mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-24 16:18:42 +00:00
enforce plugin whitelist
This commit is contained in:
parent
eb90ef3ba1
commit
906bbe9cc5
5 changed files with 27 additions and 15 deletions
|
@ -6,6 +6,7 @@ doc/
|
||||||
.dockerignore
|
.dockerignore
|
||||||
.drone.yml
|
.drone.yml
|
||||||
.gitignore
|
.gitignore
|
||||||
|
drone.sqlite
|
||||||
Dockerfile
|
Dockerfile
|
||||||
LICENSE
|
LICENSE
|
||||||
README.md
|
README.md
|
||||||
|
|
|
@ -29,9 +29,9 @@ type Context struct {
|
||||||
func setup(c *Context) error {
|
func setup(c *Context) error {
|
||||||
var err error
|
var err error
|
||||||
var opts = parser.Opts{
|
var opts = parser.Opts{
|
||||||
Network: true,
|
Network: false,
|
||||||
Privileged: true,
|
Privileged: false,
|
||||||
Volumes: true,
|
Volumes: false,
|
||||||
Whitelist: c.Plugins,
|
Whitelist: c.Plugins,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -114,6 +114,8 @@ func RunBuild(c *gin.Context) {
|
||||||
store := ToDatastore(c)
|
store := ToDatastore(c)
|
||||||
queue_ := ToQueue(c)
|
queue_ := ToQueue(c)
|
||||||
repo := ToRepo(c)
|
repo := ToRepo(c)
|
||||||
|
conf := ToSettings(c)
|
||||||
|
|
||||||
num, err := strconv.Atoi(c.Params.ByName("number"))
|
num, err := strconv.Atoi(c.Params.ByName("number"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.Fail(400, err)
|
c.Fail(400, err)
|
||||||
|
@ -185,12 +187,14 @@ func RunBuild(c *gin.Context) {
|
||||||
c.JSON(202, commit)
|
c.JSON(202, commit)
|
||||||
|
|
||||||
queue_.Publish(&queue.Work{
|
queue_.Publish(&queue.Work{
|
||||||
User: user,
|
User: user,
|
||||||
Repo: repo,
|
Repo: repo,
|
||||||
Commit: commit,
|
Commit: commit,
|
||||||
Keys: keys,
|
Keys: keys,
|
||||||
Netrc: netrc,
|
Netrc: netrc,
|
||||||
Yaml: raw,
|
Yaml: raw,
|
||||||
|
Plugins: conf.Plugins,
|
||||||
|
Env: conf.Environment,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ func PostHook(c *gin.Context) {
|
||||||
store := ToDatastore(c)
|
store := ToDatastore(c)
|
||||||
queue_ := ToQueue(c)
|
queue_ := ToQueue(c)
|
||||||
sess := ToSession(c)
|
sess := ToSession(c)
|
||||||
|
conf := ToSettings(c)
|
||||||
|
|
||||||
hook, err := remote.Hook(c.Request)
|
hook, err := remote.Hook(c.Request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -151,11 +152,13 @@ func PostHook(c *gin.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
queue_.Publish(&queue.Work{
|
queue_.Publish(&queue.Work{
|
||||||
User: user,
|
User: user,
|
||||||
Repo: repo,
|
Repo: repo,
|
||||||
Commit: commit,
|
Commit: commit,
|
||||||
Keys: keys,
|
Keys: keys,
|
||||||
Netrc: netrc,
|
Netrc: netrc,
|
||||||
Yaml: raw,
|
Yaml: raw,
|
||||||
|
Plugins: conf.Plugins,
|
||||||
|
Env: conf.Environment,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,6 +77,10 @@ func ParseSingle(raw string, opts *Opts) (*common.Config, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
err = LintPlugins(conf, opts)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
// apply rules / transofms
|
// apply rules / transofms
|
||||||
transformSetup(conf)
|
transformSetup(conf)
|
||||||
transformClone(conf)
|
transformClone(conf)
|
||||||
|
|
Loading…
Reference in a new issue