diff --git a/v2/go.mod b/v2/go.mod index 8fc07ba3..123b3ef9 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -3,10 +3,10 @@ module github.com/estesp/manifest-tool/v2 go 1.19 require ( - github.com/containerd/containerd v1.7.2 - github.com/docker/cli v23.0.3+incompatible + github.com/containerd/containerd v1.7.4 + github.com/docker/cli v23.0.6+incompatible github.com/docker/distribution v2.8.2+incompatible - github.com/docker/docker v23.0.3+incompatible + github.com/docker/docker v23.0.6+incompatible github.com/fatih/color v1.10.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc4 @@ -18,9 +18,8 @@ require ( ) require ( - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect - github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect diff --git a/v2/go.sum b/v2/go.sum index 44032887..2ed86b41 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -1,25 +1,23 @@ -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/containerd v1.7.2 h1:UF2gdONnxO8I6byZXDi5sXWiWvlW3D/sci7dTQimEJo= -github.com/containerd/containerd v1.7.2/go.mod h1:afcz74+K10M/+cjGHIVQrCt3RAQhUSCAjJ9iMYhhkuI= -github.com/containerd/continuity v0.4.1 h1:wQnVrjIyQ8vhU2sgOiL5T07jo+ouqc2bnKsv5/EqGhU= +github.com/containerd/containerd v1.7.4 h1:Q5lwCrO44ahHhO65rXthXkfJUG5W78LXwK9gTt8XFfU= +github.com/containerd/containerd v1.7.4/go.mod h1:gq7JDNtCrI1Zlcc572a9tvP1f1Ja8VBxiB9J00apAtU= +github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381 h1:a5jOuoZHKBi2oH9JsfNqrrPpHhmrYU0NAte3M/EPudw= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/cli v23.0.3+incompatible h1:Zcse1DuDqBdgI7OQDV8Go7b83xLgfhW1eza4HfEdxpY= -github.com/docker/cli v23.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v23.0.6+incompatible h1:CScadyCJ2ZKUDpAMZta6vK8I+6/m60VIjGIV7Wg/Eu4= +github.com/docker/cli v23.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= -github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU= +github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg= diff --git a/v2/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go b/v2/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go index fdde08a7..adfeedf5 100644 --- a/v2/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go +++ b/v2/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go @@ -25,11 +25,10 @@ import ( "os" "path/filepath" "reflect" + "strconv" "strings" "time" "unsafe" - - securejoin "github.com/cyphar/filepath-securejoin" ) var ( @@ -389,11 +388,11 @@ func (f *ConsumeFuzzer) GetUint16() (uint16, error) { } func (f *ConsumeFuzzer) GetUint32() (uint32, error) { - i, err := f.GetInt() + u32, err := f.GetNBytes(4) if err != nil { - return uint32(0), err + return 0, err } - return uint32(i), nil + return binary.BigEndian.Uint32(u32), nil } func (f *ConsumeFuzzer) GetUint64() (uint64, error) { @@ -412,26 +411,27 @@ func (f *ConsumeFuzzer) GetUint64() (uint64, error) { } func (f *ConsumeFuzzer) GetBytes() ([]byte, error) { - if f.position >= f.dataTotal { - return nil, errors.New("not enough bytes to create byte array") - } - length, err := f.GetUint32() + var length uint32 + var err error + length, err = f.GetUint32() if err != nil { return nil, errors.New("not enough bytes to create byte array") } - if f.position+length > MaxTotalLen { - return nil, errors.New("created too large a string") - } - byteBegin := f.position - 1 - if byteBegin >= f.dataTotal { - return nil, errors.New("not enough bytes to create byte array") - } + if length == 0 { - return nil, errors.New("zero-length is not supported") + length = 30 } - if byteBegin+length >= f.dataTotal { + bytesLeft := f.dataTotal - f.position + if bytesLeft <= 0 { return nil, errors.New("not enough bytes to create byte array") } + + // If the length is the same as bytes left, we will not overflow + // the remaining bytes. + if length != bytesLeft { + length = length % bytesLeft + } + byteBegin := f.position if byteBegin+length < byteBegin { return nil, errors.New("numbers overflow") } @@ -482,6 +482,7 @@ func (f *ConsumeFuzzer) FuzzMap(m interface{}) error { } func returnTarBytes(buf []byte) ([]byte, error) { + return buf, nil // Count files var fileCounter int tr := tar.NewReader(bytes.NewReader(buf)) @@ -504,7 +505,8 @@ func returnTarBytes(buf []byte) ([]byte, error) { func setTarHeaderFormat(hdr *tar.Header, f *ConsumeFuzzer) error { ind, err := f.GetInt() if err != nil { - return err + hdr.Format = tar.FormatGNU + //return nil } switch ind % 4 { case 0: @@ -565,71 +567,17 @@ func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error { return nil } -func tooSmallFileBody(length uint32) bool { - if length < 2 { - return true - } - if length < 4 { - return true - } - if length < 10 { - return true - } - if length < 100 { - return true - } - if length < 500 { - return true - } - if length < 1000 { - return true - } - if length < 2000 { - return true - } - if length < 4000 { - return true - } - if length < 8000 { - return true - } - if length < 16000 { - return true - } - if length < 32000 { - return true - } - if length < 64000 { - return true - } - if length < 128000 { - return true - } - if length < 264000 { - return true - } - return false -} - func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) { - length, err := f.GetUint32() + return f.GetBytes() + /*length, err := f.GetUint32() if err != nil { return nil, errors.New("not enough bytes to create byte array") } - shouldUseLargeFileBody, err := f.GetBool() - if err != nil { - return nil, errors.New("not enough bytes to check long file body") - } - - if shouldUseLargeFileBody && tooSmallFileBody(length) { - return nil, errors.New("File body was too small") - } - // A bit of optimization to attempt to create a file body // when we don't have as many bytes left as "length" remainingBytes := f.dataTotal - f.position - if remainingBytes == 0 { + if remainingBytes <= 0 { return nil, errors.New("created too large a string") } if f.position+length > MaxTotalLen { @@ -649,14 +597,15 @@ func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) { return nil, errors.New("numbers overflow") } f.position = byteBegin + length - return f.data[byteBegin:f.position], nil + return f.data[byteBegin:f.position], nil*/ } // getTarFileName is similar to GetString(), but creates string based // on the length of f.data to reduce the likelihood of overflowing // f.data. func (f *ConsumeFuzzer) getTarFilename() (string, error) { - length, err := f.GetUint32() + return f.GetString() + /*length, err := f.GetUint32() if err != nil { return "nil", errors.New("not enough bytes to create string") } @@ -664,14 +613,9 @@ func (f *ConsumeFuzzer) getTarFilename() (string, error) { // A bit of optimization to attempt to create a file name // when we don't have as many bytes left as "length" remainingBytes := f.dataTotal - f.position - if remainingBytes == 0 { + if remainingBytes <= 0 { return "nil", errors.New("created too large a string") } - if remainingBytes < 50 { - length = length % remainingBytes - } else if f.dataTotal < 500 { - length = length % f.dataTotal - } if f.position > MaxTotalLen { return "nil", errors.New("created too large a string") } @@ -686,7 +630,12 @@ func (f *ConsumeFuzzer) getTarFilename() (string, error) { return "nil", errors.New("numbers overflow") } f.position = byteBegin + length - return string(f.data[byteBegin:f.position]), nil + return string(f.data[byteBegin:f.position]), nil*/ +} + +type TarFile struct { + Hdr *tar.Header + Body []byte } // TarBytes returns valid bytes for a tar archive @@ -695,28 +644,101 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) { if err != nil { return nil, err } + var tarFiles []*TarFile + tarFiles = make([]*TarFile, 0) + + const maxNoOfFiles = 100 + for i := 0; i < numberOfFiles%maxNoOfFiles; i++ { + var filename string + var filebody []byte + var sec, nsec int + var err error + + filename, err = f.getTarFilename() + if err != nil { + var sb strings.Builder + sb.WriteString("file-") + sb.WriteString(strconv.Itoa(i)) + filename = sb.String() + } + filebody, err = f.createTarFileBody() + if err != nil { + var sb strings.Builder + sb.WriteString("filebody-") + sb.WriteString(strconv.Itoa(i)) + filebody = []byte(sb.String()) + } + + sec, err = f.GetInt() + if err != nil { + sec = 1672531200 // beginning of 2023 + } + nsec, err = f.GetInt() + if err != nil { + nsec = 1703980800 // end of 2023 + } + + hdr := &tar.Header{ + Name: filename, + Size: int64(len(filebody)), + Mode: 0o600, + ModTime: time.Unix(int64(sec), int64(nsec)), + } + if err := setTarHeaderTypeflag(hdr, f); err != nil { + return []byte(""), err + } + if err := setTarHeaderFormat(hdr, f); err != nil { + return []byte(""), err + } + tf := &TarFile{ + Hdr: hdr, + Body: filebody, + } + tarFiles = append(tarFiles, tf) + } var buf bytes.Buffer tw := tar.NewWriter(&buf) defer tw.Close() - const maxNoOfFiles = 1000 + for _, tf := range tarFiles { + tw.WriteHeader(tf.Hdr) + tw.Write(tf.Body) + } + return buf.Bytes(), nil +} + +// This is similar to TarBytes, but it returns a series of +// files instead of raw tar bytes. The advantage of this +// api is that it is cheaper in terms of cpu power to +// modify or check the files in the fuzzer with TarFiles() +// because it avoids creating a tar reader. +func (f *ConsumeFuzzer) TarFiles() ([]*TarFile, error) { + numberOfFiles, err := f.GetInt() + if err != nil { + return nil, err + } + var tarFiles []*TarFile + tarFiles = make([]*TarFile, 0) + + const maxNoOfFiles = 100 for i := 0; i < numberOfFiles%maxNoOfFiles; i++ { filename, err := f.getTarFilename() if err != nil { - return returnTarBytes(buf.Bytes()) + return tarFiles, err } filebody, err := f.createTarFileBody() if err != nil { - return returnTarBytes(buf.Bytes()) + return tarFiles, err } + sec, err := f.GetInt() if err != nil { - return returnTarBytes(buf.Bytes()) + return tarFiles, err } nsec, err := f.GetInt() if err != nil { - return returnTarBytes(buf.Bytes()) + return tarFiles, err } hdr := &tar.Header{ @@ -726,19 +748,18 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) { ModTime: time.Unix(int64(sec), int64(nsec)), } if err := setTarHeaderTypeflag(hdr, f); err != nil { - return returnTarBytes(buf.Bytes()) + hdr.Typeflag = tar.TypeReg } if err := setTarHeaderFormat(hdr, f); err != nil { - return returnTarBytes(buf.Bytes()) - } - if err := tw.WriteHeader(hdr); err != nil { - return returnTarBytes(buf.Bytes()) + return tarFiles, err // should not happend } - if _, err := tw.Write(filebody); err != nil { - return returnTarBytes(buf.Bytes()) + tf := &TarFile{ + Hdr: hdr, + Body: filebody, } + tarFiles = append(tarFiles, tf) } - return buf.Bytes(), nil + return tarFiles, nil } // CreateFiles creates pseudo-random files in rootDir. @@ -767,10 +788,10 @@ func (f *ConsumeFuzzer) CreateFiles(rootDir string) error { return errors.New("could not get fileName") } } - fullFilePath, err := securejoin.SecureJoin(rootDir, fileName) - if err != nil { - return err + if strings.Contains(fileName, "..") || (len(fileName) > 0 && fileName[0] == 47) || strings.Contains(fileName, "\\") { + continue } + fullFilePath := filepath.Join(rootDir, fileName) // Find the subdirectory of the file if subDir := filepath.Dir(fileName); subDir != "" && subDir != "." { @@ -778,20 +799,14 @@ func (f *ConsumeFuzzer) CreateFiles(rootDir string) error { if strings.Contains(subDir, "../") || (len(subDir) > 0 && subDir[0] == 47) || strings.Contains(subDir, "\\") { continue } - dirPath, err := securejoin.SecureJoin(rootDir, subDir) - if err != nil { - continue - } + dirPath := filepath.Join(rootDir, subDir) if _, err := os.Stat(dirPath); os.IsNotExist(err) { err2 := os.MkdirAll(dirPath, 0o777) if err2 != nil { continue } } - fullFilePath, err = securejoin.SecureJoin(dirPath, fileName) - if err != nil { - continue - } + fullFilePath = filepath.Join(dirPath, fileName) } else { // Create symlink createSymlink, err := f.GetBool() diff --git a/v2/vendor/github.com/containerd/containerd/log/context.go b/v2/vendor/github.com/containerd/containerd/log/context.go index 92cfcd91..b63c602f 100644 --- a/v2/vendor/github.com/containerd/containerd/log/context.go +++ b/v2/vendor/github.com/containerd/containerd/log/context.go @@ -18,6 +18,7 @@ package log import ( "context" + "fmt" "github.com/sirupsen/logrus" ) @@ -38,6 +39,9 @@ type ( // Fields type to pass to `WithFields`, alias from `logrus`. Fields = logrus.Fields + + // Level is a logging level + Level = logrus.Level ) const ( @@ -50,8 +54,52 @@ const ( // JSONFormat represents the JSON logging format JSONFormat = "json" + + // TraceLevel level. + TraceLevel = logrus.TraceLevel + + // DebugLevel level. + DebugLevel = logrus.DebugLevel + + // InfoLevel level. + InfoLevel = logrus.InfoLevel ) +// SetLevel sets log level globally. +func SetLevel(level string) error { + lvl, err := logrus.ParseLevel(level) + if err != nil { + return err + } + + logrus.SetLevel(lvl) + return nil +} + +// GetLevel returns the current log level. +func GetLevel() Level { + return logrus.GetLevel() +} + +// SetFormat sets log output format +func SetFormat(format string) error { + switch format { + case TextFormat: + logrus.SetFormatter(&logrus.TextFormatter{ + TimestampFormat: RFC3339NanoFixed, + FullTimestamp: true, + }) + case JSONFormat: + logrus.SetFormatter(&logrus.JSONFormatter{ + TimestampFormat: RFC3339NanoFixed, + }) + default: + return fmt.Errorf("unknown log format: %s", format) + } + + return nil +} + // WithLogger returns a new context with the provided logger. Use in // combination with logger.WithField(s) for great effect. func WithLogger(ctx context.Context, logger *logrus.Entry) context.Context { diff --git a/v2/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/v2/vendor/github.com/containerd/containerd/remotes/docker/resolver.go index a04ef4d9..96110a18 100644 --- a/v2/vendor/github.com/containerd/containerd/remotes/docker/resolver.go +++ b/v2/vendor/github.com/containerd/containerd/remotes/docker/resolver.go @@ -148,6 +148,9 @@ func NewResolver(options ResolverOptions) remotes.Resolver { if options.Headers == nil { options.Headers = make(http.Header) + } else { + // make a copy of the headers to avoid race due to concurrent map write + options.Headers = options.Headers.Clone() } if _, ok := options.Headers["User-Agent"]; !ok { options.Headers.Set("User-Agent", "containerd/"+version.Version) @@ -543,9 +546,10 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { if err != nil { return nil, err } - req.Header = http.Header{} // headers need to be copied to avoid concurrent map access - for k, v := range r.header { - req.Header[k] = v + if r.header == nil { + req.Header = http.Header{} + } else { + req.Header = r.header.Clone() // headers need to be copied to avoid concurrent map access } if r.body != nil { body, err := r.body() diff --git a/v2/vendor/github.com/containerd/containerd/version/version.go b/v2/vendor/github.com/containerd/containerd/version/version.go index 5639e20d..b1d3be63 100644 --- a/v2/vendor/github.com/containerd/containerd/version/version.go +++ b/v2/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.7.2+unknown" + Version = "1.7.3+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/v2/vendor/github.com/cyphar/filepath-securejoin/.travis.yml b/v2/vendor/github.com/cyphar/filepath-securejoin/.travis.yml deleted file mode 100644 index b94ff8cf..00000000 --- a/v2/vendor/github.com/cyphar/filepath-securejoin/.travis.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (C) 2017 SUSE LLC. All rights reserved. -# Use of this source code is governed by a BSD-style -# license that can be found in the LICENSE file. - -language: go -go: - - 1.13.x - - 1.16.x - - tip -arch: - - AMD64 - - ppc64le -os: - - linux - - osx - -script: - - go test -cover -v ./... - -notifications: - email: false diff --git a/v2/vendor/github.com/cyphar/filepath-securejoin/LICENSE b/v2/vendor/github.com/cyphar/filepath-securejoin/LICENSE deleted file mode 100644 index bec842f2..00000000 --- a/v2/vendor/github.com/cyphar/filepath-securejoin/LICENSE +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -Copyright (C) 2017 SUSE LLC. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/v2/vendor/github.com/cyphar/filepath-securejoin/README.md b/v2/vendor/github.com/cyphar/filepath-securejoin/README.md deleted file mode 100644 index 3624617c..00000000 --- a/v2/vendor/github.com/cyphar/filepath-securejoin/README.md +++ /dev/null @@ -1,79 +0,0 @@ -## `filepath-securejoin` ## - -[![Build Status](https://travis-ci.org/cyphar/filepath-securejoin.svg?branch=master)](https://travis-ci.org/cyphar/filepath-securejoin) - -An implementation of `SecureJoin`, a [candidate for inclusion in the Go -standard library][go#20126]. The purpose of this function is to be a "secure" -alternative to `filepath.Join`, and in particular it provides certain -guarantees that are not provided by `filepath.Join`. - -> **NOTE**: This code is *only* safe if you are not at risk of other processes -> modifying path components after you've used `SecureJoin`. If it is possible -> for a malicious process to modify path components of the resolved path, then -> you will be vulnerable to some fairly trivial TOCTOU race conditions. [There -> are some Linux kernel patches I'm working on which might allow for a better -> solution.][lwn-obeneath] -> -> In addition, with a slightly modified API it might be possible to use -> `O_PATH` and verify that the opened path is actually the resolved one -- but -> I have not done that yet. I might add it in the future as a helper function -> to help users verify the path (we can't just return `/proc/self/fd/` -> because that doesn't always work transparently for all users). - -This is the function prototype: - -```go -func SecureJoin(root, unsafePath string) (string, error) -``` - -This library **guarantees** the following: - -* If no error is set, the resulting string **must** be a child path of - `root` and will not contain any symlink path components (they will all be - expanded). - -* When expanding symlinks, all symlink path components **must** be resolved - relative to the provided root. In particular, this can be considered a - userspace implementation of how `chroot(2)` operates on file paths. Note that - these symlinks will **not** be expanded lexically (`filepath.Clean` is not - called on the input before processing). - -* Non-existent path components are unaffected by `SecureJoin` (similar to - `filepath.EvalSymlinks`'s semantics). - -* The returned path will always be `filepath.Clean`ed and thus not contain any - `..` components. - -A (trivial) implementation of this function on GNU/Linux systems could be done -with the following (note that this requires root privileges and is far more -opaque than the implementation in this library, and also requires that -`readlink` is inside the `root` path): - -```go -package securejoin - -import ( - "os/exec" - "path/filepath" -) - -func SecureJoin(root, unsafePath string) (string, error) { - unsafePath = string(filepath.Separator) + unsafePath - cmd := exec.Command("chroot", root, - "readlink", "--canonicalize-missing", "--no-newline", unsafePath) - output, err := cmd.CombinedOutput() - if err != nil { - return "", err - } - expanded := string(output) - return filepath.Join(root, expanded), nil -} -``` - -[lwn-obeneath]: https://lwn.net/Articles/767547/ -[go#20126]: https://github.com/golang/go/issues/20126 - -### License ### - -The license of this project is the same as Go, which is a BSD 3-clause license -available in the `LICENSE` file. diff --git a/v2/vendor/github.com/cyphar/filepath-securejoin/VERSION b/v2/vendor/github.com/cyphar/filepath-securejoin/VERSION deleted file mode 100644 index 71790396..00000000 --- a/v2/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ /dev/null @@ -1 +0,0 @@ -0.2.3 diff --git a/v2/vendor/github.com/cyphar/filepath-securejoin/join.go b/v2/vendor/github.com/cyphar/filepath-securejoin/join.go deleted file mode 100644 index 7dd08dbb..00000000 --- a/v2/vendor/github.com/cyphar/filepath-securejoin/join.go +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -// Copyright (C) 2017 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package securejoin is an implementation of the hopefully-soon-to-be-included -// SecureJoin helper that is meant to be part of the "path/filepath" package. -// The purpose of this project is to provide a PoC implementation to make the -// SecureJoin proposal (https://github.com/golang/go/issues/20126) more -// tangible. -package securejoin - -import ( - "bytes" - "errors" - "os" - "path/filepath" - "strings" - "syscall" -) - -// IsNotExist tells you if err is an error that implies that either the path -// accessed does not exist (or path components don't exist). This is -// effectively a more broad version of os.IsNotExist. -func IsNotExist(err error) bool { - // Check that it's not actually an ENOTDIR, which in some cases is a more - // convoluted case of ENOENT (usually involving weird paths). - return errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) || errors.Is(err, syscall.ENOENT) -} - -// SecureJoinVFS joins the two given path components (similar to Join) except -// that the returned path is guaranteed to be scoped inside the provided root -// path (when evaluated). Any symbolic links in the path are evaluated with the -// given root treated as the root of the filesystem, similar to a chroot. The -// filesystem state is evaluated through the given VFS interface (if nil, the -// standard os.* family of functions are used). -// -// Note that the guarantees provided by this function only apply if the path -// components in the returned string are not modified (in other words are not -// replaced with symlinks on the filesystem) after this function has returned. -// Such a symlink race is necessarily out-of-scope of SecureJoin. -func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { - // Use the os.* VFS implementation if none was specified. - if vfs == nil { - vfs = osVFS{} - } - - var path bytes.Buffer - n := 0 - for unsafePath != "" { - if n > 255 { - return "", &os.PathError{Op: "SecureJoin", Path: root + "/" + unsafePath, Err: syscall.ELOOP} - } - - // Next path component, p. - i := strings.IndexRune(unsafePath, filepath.Separator) - var p string - if i == -1 { - p, unsafePath = unsafePath, "" - } else { - p, unsafePath = unsafePath[:i], unsafePath[i+1:] - } - - // Create a cleaned path, using the lexical semantics of /../a, to - // create a "scoped" path component which can safely be joined to fullP - // for evaluation. At this point, path.String() doesn't contain any - // symlink components. - cleanP := filepath.Clean(string(filepath.Separator) + path.String() + p) - if cleanP == string(filepath.Separator) { - path.Reset() - continue - } - fullP := filepath.Clean(root + cleanP) - - // Figure out whether the path is a symlink. - fi, err := vfs.Lstat(fullP) - if err != nil && !IsNotExist(err) { - return "", err - } - // Treat non-existent path components the same as non-symlinks (we - // can't do any better here). - if IsNotExist(err) || fi.Mode()&os.ModeSymlink == 0 { - path.WriteString(p) - path.WriteRune(filepath.Separator) - continue - } - - // Only increment when we actually dereference a link. - n++ - - // It's a symlink, expand it by prepending it to the yet-unparsed path. - dest, err := vfs.Readlink(fullP) - if err != nil { - return "", err - } - // Absolute symlinks reset any work we've already done. - if filepath.IsAbs(dest) { - path.Reset() - } - unsafePath = dest + string(filepath.Separator) + unsafePath - } - - // We have to clean path.String() here because it may contain '..' - // components that are entirely lexical, but would be misleading otherwise. - // And finally do a final clean to ensure that root is also lexically - // clean. - fullP := filepath.Clean(string(filepath.Separator) + path.String()) - return filepath.Clean(root + fullP), nil -} - -// SecureJoin is a wrapper around SecureJoinVFS that just uses the os.* library -// of functions as the VFS. If in doubt, use this function over SecureJoinVFS. -func SecureJoin(root, unsafePath string) (string, error) { - return SecureJoinVFS(root, unsafePath, nil) -} diff --git a/v2/vendor/github.com/cyphar/filepath-securejoin/vfs.go b/v2/vendor/github.com/cyphar/filepath-securejoin/vfs.go deleted file mode 100644 index a82a5eae..00000000 --- a/v2/vendor/github.com/cyphar/filepath-securejoin/vfs.go +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright (C) 2017 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import "os" - -// In future this should be moved into a separate package, because now there -// are several projects (umoci and go-mtree) that are using this sort of -// interface. - -// VFS is the minimal interface necessary to use SecureJoinVFS. A nil VFS is -// equivalent to using the standard os.* family of functions. This is mainly -// used for the purposes of mock testing, but also can be used to otherwise use -// SecureJoin with VFS-like system. -type VFS interface { - // Lstat returns a FileInfo describing the named file. If the file is a - // symbolic link, the returned FileInfo describes the symbolic link. Lstat - // makes no attempt to follow the link. These semantics are identical to - // os.Lstat. - Lstat(name string) (os.FileInfo, error) - - // Readlink returns the destination of the named symbolic link. These - // semantics are identical to os.Readlink. - Readlink(name string) (string, error) -} - -// osVFS is the "nil" VFS, in that it just passes everything through to the os -// module. -type osVFS struct{} - -// Lstat returns a FileInfo describing the named file. If the file is a -// symbolic link, the returned FileInfo describes the symbolic link. Lstat -// makes no attempt to follow the link. These semantics are identical to -// os.Lstat. -func (o osVFS) Lstat(name string) (os.FileInfo, error) { return os.Lstat(name) } - -// Readlink returns the destination of the named symbolic link. These -// semantics are identical to os.Readlink. -func (o osVFS) Readlink(name string) (string, error) { return os.Readlink(name) } diff --git a/v2/vendor/modules.txt b/v2/vendor/modules.txt index 1fc88aa6..aeda27f3 100644 --- a/v2/vendor/modules.txt +++ b/v2/vendor/modules.txt @@ -1,7 +1,7 @@ -# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 -## explicit; go 1.18 +# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 +## explicit; go 1.20 github.com/AdaLogics/go-fuzz-headers -# github.com/containerd/containerd v1.7.2 +# github.com/containerd/containerd v1.7.4 ## explicit; go 1.19 github.com/containerd/containerd/archive/compression github.com/containerd/containerd/content @@ -25,10 +25,7 @@ github.com/containerd/containerd/version # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.2.3 -## explicit; go 1.13 -github.com/cyphar/filepath-securejoin -# github.com/docker/cli v23.0.3+incompatible +# github.com/docker/cli v23.0.6+incompatible ## explicit github.com/docker/cli/cli/config github.com/docker/cli/cli/config/configfile @@ -41,7 +38,7 @@ github.com/docker/distribution/digestset github.com/docker/distribution/manifest github.com/docker/distribution/manifest/manifestlist github.com/docker/distribution/reference -# github.com/docker/docker v23.0.3+incompatible +# github.com/docker/docker v23.0.6+incompatible ## explicit github.com/docker/docker/cli/config github.com/docker/docker/pkg/homedir