docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-07-24 12:18:06 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

bake: fix potential context entitlements escape

Browse Source 
Signed-off-by: Justin Chadwell <me@jedevc.com>
This commit is contained in:
Justin Chadwell
2023-06-06 16:40:18 +02:00
parent c820350b5e
commit d34103b0d9
3 changed files with 110 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bake/bake.go
View File

@@ -1012,7 +1012,8 @@ func checkPath(p string) error {
if err != nil {
return err
}
if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
parts := strings.Split(rel, string(os.PathSeparator))
if parts[0] == ".." {
return errors.Errorf("path %s is outside of the working directory, please set BAKE_ALLOW_REMOTE_FS_ACCESS=1", p)
}
return nil