mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-23 00:46:30 +00:00
enforce plugin whitelist
This commit is contained in:
parent
eb90ef3ba1
commit
906bbe9cc5
5 changed files with 27 additions and 15 deletions
|
@ -6,6 +6,7 @@ doc/
|
|||
.dockerignore
|
||||
.drone.yml
|
||||
.gitignore
|
||||
drone.sqlite
|
||||
Dockerfile
|
||||
LICENSE
|
||||
README.md
|
||||
|
|
|
@ -29,9 +29,9 @@ type Context struct {
|
|||
func setup(c *Context) error {
|
||||
var err error
|
||||
var opts = parser.Opts{
|
||||
Network: true,
|
||||
Privileged: true,
|
||||
Volumes: true,
|
||||
Network: false,
|
||||
Privileged: false,
|
||||
Volumes: false,
|
||||
Whitelist: c.Plugins,
|
||||
}
|
||||
|
||||
|
|
|
@ -114,6 +114,8 @@ func RunBuild(c *gin.Context) {
|
|||
store := ToDatastore(c)
|
||||
queue_ := ToQueue(c)
|
||||
repo := ToRepo(c)
|
||||
conf := ToSettings(c)
|
||||
|
||||
num, err := strconv.Atoi(c.Params.ByName("number"))
|
||||
if err != nil {
|
||||
c.Fail(400, err)
|
||||
|
@ -185,12 +187,14 @@ func RunBuild(c *gin.Context) {
|
|||
c.JSON(202, commit)
|
||||
|
||||
queue_.Publish(&queue.Work{
|
||||
User: user,
|
||||
Repo: repo,
|
||||
Commit: commit,
|
||||
Keys: keys,
|
||||
Netrc: netrc,
|
||||
Yaml: raw,
|
||||
User: user,
|
||||
Repo: repo,
|
||||
Commit: commit,
|
||||
Keys: keys,
|
||||
Netrc: netrc,
|
||||
Yaml: raw,
|
||||
Plugins: conf.Plugins,
|
||||
Env: conf.Environment,
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@ func PostHook(c *gin.Context) {
|
|||
store := ToDatastore(c)
|
||||
queue_ := ToQueue(c)
|
||||
sess := ToSession(c)
|
||||
conf := ToSettings(c)
|
||||
|
||||
hook, err := remote.Hook(c.Request)
|
||||
if err != nil {
|
||||
|
@ -151,11 +152,13 @@ func PostHook(c *gin.Context) {
|
|||
}
|
||||
|
||||
queue_.Publish(&queue.Work{
|
||||
User: user,
|
||||
Repo: repo,
|
||||
Commit: commit,
|
||||
Keys: keys,
|
||||
Netrc: netrc,
|
||||
Yaml: raw,
|
||||
User: user,
|
||||
Repo: repo,
|
||||
Commit: commit,
|
||||
Keys: keys,
|
||||
Netrc: netrc,
|
||||
Yaml: raw,
|
||||
Plugins: conf.Plugins,
|
||||
Env: conf.Environment,
|
||||
})
|
||||
}
|
||||
|
|
|
@ -77,6 +77,10 @@ func ParseSingle(raw string, opts *Opts) (*common.Config, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = LintPlugins(conf, opts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// apply rules / transofms
|
||||
transformSetup(conf)
|
||||
transformClone(conf)
|
||||
|
|
Loading…
Reference in a new issue