fix(compose):filter out symlink in custom template EE-1928 (#6579)

* fix prevent symlink in customtemplate
2022-03-04 12:05:34 +08:00 · 2022-03-04 12:05:34 +08:00 · c442d936d3
parent 0cd164bada
commit c442d936d3
1 changed files with 20 additions and 4 deletions
--- a/api/http/handler/customtemplates/customtemplate_create.go
+++ b/api/http/handler/customtemplates/customtemplate_create.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"log"
 	"net/http"
 	"os"
 	"regexp"
 	"strconv"
@ -271,15 +272,20 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 	if err != nil {
 		return nil, err
 	}
-
+	isValidProject := true
-	entryPath := filesystem.JoinPaths(projectPath, customTemplate.EntryPoint)
+	defer func() {
-
+		if !isValidProject {
 	exists, err := handler.FileService.FileExists(entryPath)
 	if err != nil || !exists {
 			if err := handler.FileService.RemoveDirectory(projectPath); err != nil {
 				log.Printf("[WARN] [http,customtemplate,git] [error: %s] [message: unable to remove git repository directory]", err)
 			}
 		}
 	}()
 	entryPath := filesystem.JoinPaths(projectPath, customTemplate.EntryPoint)
 	exists, err := handler.FileService.FileExists(entryPath)
 	if err != nil || !exists {
 		isValidProject = false
 	}
 	if err != nil {
 		return nil, err
@ -289,6 +295,16 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 		return nil, errors.New("Invalid Compose file, ensure that the Compose file path is correct")
 	}
 	info, err := os.Lstat(entryPath)
 	if err != nil {
 		isValidProject = false
 		return nil, err
 	}
 	if info.Mode()&os.ModeSymlink != 0 { // entry is a symlink
 		isValidProject = false
 		return nil, errors.New("Invalid Compose file, ensure that the Compose file is not a symbolic link")
 	}
 	return customTemplate, nil
 }