Skip to content

feat: check the contents of zip or tar.gz packages against allow lists COMPASS-8743 #6679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Feb 19, 2025
Merged

feat: check the contents of zip or tar.gz packages against allow lists COMPASS-8743 #6679

merged 22 commits into from
Feb 19, 2025

Conversation

@lerouxb
Copy link
Contributor

@lerouxb lerouxb commented Feb 5, 2025
edited
Loading

For each platform, check a .zip or .tar.gz package's contents against a minimatch pattern list.

@github-actions github-actions bot added the feat label Feb 5, 2025
@lerouxb lerouxb added the no release notes Fix or feature not for release notes label Feb 5, 2025
@lerouxb lerouxb changed the title feat: check the contents of zip or tar.gz packages against allow lists feat: check the contents of zip or tar.gz packages against allow lists COMPASS-8743 Feb 5, 2025
@lerouxb lerouxb force-pushed the package-allow-lists branch 2 times, most recently from c4801f8 to 1360e6a Compare February 5, 2025 13:36
@lerouxb lerouxb force-pushed the package-allow-lists branch from 1360e6a to 4bdb8c9 Compare February 5, 2025 13:51
@lerouxb lerouxb force-pushed the package-allow-lists branch from 49c5f2a to e385a2e Compare February 6, 2025 16:30
@lerouxb lerouxb force-pushed the package-allow-lists branch from 6e34ecb to 1744adf Compare February 7, 2025 09:39
@lerouxb lerouxb marked this pull request as ready for review February 7, 2025 09:43
@lerouxb lerouxb force-pushed the package-allow-lists branch from df7164f to cdbccfe Compare February 7, 2025 11:01
@lerouxb lerouxb requested a review from kraenhansen February 10, 2025 11:47
gribnoysup
gribnoysup approved these changes Feb 18, 2025
View reviewed changes
packages/compass/scripts/patterns/linux_tar-patterns.json Outdated
"APP-SUFFIX/resources/app.asar",
"APP-SUFFIX/resources/app.asar.fully-unpacked",
"APP-SUFFIX/resources/app.asar.fully-unpacked/build",
"APP-SUFFIX/resources/app.asar.fully-unpacked/build/**/*",
Copy link
Collaborator

@gribnoysup gribnoysup Feb 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't have a strong preference, not sure if it's needed, but maybe we want to limit it to some known extensions to make sure nothing that we don't expect to bundle got in the build dir by webpack accidentally copying it over

Copy link
Contributor Author

@lerouxb lerouxb Feb 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense. I tightened up the patterns.

@lerouxb lerouxb merged commit 2b27480 into main Feb 19, 2025
6 of 7 checks passed
@lerouxb lerouxb deleted the package-allow-lists branch February 19, 2025 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gribnoysup gribnoysup gribnoysup approved these changes

@kraenhansen kraenhansen Awaiting requested review from kraenhansen

Assignees

No one assigned

Labels

feat no release notes Fix or feature not for release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lerouxb @gribnoysup