Skip to content

Commit

Permalink
update: allow to extract directories for asset files
Browse files Browse the repository at this point in the history
Signed-off-by: Lorenzo Susini <[email protected]>
  • Loading branch information
loresuso committed Aug 2, 2023
1 parent 98fca74 commit e971d85
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 8 deletions.
2 changes: 1 addition & 1 deletion cmd/artifact/install/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,7 @@ func (o *artifactInstallOptions) RunArtifactInstall(ctx context.Context, args []
}

// Extract artifact and move it to its destination directory
_, err = utils.ExtractTarGz(f, destDir)
_, err = utils.ExtractTarGz(f, destDir, result.Type)
if err != nil {
return fmt.Errorf("cannot extract %q to %q: %w", result.Filename, destDir, err)
}
Expand Down
2 changes: 1 addition & 1 deletion internal/follower/follower.go
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ func (f *Follower) pull(ctx context.Context) (filePaths []string, res *oci.Regis
}

// Extract artifact and move it to its destination directory
filePaths, err = utils.ExtractTarGz(file, f.tmpDir)
filePaths, err = utils.ExtractTarGz(file, f.tmpDir, res.Type)
if err != nil {
return filePaths, res, fmt.Errorf("unable to extract %q to %q: %w", res.Filename, f.tmpDir, err)
}
Expand Down
29 changes: 23 additions & 6 deletions internal/utils/extract.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,13 @@ import (
"os"
"path/filepath"
"strings"

"github.com/falcosecurity/falcoctl/pkg/oci"
)

// ExtractTarGz extracts a *.tar.gz compressed archive and moves its content to destDir.
// Returns a slice containing the full path of the extracted files.
func ExtractTarGz(gzipStream io.Reader, destDir string) ([]string, error) {
func ExtractTarGz(gzipStream io.Reader, destDir string, artifactType oci.ArtifactType) ([]string, error) {
var files []string

uncompressedStream, err := gzip.NewReader(gzipStream)
Expand All @@ -37,6 +39,7 @@ func ExtractTarGz(gzipStream io.Reader, destDir string) ([]string, error) {

tarReader := tar.NewReader(uncompressedStream)

dirs := 0
for {
header, err := tarReader.Next()

Expand All @@ -48,14 +51,28 @@ func ExtractTarGz(gzipStream io.Reader, destDir string) ([]string, error) {
return nil, err
}

if strings.Contains(header.Name, "..") {
return nil, fmt.Errorf("not allowed relative path in tar archive")
}

switch header.Typeflag {
case tar.TypeDir:
return nil, fmt.Errorf("unexepected dir inside the archive, expected to find only files without any tree structure")
case tar.TypeReg:
if strings.Contains(header.Name, "..") {
return nil, fmt.Errorf("not allowed relative path in tar archive")
if artifactType == oci.Plugin || artifactType == oci.Rulesfile {
return nil, fmt.Errorf("unexepected dir inside the archive, "+
"expected to find only files without any tree structure for %q artifacts", artifactType.String())
} else if artifactType == oci.Asset {
if dirs > 1 {
return nil, fmt.Errorf("malformed tar archive, expected to " +
"find only one directory containing all the assets files, not multiple directories")
}
destDir = filepath.Join(destDir, filepath.Clean(header.Name))
err = os.Mkdir(destDir, header.FileInfo().Mode().Perm())
if err != nil && !errors.Is(err, os.ErrExist) {
return nil, fmt.Errorf("unable to extract dir from the archive: %w", err)
}
dirs++
}

case tar.TypeReg:
f := filepath.Join(destDir, filepath.Clean(header.Name))
outFile, err := os.Create(filepath.Clean(f))
if err != nil {
Expand Down

0 comments on commit e971d85

Please sign in to comment.