-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for Symlinks in all Tar decompressors #192
Conversation
This is a redo of #171 that was reverted due to security issues. |
Fixed merge conflicts |
This is useful when using Nomad's Artefact mechanisms which internally uses `hashicorp/go-getter` to unpack Tar archives that are built from container root file systems (*which usually contain symlinks for runtime libraries*). Fixes #60 and supercedes the very old PR #37 (We use a variant of this patch in our production systems and we need to get this into upstream as soon as conveniently possible) **NB:** This uses the [securejoin](https://github.com/cyphar/filepath-securejoin) library to prevent path escaping and other possible security vulnerabilities that come with concatenating paths.
Please note: There are some failing tests in master that don't appear to have anything to do with my change so CI is failing on a couple of tests.
|
Oh on 2nd thoughts the above failures are likely caused by my not having said Google Cloud and AWS credentials. However I'm not going to go setup accounts just to make those pass :) (they should be mocking out externals calls to those APIs) |
🏓 |
This is useful when using Nomad's Artefact mechanisms which internally
uses
hashicorp/go-getter
to unpack Tar archives that are built fromcontainer root file systems (which usually contain symlinks for runtime
libraries).
Fixes #60 and supercedes the very old PR #37
(We use a variant of this patch in our production systems and we need to
get this into upstream as soon as conveniently possible)
NB: This uses the
securejoin library to
prevent path escaping and other possible security vulnerabilities that
come with concatenating paths.