainer copies files from a host directory into /configs in the container.
|
||||
func (p *Provisioner) CopyTemplateToContainer(ctx context.Context, containerID, templatePath string) error {
|
||||
buf, err := buildTemplateTar(templatePath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return p.cli.CopyToContainer(ctx, containerID, "/configs", buf, container.CopyToContainerOptions{})
|
||||
}
|
||||
|
||||
func buildTemplateTar(templatePath string) (*bytes.Buffer, error) {
|
||||
// Resolve symlinks at the root before walking. filepath.Walk does
|
||||
// NOT follow a symlink that IS the root — it Lstats the path, sees
|
||||
// a symlink (non-directory), and emits exactly one entry without
|
||||
@@ -844,13 +853,13 @@ func (p *Provisioner) CopyTemplateToContainer(ctx context.Context, containerID,
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create tar from %s: %w", templatePath, err)
|
||||
return nil, fmt.Errorf("failed to create tar from %s: %w", templatePath, err)
|
||||
}
|
||||
if err := tw.Close(); err != nil {
|
||||
return fmt.Errorf("failed to close tar writer: %w", err)
|
||||
return nil, fmt.Errorf("failed to close tar writer: %w", err)
|
||||
}
|
||||
|
||||
return p.cli.CopyToContainer(ctx, containerID, "/configs", &buf, container.CopyToContainerOptions{})
|
||||
return &buf, nil
|
||||
}
|
||||
|
||||
// WriteFilesToContainer writes in-memory files into /configs in the container.
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
package provisioner
|
||||
|
||||
import (
|
||||
"archive/tar"
|
||||
"errors"
|
||||
"io"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
@@ -80,6 +82,54 @@ func TestStartSeedsConfigsBeforeContainerStart(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildTemplateTar_SkipsSymlinks(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
if err := os.WriteFile(filepath.Join(dir, "config.yaml"), []byte("name: safe\n"), 0644); err != nil {
|
||||
t.Fatalf("write config: %v", err)
|
||||
}
|
||||
outside := filepath.Join(t.TempDir(), "secret.txt")
|
||||
if err := os.WriteFile(outside, []byte("do-not-copy\n"), 0644); err != nil {
|
||||
t.Fatalf("write outside target: %v", err)
|
||||
}
|
||||
if err := os.Symlink(outside, filepath.Join(dir, "linked-secret.txt")); err != nil {
|
||||
t.Fatalf("create symlink: %v", err)
|
||||
}
|
||||
|
||||
buf, err := buildTemplateTar(dir)
|
||||
if err != nil {
|
||||
t.Fatalf("buildTemplateTar: %v", err)
|
||||
}
|
||||
|
||||
names := map[string]string{}
|
||||
tr := tar.NewReader(buf)
|
||||
for {
|
||||
hdr, err := tr.Next()
|
||||
if errors.Is(err, io.EOF) {
|
||||
break
|
||||
}
|
||||
if err != nil {
|
||||
t.Fatalf("read tar: %v", err)
|
||||
}
|
||||
body, err := io.ReadAll(tr)
|
||||
if err != nil {
|
||||
t.Fatalf("read body for %s: %v", hdr.Name, err)
|
||||
}
|
||||
names[hdr.Name] = string(body)
|
||||
}
|
||||
|
||||
if got := names["config.yaml"]; got != "name: safe\n" {
|
||||
t.Fatalf("config.yaml body = %q, want safe config", got)
|
||||
}
|
||||
if _, ok := names["linked-secret.txt"]; ok {
|
||||
t.Fatalf("symlink entry was copied into template tar: %#v", names)
|
||||
}
|
||||
for name, body := range names {
|
||||
if strings.Contains(body, "do-not-copy") {
|
||||
t.Fatalf("symlink target leaked through %s: %q", name, body)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// baseHostConfig returns a fresh HostConfig with typical pre-tier binds,
|
||||
// mimicking what Start() builds before calling ApplyTierConfig.
|
||||
func baseHostConfig(pluginsPath string) *container.HostConfig {
|
||||
|
||||
Reference in New Issue
Block a user