Skip to content

Commit

Permalink
tighten up plugin-finding logic
Browse files Browse the repository at this point in the history
Signed-off-by: Casey Callendrello <[email protected]>
  • Loading branch information
squeed committed Jan 20, 2021
1 parent 77cd8fe commit 067eed4
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pkg/invoke/find.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"fmt"
"os"
"path/filepath"
"strings"
)

// FindInPath returns the full path of the plugin by searching in the provided path
Expand All @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
return "", fmt.Errorf("no plugin name provided")
}

if strings.ContainsRune(plugin, os.PathSeparator) {
return "", fmt.Errorf("invalid plugin name: %s", plugin)
}

if len(paths) == 0 {
return "", fmt.Errorf("no paths provided")
}
Expand Down
7 changes: 7 additions & 0 deletions pkg/invoke/find_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,5 +99,12 @@ var _ = Describe("FindInPath", func() {
Expect(err).To(MatchError(fmt.Sprintf("failed to find plugin %q in path %s", pluginName, pathsWithNothing)))
})
})

Context("When the plugin contains a directory separator", func() {
It("returns an error", func() {
_, err := invoke.FindInPath(".."+string(os.PathSeparator)+"pluginName", []string{anotherTempDir})
Expect(err).To(MatchError("invalid plugin name: ../pluginName"))
})
})
})
})

0 comments on commit 067eed4

Please sign in to comment.