Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nywilken/bump submodules 2.2.1 #427

Closed
wants to merge 54 commits into from
Closed

Conversation

nywilken
Copy link
Contributor

azr and others added 30 commits February 4, 2020 17:59
To allow to tell what operation was done by the go getter; this will allow the go-getter to 'make a choice' based on a set of arguments.

For example:

* Decide of a random temporary folder/file in which to put the wanted object and then tell us where it was put.
* just tell that this file was not being copied but simply referenced because it is already in the drive ( this one is usefull to Packer )
… given an option, remove the 'Dir' bool option & rename ClientMode to Mode (#232)

adds the Inplace bool field to a Request allowing to use local files 'inplace' and just setting the GetResult.Dst to the source file.

This will allow Packer to not do any operation and to use big local files 'inplace'.
This is in preparation for the first v2 release.
to not force importers to import 3rd party getters and dependencies
* make FileChecksum.Checksum public

* add FileChecksum.String func

* FileChecksum.Checksum: change var name `file` to `filePath` to avoid confusion
#259) (#281)

* feat(detector): provide a detector for repository hosted on GitLab.com (#259)

* remove hg test after #276

Co-authored-by: Davin Kevin <[email protected]>
This change removes hg as a supported schema for the BitBucket detector as
Mercurial enabled repositories are not longer supported by BitBucket.

Official announcement at https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket.

Test results before change
```
--- FAIL: TestHgGetter_DetectBitBucketDetector (0.52s)
    get_hg_test.go:157: err: unknown BitBucket SCM type:
--- FAIL: TestBitBucketDetector (0.61s)
    detect_bitbucket_test.go:51: err: unknown BitBucket SCM type:
FAIL
FAIL    github.com/hashicorp/go-getter/v2       6.240s
```

Test results after change
```
ok      github.com/hashicorp/go-getter/v2       6.102s
```
* Merge remote-tracking branch 'origin/master' into client_umask
* move umask/mode calls in request.go
* Request.Mode => Request.GetMode && req.mode => req.Mode
* add req.CopyReader func for 3rd party pkgs
* fixup calls
* up go modules
* update cmd
* ignore commented lines when parsing a checksum file

* Update Dockerfile

set noninteractive mode to installation

* Update Dockerfile

pin to go 1.15, because it worked//works there; I suspect this is a "debian changed something" issue.
* Fix command injection in go-getter when passing params to hg clone

The fix for this is to add -- to the arguments of each hg command,
before any user-input. This indicates the end of optional arguments,
only positional arguments are allowed.

* Remove upwards path traversal in subdirectories, filenames

* Prevent arbitrary file read, path traversal via subdirectory extraction
Not opt-in or opt-out, just never allowed. Upwards path traversal is not a subdirectory.

*Prevent arbitrary file write via `filename`
Not opt-in or opt-out, just never allowed. Upwards path traversal is not a filename in a subdirectory.

* Add Timeout option to HgGetter and GitGetter enforced with os/exec.CommandContext

* Add DisableSymlinks option to getter request

The fix for this is a new client request option, DisableSymlinks. When set to true, symlinks are disabled.
This prevents the client, likely in combination with the GitGetter, from following a symlink when the subdirectory
selection from the checked out repo is a symlink.

* Add custom symlink copy error

* Add DisableSymlinks as client option

Setting DisableSymlinks per request works but must be set on all request
made by a client. Adding it as a top-level client config option allows
for setting DisableSymlinks for all client.Get requests.

* Update get_http to address various get concerns

* Add XTerraformGetLimit and XTerraformGetDisabled
* Add Multiple new options to limit resource consumption:
  DoNotCheckHeadFirst, HeadFirstTimeout, ReadTimeout, MaxBytes
* Add getter client to context for reuse
* Add setters/getters for storing configured getter.Client in a context
* Update HttpGetter to use ClientFromContext when available; otherwise
  use a limited client for supporting X-Terraform-Get request
* Refactor HttpGetter function to make it clear when a configured
  getter.Client is required
* Add security section to README

* Port changes from hashicorp/eastebry/timeout-for-getters

Adding timeout to s3Getter

* Port changes from from hashicorp/add-missing-timeouts

Add missing timeouts to `S3Getter` and `GCSGetter`

* Remove windows test for FileGetter

* Change to next-get image

Co-authored-by: Kent 'picat' Gruber <[email protected]>
Co-authored-by: Sylvia Moss <[email protected]>
* By default XTerrformGet header support should be disable; clients
  needing supporting this header should overwrite the default getters
  with a custom HttpGetter

* Add default timeouts for HTTP Read Requests; including HEAD requests
nywilken and others added 24 commits June 30, 2022 09:04
* Add Timeout to SmbClientGetter

Allow caller to configure a command execution context with a default
timeout for all smbclient CLI operations.

* Make smbclient timeout configurable
add back gcs and s3 components

add smb tests and more go versions

whoops change to ubuntu

remove tags for now

reshifting

reshifting

testing linux only

shifiting again

try docker build

fix TTY message

try to fix windows

add git config for submodule

remove out error

fix window tests

disable window tests for now
Co-authored-by: Wilken Rivera <[email protected]>
Co-authored-by: Kent 'picat' Gruber <[email protected]>
update test s3 bucket name

let see if s3 tests work now

try matrix for multiple directories

try to fix GCS tests

move go tests after GCS auth

Revert "move go tests after GCS auth"

This reverts commit 7adfd47.

move go tests after GCS auth

comment out other workflows

go mod tidy

go mod tidy

comment out go cmd for now

Revert "go mod tidy"

This reverts commit 416722c.

remove helper directory

revert go mod

add go cmd

go mod tidy for GCS

go mod tidy for cmd
The added tests validates that the Go-Getter client for when getting an
invalid S3 URL does not panic, as described in CVE-2022-41605.
* Add zstd support

Port changes from v1 #292

* Port decompression bomb changes from v1

#412

---------

Co-authored-by: Yan Su <[email protected]>
Co-authored-by: Kent 'picat' Gruber <[email protected]>
* Update build flags to new format
v1: decompressors: add LimitedDecompressors helper
* Merge pull request #424 from hashicorp/fix-av-reports

Remove `bomb.zip` test file to stop anti-virus noise

* Update call to WriteFile

---------

Co-authored-by: Kent 'picat' Gruber <[email protected]>
@nywilken nywilken closed this Mar 16, 2023
@nywilken nywilken deleted the nywilken/bump-submodules-2.2.1 branch March 16, 2023 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.