From 3c3e42652252584fb69be8426420fd1e9bef066a Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 30 Aug 2022 16:57:54 +0200 Subject: [PATCH 1/2] Fix the issue with empty array replacement Prior to this change, if there is only one element in an array that is a reference to an empty array, the original array becomes nil after replacement, but it should be an empty array instead of nil. Fixes tektoncd#5149 Signed-off-by: Vincent Demeester --- pkg/apis/pipeline/v1beta1/param_types.go | 2 +- pkg/apis/pipeline/v1beta1/param_types_test.go | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/pkg/apis/pipeline/v1beta1/param_types.go b/pkg/apis/pipeline/v1beta1/param_types.go index 068278264fd..c4414f2e15a 100644 --- a/pkg/apis/pipeline/v1beta1/param_types.go +++ b/pkg/apis/pipeline/v1beta1/param_types.go @@ -199,7 +199,7 @@ func (arrayOrString *ArrayOrString) ApplyReplacements(stringReplacements map[str if arrayOrString.Type == ParamTypeString { arrayOrString.StringVal = substitution.ApplyReplacements(arrayOrString.StringVal, stringReplacements) } else { - var newArrayVal []string + newArrayVal := []string{} for _, v := range arrayOrString.ArrayVal { newArrayVal = append(newArrayVal, substitution.ApplyArrayReplacements(v, stringReplacements, arrayReplacements)...) } diff --git a/pkg/apis/pipeline/v1beta1/param_types_test.go b/pkg/apis/pipeline/v1beta1/param_types_test.go index b9dedac0100..d288d28e5c8 100644 --- a/pkg/apis/pipeline/v1beta1/param_types_test.go +++ b/pkg/apis/pipeline/v1beta1/param_types_test.go @@ -200,7 +200,18 @@ func TestArrayOrString_ApplyReplacements(t *testing.T) { }, expectedOutput: v1beta1.NewArrayOrString("firstvalue", "array", "value", "lastvalue", "asdf", "sdfsd"), }, { - name: "empty array replacement", + name: "empty array replacement without extra elements", + args: args{ + // input: v1beta1.NewArrayOrString("$(arraykey)"), + input: &v1beta1.ArrayOrString{ + Type: v1beta1.ParamTypeArray, + ArrayVal: []string{"$(arraykey)"}, + }, + arrayReplacements: map[string][]string{"arraykey": {}}, + }, + expectedOutput: &v1beta1.ArrayOrString{Type: v1beta1.ParamTypeArray, ArrayVal: []string{}}, + }, { + name: "empty array replacement with extra elements", args: args{ input: v1beta1.NewArrayOrString("firstvalue", "$(arraykey)", "lastvalue"), stringReplacements: map[string]string{"some": "value", "anotherkey": "value"}, From ade172da4bb9d009d91c0f4de47f8596f9062ee1 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 30 Aug 2022 17:27:56 +0200 Subject: [PATCH 2/2] Add // #nosec :) Signed-off-by: Vincent Demeester --- pkg/apis/pipeline/paths.go | 1 + pkg/pod/creds_init.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/apis/pipeline/paths.go b/pkg/apis/pipeline/paths.go index 5a15b2014e1..5f568b0d8d1 100644 --- a/pkg/apis/pipeline/paths.go +++ b/pkg/apis/pipeline/paths.go @@ -25,6 +25,7 @@ const ( HomeDir = "/tekton/home" // CredsDir is the directory where credentials are placed to meet the legacy credentials // helpers image (aka "creds-init") contract + // #nosec CredsDir = "/tekton/creds" // StepsDir is the directory used for a step to store any metadata related to the step StepsDir = "/tekton/steps" diff --git a/pkg/pod/creds_init.go b/pkg/pod/creds_init.go index 117c805e7a9..393210c09ef 100644 --- a/pkg/pod/creds_init.go +++ b/pkg/pod/creds_init.go @@ -33,6 +33,7 @@ import ( ) const ( + // #nosec credsInitHomeMountPrefix = "tekton-creds-init-home" sshKnownHosts = "known_hosts" )