From 5f935096688347664c83363ff5f517ec2a5926cd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 5 Jun 2019 18:12:34 +0200 Subject: [PATCH] Fix detection of invalid context files when importing Signed-off-by: Sebastiaan van Stijn --- cli/context/store/store.go | 13 +++++-- cli/context/store/store_test.go | 62 +++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 3 deletions(-) diff --git a/cli/context/store/store.go b/cli/context/store/store.go index 85be802c66..b3cd4c54ed 100644 --- a/cli/context/store/store.go +++ b/cli/context/store/store.go @@ -300,7 +300,7 @@ func importTar(name string, s Writer, reader io.Reader) error { tlsData := ContextTLSData{ Endpoints: map[string]EndpointTLSData{}, } - + var importedMetaFile bool for { hdr, err := tr.Next() if err == io.EOF { @@ -325,6 +325,7 @@ func importTar(name string, s Writer, reader io.Reader) error { if err := s.CreateOrUpdate(meta); err != nil { return err } + importedMetaFile = true } else if strings.HasPrefix(hdr.Name, "tls/") { data, err := ioutil.ReadAll(tr) if err != nil { @@ -335,7 +336,9 @@ func importTar(name string, s Writer, reader io.Reader) error { } } } - + if !importedMetaFile { + return errdefs.InvalidParameter(errors.New("invalid context: no metadata found")) + } return s.ResetTLSMaterial(name, &tlsData) } @@ -352,6 +355,7 @@ func importZip(name string, s Writer, reader io.Reader) error { Endpoints: map[string]EndpointTLSData{}, } + var importedMetaFile bool for _, zf := range zr.File { fi := zf.FileInfo() if fi.IsDir() { @@ -376,6 +380,7 @@ func importZip(name string, s Writer, reader io.Reader) error { if err := s.CreateOrUpdate(meta); err != nil { return err } + importedMetaFile = true } else if strings.HasPrefix(zf.Name, "tls/") { f, err := zf.Open() if err != nil { @@ -392,7 +397,9 @@ func importZip(name string, s Writer, reader io.Reader) error { } } } - + if !importedMetaFile { + return errdefs.InvalidParameter(errors.New("invalid context: no metadata found")) + } return s.ResetTLSMaterial(name, &tlsData) } diff --git a/cli/context/store/store_test.go b/cli/context/store/store_test.go index b1d0fec7fa..dd8586551d 100644 --- a/cli/context/store/store_test.go +++ b/cli/context/store/store_test.go @@ -1,6 +1,7 @@ package store import ( + "archive/tar" "archive/zip" "bufio" "bytes" @@ -144,6 +145,39 @@ func TestDetectImportContentType(t *testing.T) { assert.Assert(t, zipType != ct) } +func TestImportTarInvalid(t *testing.T) { + testDir, err := ioutil.TempDir("", t.Name()) + assert.NilError(t, err) + defer os.RemoveAll(testDir) + + tf := path.Join(testDir, "test.context") + + f, err := os.Create(tf) + defer f.Close() + assert.NilError(t, err) + + tw := tar.NewWriter(f) + hdr := &tar.Header{ + Name: "dummy-file", + Mode: 0600, + Size: int64(len("hello world")), + } + err = tw.WriteHeader(hdr) + assert.NilError(t, err) + _, err = tw.Write([]byte("hello world")) + assert.NilError(t, err) + err = tw.Close() + assert.NilError(t, err) + + source, err := os.Open(tf) + assert.NilError(t, err) + defer source.Close() + var r io.Reader = source + s := New(testDir, testCfg) + err = Import("tarInvalid", s, r) + assert.ErrorContains(t, err, "invalid context: no metadata found") +} + func TestImportZip(t *testing.T) { testDir, err := ioutil.TempDir("", t.Name()) assert.NilError(t, err) @@ -194,3 +228,31 @@ func TestImportZip(t *testing.T) { err = Import("zipTest", s, r) assert.NilError(t, err) } + +func TestImportZipInvalid(t *testing.T) { + testDir, err := ioutil.TempDir("", t.Name()) + assert.NilError(t, err) + defer os.RemoveAll(testDir) + + zf := path.Join(testDir, "test.zip") + + f, err := os.Create(zf) + defer f.Close() + assert.NilError(t, err) + w := zip.NewWriter(f) + + df, err := w.Create("dummy-file") + assert.NilError(t, err) + _, err = df.Write([]byte("hello world")) + assert.NilError(t, err) + err = w.Close() + assert.NilError(t, err) + + source, err := os.Open(zf) + assert.NilError(t, err) + defer source.Close() + var r io.Reader = source + s := New(testDir, testCfg) + err = Import("zipInvalid", s, r) + assert.ErrorContains(t, err, "invalid context: no metadata found") +}