Don't inject DOCKER_HOST proxy address into Docker containers

pimterry · pimterry · commit 84c2424fd362 · 2022-07-07T20:04:08.000+02:00
This could work in theory. We'd have to inject the variable along with
mounting the socket itself though. We'd only want to do that in cases
where we were sure that the socket was already being mounted (or its a
big security risk), and that's a) hard to detect and b) extra hard to
redirect. Doable, probably, but not worth it for now.

It's also possible that some DinD setups might work regardless. If they
check DOCKER_HOST to find the path to the socket, they'll end up
mounting our intercepted socket correctly all by themselves.
diff --git a/src/interceptors/docker/docker-build-injection.ts b/src/interceptors/docker/docker-build-injection.ts
@@ -39,18 +39,24 @@ export function injectIntoBuildStream(
 
     let commandsAddedToDockerfile = getDeferred<number>();
 
+    const envVars = getTerminalEnvVars(
+        config.proxyPort,
+        { certPath: HTTP_TOOLKIT_INJECTED_CA_PATH },
+        'posix-runtime-inherit', // Dockerfile commands can reference vars directly
+        {
+            httpToolkitIp: DOCKER_HOST_HOSTNAME,
+            overridePath: HTTP_TOOLKIT_INJECTED_OVERRIDES_PATH,
+            targetPlatform: 'linux'
+        }
+    );
+
+    // For now, we don't inject DOCKER_HOST into the container, so we don't try to intercept DinD. It
+    // should be doable in theory, but it seems complicated and of limited value.
+    delete envVars['DOCKER_HOST'];
+
     const dockerfileConfig = {
         ...config,
-        envVars: getTerminalEnvVars(
-            config.proxyPort,
-            { certPath: HTTP_TOOLKIT_INJECTED_CA_PATH },
-            'posix-runtime-inherit', // Dockerfile commands can reference vars directly
-            {
-                httpToolkitIp: DOCKER_HOST_HOSTNAME,
-                overridePath: HTTP_TOOLKIT_INJECTED_OVERRIDES_PATH,
-                targetPlatform: 'linux'
-            }
-        )
+        envVars
     };
 
     extractionStream.on('entry', async (headers, entryStream, next) => {
diff --git a/src/interceptors/docker/docker-commands.ts b/src/interceptors/docker/docker-commands.ts
@@ -129,6 +129,21 @@ export function transformContainerCreationConfig(
         }
     };
 
+    const envVarsToInject = getTerminalEnvVars(
+        proxyPort,
+        { certPath: HTTP_TOOLKIT_INJECTED_CA_PATH },
+        envArrayToObject(currentConfig.Env),
+        {
+            httpToolkitIp: DOCKER_HOST_HOSTNAME,
+            overridePath: HTTP_TOOLKIT_INJECTED_OVERRIDES_PATH,
+            targetPlatform: 'linux'
+        }
+    );
+
+    // For now, we don't inject DOCKER_HOST into the container, so we don't try to intercept DinD. It
+    // should be doable in theory, but it seems complicated and of limited value.
+    delete envVarsToInject['DOCKER_HOST'];
+
     const hostConfig: Docker.HostConfig = {
         ...currentConfig.HostConfig,
         // To intercept without modifying the container, we bind mount our overrides and certificate
@@ -165,18 +180,7 @@ export function transformContainerCreationConfig(
         HostConfig: hostConfig,
         Env: [
             ...(currentConfig.Env ?? []),
-            ...envObjectToArray(
-                getTerminalEnvVars(
-                    proxyPort,
-                    { certPath: HTTP_TOOLKIT_INJECTED_CA_PATH },
-                    envArrayToObject(currentConfig.Env),
-                    {
-                        httpToolkitIp: DOCKER_HOST_HOSTNAME,
-                        overridePath: HTTP_TOOLKIT_INJECTED_OVERRIDES_PATH,
-                        targetPlatform: 'linux'
-                    }
-                )
-            )
+            ...envObjectToArray(envVarsToInject)
         ],
         Labels: {
             ...transformComposeCreationLabels(proxyPort, currentConfig.Labels),
