enforce plugin whitelist

This commit is contained in:
Brad Rydzewski 2015-06-07 17:04:57 -07:00
parent eb90ef3ba1
commit 906bbe9cc5
5 changed files with 27 additions and 15 deletions

View file

@ -6,6 +6,7 @@ doc/
.dockerignore
.drone.yml
.gitignore
drone.sqlite
Dockerfile
LICENSE
README.md

View file

@ -29,9 +29,9 @@ type Context struct {
func setup(c *Context) error {
var err error
var opts = parser.Opts{
Network: true,
Privileged: true,
Volumes: true,
Network: false,
Privileged: false,
Volumes: false,
Whitelist: c.Plugins,
}

View file

@ -114,6 +114,8 @@ func RunBuild(c *gin.Context) {
store := ToDatastore(c)
queue_ := ToQueue(c)
repo := ToRepo(c)
conf := ToSettings(c)
num, err := strconv.Atoi(c.Params.ByName("number"))
if err != nil {
c.Fail(400, err)
@ -185,12 +187,14 @@ func RunBuild(c *gin.Context) {
c.JSON(202, commit)
queue_.Publish(&queue.Work{
User: user,
Repo: repo,
Commit: commit,
Keys: keys,
Netrc: netrc,
Yaml: raw,
User: user,
Repo: repo,
Commit: commit,
Keys: keys,
Netrc: netrc,
Yaml: raw,
Plugins: conf.Plugins,
Env: conf.Environment,
})
}

View file

@ -22,6 +22,7 @@ func PostHook(c *gin.Context) {
store := ToDatastore(c)
queue_ := ToQueue(c)
sess := ToSession(c)
conf := ToSettings(c)
hook, err := remote.Hook(c.Request)
if err != nil {
@ -151,11 +152,13 @@ func PostHook(c *gin.Context) {
}
queue_.Publish(&queue.Work{
User: user,
Repo: repo,
Commit: commit,
Keys: keys,
Netrc: netrc,
Yaml: raw,
User: user,
Repo: repo,
Commit: commit,
Keys: keys,
Netrc: netrc,
Yaml: raw,
Plugins: conf.Plugins,
Env: conf.Environment,
})
}

View file

@ -77,6 +77,10 @@ func ParseSingle(raw string, opts *Opts) (*common.Config, error) {
if err != nil {
return nil, err
}
err = LintPlugins(conf, opts)
if err != nil {
return nil, err
}
// apply rules / transofms
transformSetup(conf)
transformClone(conf)