From a7c8fdc55bb30f9aeabf58a9865e0d40b52ca18c Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Thu, 22 Sep 2022 20:17:25 -0400 Subject: [PATCH] pkg/containerfs: make ResolveScopedPath a free fn Signed-off-by: Cory Snider --- builder/dockerfile/copy.go | 2 +- builder/remotecontext/archive.go | 2 +- builder/remotecontext/detect.go | 3 ++- container/container.go | 2 +- pkg/containerfs/containerfs.go | 17 ++++------------- pkg/containerfs/containerfs_unix.go | 4 ++-- pkg/containerfs/containerfs_windows.go | 4 ++-- 7 files changed, 13 insertions(+), 21 deletions(-) diff --git a/builder/dockerfile/copy.go b/builder/dockerfile/copy.go index a71eb1321a..cc424f3555 100644 --- a/builder/dockerfile/copy.go +++ b/builder/dockerfile/copy.go @@ -45,7 +45,7 @@ type copyInfo struct { } func (c copyInfo) fullPath() (string, error) { - return c.root.ResolveScopedPath(c.path, true) + return containerfs.ResolveScopedPath(c.root.Path(), c.path) } func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo { diff --git a/builder/remotecontext/archive.go b/builder/remotecontext/archive.go index 6d247f945d..142b4097cc 100644 --- a/builder/remotecontext/archive.go +++ b/builder/remotecontext/archive.go @@ -117,7 +117,7 @@ func (c *archiveContext) Hash(path string) (string, error) { func normalize(path string, root containerfs.ContainerFS) (cleanPath, fullPath string, err error) { cleanPath = root.Clean(string(root.Separator()) + path)[1:] - fullPath, err = root.ResolveScopedPath(path, true) + fullPath, err = containerfs.ResolveScopedPath(root.Path(), path) if err != nil { return "", "", errors.Wrapf(err, "forbidden path outside the build context: %s (%s)", path, cleanPath) } diff --git a/builder/remotecontext/detect.go b/builder/remotecontext/detect.go index 3dae780275..aa4a958dd6 100644 --- a/builder/remotecontext/detect.go +++ b/builder/remotecontext/detect.go @@ -13,6 +13,7 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/builder/remotecontext/urlutil" "github.com/docker/docker/errdefs" + "github.com/docker/docker/pkg/containerfs" "github.com/docker/docker/pkg/fileutils" "github.com/moby/buildkit/frontend/dockerfile/dockerignore" "github.com/moby/buildkit/frontend/dockerfile/parser" @@ -175,7 +176,7 @@ func StatAt(remote builder.Source, path string) (os.FileInfo, error) { // FullPath is a helper for getting a full path for a path from a source func FullPath(remote builder.Source, path string) (string, error) { - fullPath, err := remote.Root().ResolveScopedPath(path, true) + fullPath, err := containerfs.ResolveScopedPath(remote.Root().Path(), path) if err != nil { if runtime.GOOS == "windows" { return "", fmt.Errorf("failed to resolve scoped path %s (%s): %s. Possible cause is a forbidden path outside the build context", path, fullPath, err) diff --git a/container/container.go b/container/container.go index ead7960f4f..d206102b31 100644 --- a/container/container.go +++ b/container/container.go @@ -304,7 +304,7 @@ func (container *Container) GetResourcePath(path string) (string, error) { } // IMPORTANT - These are paths on the OS where the daemon is running, hence // any filepath operations must be done in an OS agnostic way. - r, e := container.BaseFS.ResolveScopedPath(path, false) + r, e := containerfs.ResolveScopedPath(container.BaseFS.Path(), containerfs.CleanScopedPath(path)) // Log this here on the daemon side as there's otherwise no indication apart // from the error being propagated all the way back to the client. This makes diff --git a/pkg/containerfs/containerfs.go b/pkg/containerfs/containerfs.go index 69bf48b4e5..60d5fa417a 100644 --- a/pkg/containerfs/containerfs.go +++ b/pkg/containerfs/containerfs.go @@ -14,13 +14,6 @@ type ContainerFS interface { // on the local system, so the continuity operations must be used Path() string - // ResolveScopedPath evaluates the given path scoped to the root. - // For example, if root=/a, and path=/b/c, then this function would return /a/b/c. - // If rawPath is true, then the function will not preform any modifications - // before path resolution. Otherwise, the function will clean the given path - // by making it an absolute path. - ResolveScopedPath(path string, rawPath bool) (string, error) - Driver } @@ -52,10 +45,8 @@ func (l *local) Path() string { return l.path } -func (l *local) ResolveScopedPath(path string, rawPath bool) (string, error) { - cleanedPath := path - if !rawPath { - cleanedPath = cleanScopedPath(path) - } - return symlink.FollowSymlinkInScope(filepath.Join(l.path, cleanedPath), l.path) +// ResolveScopedPath evaluates the given path scoped to the root. +// For example, if root=/a, and path=/b/c, then this function would return /a/b/c. +func ResolveScopedPath(root, path string) (string, error) { + return symlink.FollowSymlinkInScope(filepath.Join(root, path), root) } diff --git a/pkg/containerfs/containerfs_unix.go b/pkg/containerfs/containerfs_unix.go index 5a7ab97e58..3e18599989 100644 --- a/pkg/containerfs/containerfs_unix.go +++ b/pkg/containerfs/containerfs_unix.go @@ -5,7 +5,7 @@ package containerfs // import "github.com/docker/docker/pkg/containerfs" import "path/filepath" -// cleanScopedPath preappends a to combine with a mnt path. -func cleanScopedPath(path string) string { +// CleanScopedPath preappends a to combine with a mnt path. +func CleanScopedPath(path string) string { return filepath.Join(string(filepath.Separator), path) } diff --git a/pkg/containerfs/containerfs_windows.go b/pkg/containerfs/containerfs_windows.go index 9fb7084628..f4011d1203 100644 --- a/pkg/containerfs/containerfs_windows.go +++ b/pkg/containerfs/containerfs_windows.go @@ -2,9 +2,9 @@ package containerfs // import "github.com/docker/docker/pkg/containerfs" import "path/filepath" -// cleanScopedPath removes the C:\ syntax, and prepares to combine +// CleanScopedPath removes the C:\ syntax, and prepares to combine // with a volume path -func cleanScopedPath(path string) string { +func CleanScopedPath(path string) string { if len(path) >= 2 { c := path[0] if path[1] == ':' && ('a' <= c && c <= 'z' || 'A' <= c && c <= 'Z') {