toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add an API test for docker build -f Dockerfile

Browse Source 
I noticed that while we have tests to make sure that people don't
specify a Dockerfile (via -f) that's outside of the build context
when using the docker cli, we don't check on the server side to make
sure that API users have the same check done. This would be a security
risk.

While in there I had to add a new util func for the tests to allow us to
send content to the server that isn't json encoded - in this case a tarball

Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 198ff76de59a600ce900497fd4a6131ee4448c48
Component: engine
This commit is contained in:
Doug Davis
2015-01-21 11:08:19 -08:00
committed by Arnaud Porterie
parent 5a9b034c63
commit 56a2a654e8
3 changed files with 61 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
components/engine/builder/evaluator.go
View File

@ -24,7 +24,7 @@ import (
"fmt"
"io"
"os"
"path"
"path/filepath"
"strings"
log "github.com/Sirupsen/logrus"
@ -169,12 +169,19 @@ func (b *Builder) Run(context io.Reader) (string, error) {
// Reads a Dockerfile from the current context. It assumes that the
// 'filename' is a relative path from the root of the context
func (b *Builder) readDockerfile(filename string) error {
filename = path.Join(b.contextPath, filename)
func (b *Builder) readDockerfile(origFile string) error {
filename := filepath.Join(b.contextPath, origFile)
tmpDockerPath := filepath.Dir(filename) + string(os.PathSeparator)
tmpContextPath := filepath.Clean(b.contextPath) + string(os.PathSeparator)
if !strings.HasPrefix(tmpDockerPath, tmpContextPath) {
return fmt.Errorf("Dockerfile (%s) must be within the build context", origFile)
}
fi, err := os.Stat(filename)
if os.IsNotExist(err) {
return fmt.Errorf("Cannot build a directory without a Dockerfile")
return fmt.Errorf("Cannot locate specified Dockerfile: %s", origFile)
}
if fi.Size() == 0 {
return ErrDockerfileEmpty
@ -201,13 +208,13 @@ func (b *Builder) readDockerfile(filename string) error {
// Note that this assumes the Dockerfile has been read into memory and
// is now safe to be removed.
excludes, _ := utils.ReadDockerIgnore(path.Join(b.contextPath, ".dockerignore"))
excludes, _ := utils.ReadDockerIgnore(filepath.Join(b.contextPath, ".dockerignore"))
if rm, _ := fileutils.Matches(".dockerignore", excludes); rm == true {
os.Remove(path.Join(b.contextPath, ".dockerignore"))
os.Remove(filepath.Join(b.contextPath, ".dockerignore"))
b.context.(tarsum.BuilderContext).Remove(".dockerignore")
}
if rm, _ := fileutils.Matches(b.dockerfileName, excludes); rm == true {
os.Remove(path.Join(b.contextPath, b.dockerfileName))
os.Remove(filepath.Join(b.contextPath, b.dockerfileName))
b.context.(tarsum.BuilderContext).Remove(b.dockerfileName)
}