diff --git a/pkg/apis/pipeline/paths.go b/pkg/apis/pipeline/paths.go index 5a15b2014e1..5f568b0d8d1 100644 --- a/pkg/apis/pipeline/paths.go +++ b/pkg/apis/pipeline/paths.go @@ -25,6 +25,7 @@ const ( HomeDir = "/tekton/home" // CredsDir is the directory where credentials are placed to meet the legacy credentials // helpers image (aka "creds-init") contract + // #nosec CredsDir = "/tekton/creds" // StepsDir is the directory used for a step to store any metadata related to the step StepsDir = "/tekton/steps" diff --git a/pkg/apis/pipeline/v1beta1/param_types.go b/pkg/apis/pipeline/v1beta1/param_types.go index 068278264fd..c4414f2e15a 100644 --- a/pkg/apis/pipeline/v1beta1/param_types.go +++ b/pkg/apis/pipeline/v1beta1/param_types.go @@ -199,7 +199,7 @@ func (arrayOrString *ArrayOrString) ApplyReplacements(stringReplacements map[str if arrayOrString.Type == ParamTypeString { arrayOrString.StringVal = substitution.ApplyReplacements(arrayOrString.StringVal, stringReplacements) } else { - var newArrayVal []string + newArrayVal := []string{} for _, v := range arrayOrString.ArrayVal { newArrayVal = append(newArrayVal, substitution.ApplyArrayReplacements(v, stringReplacements, arrayReplacements)...) } diff --git a/pkg/apis/pipeline/v1beta1/param_types_test.go b/pkg/apis/pipeline/v1beta1/param_types_test.go index b9dedac0100..d288d28e5c8 100644 --- a/pkg/apis/pipeline/v1beta1/param_types_test.go +++ b/pkg/apis/pipeline/v1beta1/param_types_test.go @@ -200,7 +200,18 @@ func TestArrayOrString_ApplyReplacements(t *testing.T) { }, expectedOutput: v1beta1.NewArrayOrString("firstvalue", "array", "value", "lastvalue", "asdf", "sdfsd"), }, { - name: "empty array replacement", + name: "empty array replacement without extra elements", + args: args{ + // input: v1beta1.NewArrayOrString("$(arraykey)"), + input: &v1beta1.ArrayOrString{ + Type: v1beta1.ParamTypeArray, + ArrayVal: []string{"$(arraykey)"}, + }, + arrayReplacements: map[string][]string{"arraykey": {}}, + }, + expectedOutput: &v1beta1.ArrayOrString{Type: v1beta1.ParamTypeArray, ArrayVal: []string{}}, + }, { + name: "empty array replacement with extra elements", args: args{ input: v1beta1.NewArrayOrString("firstvalue", "$(arraykey)", "lastvalue"), stringReplacements: map[string]string{"some": "value", "anotherkey": "value"}, diff --git a/pkg/pod/creds_init.go b/pkg/pod/creds_init.go index 117c805e7a9..393210c09ef 100644 --- a/pkg/pod/creds_init.go +++ b/pkg/pod/creds_init.go @@ -33,6 +33,7 @@ import ( ) const ( + // #nosec credsInitHomeMountPrefix = "tekton-creds-init-home" sshKnownHosts = "known_hosts" )