From 825617be7d23f1f2d7c0c6bbb85b823b2e3b9baa Mon Sep 17 00:00:00 2001 From: Anthony Dahanne Date: Mon, 29 Jul 2024 00:03:26 -0400 Subject: [PATCH] Fix buildpacks#2237: consider /workspace as a sensitive dir Signed-off-by: Anthony Dahanne --- pkg/client/build_test.go | 6 ++++-- pkg/client/process_volumes.go | 4 ++-- pkg/client/process_volumes_darwin.go | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pkg/client/build_test.go b/pkg/client/build_test.go index b645421f8..987786acd 100644 --- a/pkg/client/build_test.go +++ b/pkg/client/build_test.go @@ -2925,6 +2925,8 @@ api = "0.2" "/cnb/nested", "/layers", "/layers/nested", + "/workspace", + "/workspace/bindings", } { p := p it(fmt.Sprintf("warns when mounting to '%s'", p), func() { @@ -2997,7 +2999,7 @@ api = "0.2" when("mounting onto cnb spec'd dir", func() { for _, p := range []string{ - `/cnb`, `/cnb/buildpacks`, `/layers`, + `/cnb`, `/cnb/buildpacks`, `/layers`, `/workspace`, } { p := p it(fmt.Sprintf("warns when mounting to '%s'", p), func() { @@ -3067,7 +3069,7 @@ api = "0.2" when("mounting onto cnb spec'd dir", func() { for _, p := range []string{ - `c:\cnb`, `c:\cnb\buildpacks`, `c:\layers`, + `c:\cnb`, `c:\cnb\buildpacks`, `c:\layers`, `c:\workspace`, } { p := p it(fmt.Sprintf("warns when mounting to '%s'", p), func() { diff --git a/pkg/client/process_volumes.go b/pkg/client/process_volumes.go index b079c6bf6..6e36b8e2c 100644 --- a/pkg/client/process_volumes.go +++ b/pkg/client/process_volumes.go @@ -29,9 +29,9 @@ func processVolumes(imgOS string, volumes []string) (processed []string, warning return nil, nil, errors.Wrapf(err, "platform volume %q has invalid format", v) } - sensitiveDirs := []string{"/cnb", "/layers"} + sensitiveDirs := []string{"/cnb", "/layers", "/workspace"} if imgOS == "windows" { - sensitiveDirs = []string{`c:/cnb`, `c:\cnb`, `c:/layers`, `c:\layers`} + sensitiveDirs = []string{`c:/cnb`, `c:\cnb`, `c:/layers`, `c:\layers`, `c:/workspace`, `c:\workspace`} } for _, p := range sensitiveDirs { if strings.HasPrefix(strings.ToLower(volume.Spec.Target), p) { diff --git a/pkg/client/process_volumes_darwin.go b/pkg/client/process_volumes_darwin.go index 35ea69cc9..030bf3e71 100644 --- a/pkg/client/process_volumes_darwin.go +++ b/pkg/client/process_volumes_darwin.go @@ -17,7 +17,7 @@ func processVolumes(imgOS string, volumes []string) (processed []string, warning if err != nil { return nil, nil, err } - sensitiveDirs := []string{"/cnb", "/layers"} + sensitiveDirs := []string{"/cnb", "/layers", "/workspace"} if imgOS == "windows" { sensitiveDirs = []string{`c:/cnb`, `c:\cnb`, `c:/layers`, `c:\layers`} }