fix: linting

pandatix · pandatix · commit 852672b3243e · 2025-06-13T18:16:46.000+02:00
diff --git a/.golangci.yml b/.golangci.yml
@@ -7,6 +7,7 @@ linters:
     - gosec
     - govet
     - ineffassign
+    - lll
     - misspell
     - revive
     - staticcheck
@@ -15,12 +16,7 @@ linters:
   settings:
     gosec:
       excludes:
-        - G107
-        - G110
         - G204
-        - G305
-        - G401
-        - G501
   exclusions:
     generated: lax
     presets:
diff --git a/environment/deploy/integration/coverout_test.go b/environment/deploy/integration/coverout_test.go
@@ -32,8 +32,9 @@ func Test_I_Coverout(t *testing.T) {
 		},
 		ExtraRuntimeValidation: func(t *testing.T, stack integration.RuntimeValidationStackInfo) {
 			// Issue API call
-			server := fmt.Sprintf("http://%s:%0.f/api/v1/coverout", os.Getenv("SERVER"), stack.Outputs["port"])
-			res, err := http.Get(server)
+			server := fmt.Sprintf("%s:%0.f", os.Getenv("SERVER"), stack.Outputs["port"])
+			req, _ := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/coverout", server), nil)
+			res, err := http.DefaultClient.Do(req)
 			require.NoError(t, err)
 			defer func() {
 				_ = res.Body.Close()
diff --git a/environment/deploy/integration/main_test.go b/environment/deploy/integration/main_test.go
@@ -13,6 +13,7 @@ var (
 func TestMain(m *testing.M) {
 	server, ok := os.LookupEnv("SERVER")
 	if !ok {
+		//nolint:lll // the error message is not maintained
 		fmt.Println("Environment variable SERVER is not set, please indicate the domain name/IP address to reach out the cluster.")
 	}
 	Server = server
diff --git a/environment/deploy/parts/romeo.go b/environment/deploy/parts/romeo.go
@@ -73,7 +73,12 @@ const (
 // NewRomeoEnvironment deploys a Romeo instance on Kubernetes.
 // The Romeo variable could be reused as a Pulumi ressource i.e. could
 // be a dependency, consumes inputs and produces outputs, etc.
-func NewRomeoEnvironment(ctx *pulumi.Context, name string, args *RomeoEnvironmentArgs, opts ...pulumi.ResourceOption) (*RomeoEnvironment, error) {
+func NewRomeoEnvironment(
+	ctx *pulumi.Context,
+	name string,
+	args *RomeoEnvironmentArgs,
+	opts ...pulumi.ResourceOption,
+) (*RomeoEnvironment, error) {
 	renv := &RomeoEnvironment{}
 
 	args = renv.defaults(args)
@@ -158,7 +163,12 @@ func (renv *RomeoEnvironment) defaults(args *RomeoEnvironmentArgs) *RomeoEnviron
 	return args
 }
 
-func (renv *RomeoEnvironment) provision(ctx *pulumi.Context, name string, args *RomeoEnvironmentArgs, opts ...pulumi.ResourceOption) (err error) {
+func (renv *RomeoEnvironment) provision(
+	ctx *pulumi.Context,
+	name string,
+	args *RomeoEnvironmentArgs,
+	opts ...pulumi.ResourceOption,
+) (err error) {
 	// Generate unique (random enough) PVC name
 	renv.randName, err = random.NewRandomString(ctx, "romeo-name-"+name, &random.RandomStringArgs{
 		Length:  pulumi.Int(8),
diff --git a/install/deploy/parts/romeo.go b/install/deploy/parts/romeo.go
@@ -53,7 +53,12 @@ type (
 // NewRomeoInstall deploys resources on on Kubernetes for Romeo environments.
 // The RomeoInstall variable could be reused as a Pulumi ressource i.e. could
 // be a dependency, consumes inputs and produces outputs, etc.
-func NewRomeoInstall(ctx *pulumi.Context, name string, args *RomeoInstallArgs, opts ...pulumi.ResourceOption) (*RomeoInstall, error) {
+func NewRomeoInstall(
+	ctx *pulumi.Context,
+	name string,
+	args *RomeoInstallArgs,
+	opts ...pulumi.ResourceOption,
+) (*RomeoInstall, error) {
 	if args == nil {
 		return nil, errors.New("romeo install does not support default arguments")
 	}
@@ -74,7 +79,11 @@ func NewRomeoInstall(ctx *pulumi.Context, name string, args *RomeoInstallArgs, o
 	return rist, nil
 }
 
-func (rist *RomeoInstall) provision(ctx *pulumi.Context, args *RomeoInstallArgs, opts ...pulumi.ResourceOption) (err error) {
+func (rist *RomeoInstall) provision(
+	ctx *pulumi.Context,
+	args *RomeoInstallArgs,
+	opts ...pulumi.ResourceOption,
+) (err error) {
 	// Deploy Kubernetes resources
 
 	// => Namespace (deploy one if none specified)
diff --git a/webserver/api/v1/decoder.go b/webserver/api/v1/decoder.go
@@ -0,0 +1,143 @@
+package apiv1
+
+import (
+	"archive/zip"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+const (
+	blockSize = 1 << 13 // arbitrary
+)
+
+// Decompressor handle the load of
+type Decompressor struct {
+	*Options
+}
+
+type Options struct {
+	MaxSize int64
+
+	currSize int64
+}
+
+// NewDecompressor constructs a fresh Decompressor.
+func NewDecompressor(opts *Options) *Decompressor {
+	if opts == nil {
+		opts = &Options{}
+	}
+	return &Decompressor{
+		Options: opts,
+	}
+}
+
+// Unzip extracts the content of the zip reader into cd.
+// It returns the directory it extracted into for Pulumi to use,
+// or an error if anything unexpected happens.
+func (dec *Decompressor) Unzip(r *zip.Reader, cd string) (string, error) {
+	outDir := ""
+	for _, f := range r.File {
+		if f.FileInfo().IsDir() {
+			continue
+		}
+		filePath, err := sanitizeArchivePath(cd, f.Name)
+		if err != nil {
+			return cd, err
+		}
+
+		// Save output directory i.e. the directory containing the Pulumi.yaml file,
+		// the scenario entrypoint.
+		base := filepath.Base(filePath)
+		if base == "Pulumi.yaml" || base == "Pulumi.yml" {
+			if outDir != "" {
+				return cd, errors.New("archive contain multiple Pulumi yaml/yml file, can't easily determine entrypoint")
+			}
+			outDir = filepath.Dir(filePath)
+		}
+
+		// If the file is in a sub-directory, create it
+		dir := filepath.Dir(filePath)
+		if _, err := os.Stat(dir); err != nil {
+			if err := os.MkdirAll(dir, os.ModePerm); err != nil {
+				return cd, err
+			}
+		}
+
+		// Create and write the file
+		if err := dec.copyTo(f, filePath); err != nil {
+			return cd, err
+		}
+	}
+
+	return outDir, nil
+}
+
+func sanitizeArchivePath(d, t string) (v string, err error) {
+	v = filepath.Join(d, t)
+	if strings.HasPrefix(v, filepath.Clean(d)) {
+		return v, nil
+	}
+	return "", &ErrPathTainted{
+		Path: t,
+	}
+}
+
+func (dec *Decompressor) copyTo(f *zip.File, filePath string) error {
+	outFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE, f.Mode())
+	if err != nil {
+		return err
+	}
+	defer outFile.Close()
+
+	rc, err := f.Open()
+	if err != nil {
+		return err
+	}
+	defer rc.Close()
+
+	for {
+		n, err := io.CopyN(outFile, rc, blockSize)
+		if err != nil {
+			if err == io.EOF {
+				return nil
+			}
+			return err
+		}
+		dec.currSize += n
+
+		if dec.MaxSize > 0 && dec.currSize > dec.MaxSize {
+			return ErrTooLargeContent{
+				MaxSize: dec.MaxSize,
+			}
+		}
+	}
+}
+
+// ErrPathTainted is returned when a potential zip slip is detected
+// through an unzip.
+type ErrPathTainted struct {
+	Path string
+}
+
+func (err ErrPathTainted) Error() string {
+	return fmt.Sprintf("filepath is tainted: %s", err.Path)
+}
+
+var _ error = (*ErrPathTainted)(nil)
+
+// ErrTooLargeContent is returned when a too large zip is processed
+// (e.g. a zip bomb).
+type ErrTooLargeContent struct {
+	MaxSize int64
+}
+
+func (err ErrTooLargeContent) Error() string {
+	return fmt.Sprintf("too large archive content, maximum is %d", err.MaxSize)
+}
+
+var _ error = (*ErrTooLargeContent)(nil)
diff --git a/webserver/api/v1/encoding.go b/webserver/api/v1/encoding.go
@@ -12,6 +12,10 @@ import (
 	"github.com/pkg/errors"
 )
 
+const (
+	maxSize = 1 << 30 // 1Gb
+)
+
 // Encode consumes a source  directory, zip its content and encoded
 // base 64.
 func Encode(src string) (string, error) {
@@ -66,53 +70,15 @@ func Decode(buf string, dst string) error {
 		return errors.Wrap(err, "base64 decoding")
 	}
 
-	// Unzip content into it
+	// Safely decompress the archive (borrowed from Chall-Manager)
 	r, err := zip.NewReader(bytes.NewReader(raw), int64(len(raw)))
 	if err != nil {
 		return errors.Wrap(err, "base64 decoded invalid zip archive")
 	}
-	for _, f := range r.File {
-		filePath := filepath.Join(dst, f.Name)
-		if f.FileInfo().IsDir() {
-			continue
-		}
-
-		// If the file is in a sub-directory, create it
-		dir := filepath.Dir(filePath)
-		if _, err := os.Stat(dir); err != nil {
-			if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-				return err
-			}
-		}
-
-		// Create and write the file
-		if err := copyTo(filePath, f); err != nil {
-			return err
-		}
-	}
 
-	return nil
-}
-
-func copyTo(filePath string, f *zip.File) error {
-	outFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE, 0777)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = outFile.Close()
-	}()
-
-	rc, err := f.Open()
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = rc.Close()
-	}()
-
-	if _, err := io.Copy(outFile, rc); err != nil {
-		return err
-	}
-	return nil
+	dec := NewDecompressor(&Options{
+		MaxSize: maxSize,
+	})
+	_, err = dec.Unzip(r, dst)
+	return err
 }

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ var (`
`13`	`13`	`func TestMain(m *testing.M) {`
`14`	`14`	`server, ok := os.LookupEnv("SERVER")`
`15`	`15`	`if !ok {`
	`16`	`+ //nolint:lll // the error message is not maintained`
`16`	`17`	`fmt.Println("Environment variable SERVER is not set, please indicate the domain name/IP address to reach out the cluster.")`
`17`	`18`	`}`
`18`	`19`	`Server = server`