Extract symlinks to filesystem and add support for a whitelist

Author: Priya Wadhwa

pkg/util/cloud_prepper.go

@@ -59,7 +59,7 @@ func (p CloudPrepper) GetFileSystem() (string, error) {
 		return "", err
 	}
 
-	return path, getFileSystemFromReference(ref, p.ImageSource, path)
+	return path, GetFileSystemFromReference(ref, p.ImageSource, path, []string{})
 }
 
 func (p CloudPrepper) GetConfig() (ConfigSchema, error) {

pkg/util/daemon_prepper.go

@@ -64,7 +64,7 @@ func (p DaemonPrepper) GetFileSystem() (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return path, getFileSystemFromReference(ref, src, path)
+	return path, GetFileSystemFromReference(ref, src, path, []string{})
 }
 
 func (p DaemonPrepper) GetConfig() (ConfigSchema, error) {

pkg/util/docker_utils.go

@@ -115,7 +115,7 @@ func unpackDockerSave(tarPath string, target string) error {
 	}
 
 	for _, layer := range layers {
-		if err = UnTar(bytes.NewReader(layerMap[layer]), target); err != nil {
+		if err = UnTar(bytes.NewReader(layerMap[layer]), target, []string{}); err != nil {
 			return fmt.Errorf("Could not unpack layer %s: %s", layer, err)
 		}
 	}

pkg/util/image_prep_utils.go

@@ -127,7 +127,7 @@ func getImageFromTar(tarPath string) (string, error) {
 	return tempPath, unpackDockerSave(tarPath, tempPath)
 }
 
-func getFileSystemFromReference(ref types.ImageReference, imgSrc types.ImageSource, path string) error {
+func GetFileSystemFromReference(ref types.ImageReference, imgSrc types.ImageSource, path string, whitelist []string) error {
 	img, err := ref.NewImage(nil)
 	if err != nil {
 		return err
@@ -151,7 +151,7 @@ func getFileSystemFromReference(ref types.ImageReference, imgSrc types.ImageSour
 			}
 		}
 		tr := tar.NewReader(reader)
-		if err := unpackTar(tr, path); err != nil {
+		if err := unpackTar(tr, path, whitelist); err != nil {
 			return err
 		}
 	}

pkg/util/tar_prepper.go

@@ -19,13 +19,12 @@ package util
 import (
 	"encoding/json"
 	"errors"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
 	"github.com/containers/image/docker/tarfile"
 	"github.com/docker/docker/client"
 	"github.com/sirupsen/logrus"
+	"io/ioutil"
+	"os"
+	"path/filepath"
 )
 
 type TarPrepper struct {
@@ -62,7 +61,7 @@ func (p TarPrepper) GetConfig() (ConfigSchema, error) {
 		return ConfigSchema{}, err
 	}
 	defer f.Close()
-	if err := UnTar(f, tempDir); err != nil {
+	if err := UnTar(f, tempDir, []string{}); err != nil {
 		return ConfigSchema{}, err
 	}
 

pkg/util/tar_utils.go

@@ -26,7 +26,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func unpackTar(tr *tar.Reader, path string) error {
+func unpackTar(tr *tar.Reader, path string, whitelist []string) error {
 	for {
 		header, err := tr.Next()
 		if err == io.EOF {
@@ -37,7 +37,6 @@ func unpackTar(tr *tar.Reader, path string) error {
 			logrus.Error("Error getting next tar header")
 			return err
 		}
-
 		if strings.Contains(header.Name, ".wh.") {
 			rmPath := filepath.Join(path, header.Name)
 			// Remove the .wh file if it was extracted.
@@ -49,13 +48,16 @@ func unpackTar(tr *tar.Reader, path string) error {
 
 			// Remove the whited-out path.
 			newName := strings.Replace(rmPath, ".wh.", "", 1)
-			if err = os.RemoveAll(newName); err != nil {
+			if err = walkAndRemove(newName); err != nil {
 				logrus.Error(err)
 			}
 			continue
 		}
-
 		target := filepath.Join(path, header.Name)
+		// Make sure the target isn't part of the whitelist
+		if checkWhitelist(target, whitelist) {
+			continue
+		}
 		mode := header.FileInfo().Mode()
 		switch header.Typeflag {
 
@@ -65,7 +67,7 @@ func unpackTar(tr *tar.Reader, path string) error {
 				if err := os.MkdirAll(target, mode); err != nil {
 					return err
 				}
-			} else {
+				// In some cases, MkdirAll doesn't change the permissions, so run Chmod
 				if err := os.Chmod(target, mode); err != nil {
 					return err
 				}
@@ -81,7 +83,6 @@ func unpackTar(tr *tar.Reader, path string) error {
 					return err
 				}
 			}
-
 			// It's possible we end up creating files that can't be overwritten based on their permissions.
 			// Explicitly delete an existing file before continuing.
 			if _, err := os.Stat(target); !os.IsNotExist(err) {
@@ -106,21 +107,52 @@ func unpackTar(tr *tar.Reader, path string) error {
 				return err
 			}
 			currFile.Close()
-		}
+		case tar.TypeSymlink:
+			// It's possible we end up creating files that can't be overwritten based on their permissions.
+			// Explicitly delete an existing file before continuing.
+			if _, err := os.Stat(target); !os.IsNotExist(err) {
+				logrus.Debugf("Removing %s to create symlink.", target)
+				if err := walkAndRemove(target); err != nil {
+					logrus.Debugf("Unable to remove %s: %s", target, err)
+				}
+			}
 
+			if err = os.Symlink(header.Linkname, target); err != nil {
+				logrus.Errorf("Failed to create symlink between %s and %s: %s", header.Linkname, target, err)
+			}
+		}
 	}
 	return nil
 }
 
+func walkAndRemove(p string) error {
+	return filepath.Walk(p, func(path string, info os.FileInfo, err error) error {
+		if e := os.Chmod(path, 0777); e != nil {
+			logrus.Errorf("Error updating file permissions on %s before removing for symlink creation", path)
+			return e
+		}
+		return os.RemoveAll(path)
+	})
+}
+
+func checkWhitelist(target string, whitelist []string) bool {
+	for _, w := range whitelist {
+		if strings.HasPrefix(target, w) {
+			return true
+		}
+	}
+	return false
+}
+
 // UnTar takes in a path to a tar file and writes the untarred version to the provided target.
 // Only untars one level, does not untar nested tars.
-func UnTar(r io.Reader, target string) error {
+func UnTar(r io.Reader, target string, whitelist []string) error {
 	if _, ok := os.Stat(target); ok != nil {
 		os.MkdirAll(target, 0775)
 	}
 
 	tr := tar.NewReader(r)
-	if err := unpackTar(tr, target); err != nil {
+	if err := unpackTar(tr, target, whitelist); err != nil {
 		return err
 	}
 	return nil

util/tar_utils_test.go

@@ -30,12 +30,13 @@ import (
 
 func TestUnTar(t *testing.T) {
 	testCases := []struct {
-		descrip  string
-		tarPath  string
-		target   string
-		expected string
-		starter  string
-		err      bool
+		descrip   string
+		tarPath   string
+		target    string
+		expected  string
+		starter   string
+		whitelist []string
+		err       bool
 	}{
 		{
 			descrip:  "Tar with files",
@@ -76,6 +77,13 @@ func TestUnTar(t *testing.T) {
 			expected: "testTars/la-croix-dir-update-actual",
 			starter:  "testTars/la-croix-starter",
 		},
+		{
+			descrip:   "Tar with whitelist",
+			tarPath:   "testTars/la-croix2.tar",
+			target:    "testTars/la-croix-whitelist",
+			expected:  "testTars/la-croix1-actual",
+			whitelist: []string{"testTars/la-croix-whitelist/nest"},
+		},
 	}
 	for _, test := range testCases {
 		remove := true
@@ -86,7 +94,7 @@ func TestUnTar(t *testing.T) {
 		if err != nil {
 			t.Errorf("Error opening tar: %s", err)
 		}
-		if err := pkgutil.UnTar(r, test.target); err != nil && !test.err {
+		if err := pkgutil.UnTar(r, test.target, test.whitelist); err != nil && !test.err {
 			t.Errorf(test.descrip, "Got unexpected error: %s", err)
 			remove = false
 		}