You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I suggest refactoring the FindImages function to avoid changing the process's working directory. By constructing and using absolute paths directly, we can enhance the robustness and predictability of our file operations. This approach also helps avoid unintended side effects on the application's global state, which is particularly beneficial in a multi-threaded environment. Here's a proposed change:
// FindImages iterates over a Zarf.yaml and attempts to parse any images.func (p*Packager) FindImages() (imgMapmap[string][]string, errerror) {
// Validate BaseDir before proceedingiferr:=validateBaseDir(p.cfg.CreateOpts.BaseDir); err!=nil {
returnnil, err
}
// Construct the absolute path to the Zarf.yaml filezarfYAMLPath:=filepath.Join(p.cfg.CreateOpts.BaseDir, layout.ZarfYAML)
// Use the absolute path to read the Zarf.yaml fileiferr=p.readZarfYAML(zarfYAMLPath); err!=nil {
returnnil, fmt.Errorf("unable to read the zarf.yaml file at '%s': %w", zarfYAMLPath, err)
}
// Ensure that p.findImages() and any functions it calls are modified to work with absolute pathsreturnp.findImages()
}
// validateBaseDir validates the BaseDir path for security and correctness.funcvalidateBaseDir(baseDirstring) error {
// Ensure the path is absoluteif!filepath.IsAbs(baseDir) {
returnfmt.Errorf("BaseDir must be an absolute path")
}
// Canonicalize the pathcleanPath:=filepath.Clean(baseDir)
// Check for existence and directory typeinfo, err:=os.Stat(cleanPath)
iferr!=nil {
returnfmt.Errorf("BaseDir does not exist: %w", err)
}
if!info.IsDir() {
returnfmt.Errorf("BaseDir is not a directory")
}
// Optionally, check for read/write permissions as neededreturnnil
}
On the flip side, if all those security checks aren't required, here is a simple one.
// FindImages iterates over a Zarf.yaml and attempts to parse any images.func (p*Packager) FindImages() (imgMapmap[string][]string, errerror) {
// Construct the absolute path to the Zarf.yaml filezarfYAMLPath:=filepath.Join(p.cfg.CreateOpts.BaseDir, layout.ZarfYAML)
// Use the absolute path to read the Zarf.yaml fileiferr=p.readZarfYAML(zarfYAMLPath); err!=nil {
returnnil, fmt.Errorf("unable to read the zarf.yaml file at '%s': %w", zarfYAMLPath, err)
}
// Ensure that p.findImages() and any functions it calls are modified to work with absolute pathsreturnp.findImages()
}
The text was updated successfully, but these errors were encountered:
andrewg-xyz
changed the title
Refactor the FindImages function to avoid changing the process's working directory. By constructing and using absolute paths directly, we can enhance the robustness and predictability of our file operations. This approach also helps avoid unintended side effects on the application's global state, which is particularly beneficial in a multi-threaded environment. Here's a proposed change:
Refactor the FindImages function to avoid changing the process's working directory
Feb 27, 2024
Hey @andrewg-xyz - thank you for bringing this up. At this time this isn't a priority for the Zarf team so we will be closing this out. If you start to experience problems with this area of Zarf, please let us know. :)
I suggest refactoring the FindImages function to avoid changing the process's working directory. By constructing and using absolute paths directly, we can enhance the robustness and predictability of our file operations. This approach also helps avoid unintended side effects on the application's global state, which is particularly beneficial in a multi-threaded environment. Here's a proposed change:
On the flip side, if all those security checks aren't required, here is a simple one.
not compiled or tested
Originally posted by @naveensrinivasan in #2269 (comment)
The text was updated successfully, but these errors were encountered: