From 7189d1390ec1bc4c100d2df4e31475938ed9d493 Mon Sep 17 00:00:00 2001
From: Don Olmstead <don.j.olmstead@gmail.com>
Date: Fri, 7 Aug 2015 15:21:39 -0700
Subject: [PATCH] Adding linting rules for cache value

---
 pkg/yaml/lint.go      | 17 +++++++++++++++++
 pkg/yaml/lint_test.go | 26 ++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/pkg/yaml/lint.go b/pkg/yaml/lint.go
index 07b779365..26c741410 100644
--- a/pkg/yaml/lint.go
+++ b/pkg/yaml/lint.go
@@ -22,6 +22,7 @@ var lintRules = [...]lintRule{
 	expectTrustedPublish,
 	expectTrustedDeploy,
 	expectTrustedNotify,
+	expectCacheInWorkspace,
 }
 
 // Lint runs all lint rules against the Yaml Config.
@@ -105,6 +106,22 @@ func expectTrustedNotify(c *common.Config) error {
 	return nil
 }
 
+// lint rule that fails if the cache directories are not contained
+// in the workspace.
+func expectCacheInWorkspace(c *common.Config) error {
+	for _, step := range c.Build.Cache {
+		cleaned := filepath.Clean(step)
+
+		if strings.Index(cleaned, "../") != -1 {
+			return fmt.Errorf("Cache must point to a path in the workspace")
+		} else if cleaned == "." {
+			return fmt.Errorf("Cannot cache the workspace")
+		}
+	}
+
+	return nil
+}
+
 func LintPlugins(c *common.Config, opts *Opts) error {
 	if len(opts.Whitelist) == 0 {
 		return nil
diff --git a/pkg/yaml/lint_test.go b/pkg/yaml/lint_test.go
index 3afde444f..0d8fd9e3e 100644
--- a/pkg/yaml/lint_test.go
+++ b/pkg/yaml/lint_test.go
@@ -88,6 +88,32 @@ func Test_Linter(t *testing.T) {
 			g.Assert(Lint(c) == nil).IsTrue()
 		})
 
+		g.It("Should pass with path inside workspace", func() {
+			c := &common.Config{
+				Build: &common.Step{
+					Cache: []string{".git","/.git","/.git/../.git/../.git"},
+				},
+			}
+			g.Assert(expectCacheInWorkspace(c) == nil).IsTrue()
+		})
+
+		g.It("Should fail with path outside workspace", func() {
+			c := &common.Config{
+				Build: &common.Step{
+					Cache: []string{".git","/.git","../../.git"},
+				},
+			}
+			g.Assert(expectCacheInWorkspace(c) != nil).IsTrue()
+		})
+
+		g.It("Should fail when caching workspace directory", func() {
+			c := &common.Config{
+				Build: &common.Step{
+					Cache: []string{".git",".git/../"},
+				},
+			}
+			g.Assert(expectCacheInWorkspace(c) != nil).IsTrue()
+		})		
 	})
 }