Skip to content

Commit

Permalink
replace tar (cli) with code-only packing
Browse files Browse the repository at this point in the history
Signed-off-by: Alexandr Stefurishin <[email protected]>
  • Loading branch information
Alexandr Stefurishin committed Dec 12, 2024
1 parent 49ec91f commit 0805083
Show file tree
Hide file tree
Showing 9 changed files with 705 additions and 4 deletions.
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ require (
go.uber.org/zap v1.19.0 // indirect
golang.org/x/crypto v0.30.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/mod v0.22.0
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.28.0 // indirect
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -451,6 +451,8 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
Expand Down
10 changes: 6 additions & 4 deletions pkg/nfs/controllerserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -404,10 +404,11 @@ func (cs *ControllerServer) CreateSnapshot(ctx context.Context, req *csi.CreateS

srcPath := getInternalVolumePath(cs.Driver.workingMountDir, srcVol)
dstPath := filepath.Join(snapInternalVolPath, snapshot.archiveName())

klog.V(2).Infof("tar %v -> %v", srcPath, dstPath)
out, err := exec.Command("tar", "-C", srcPath, "-czvf", dstPath, ".").CombinedOutput()
err = TarPack(srcPath, dstPath, true)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to create archive for snapshot: %v: %v", err, string(out))
return nil, status.Errorf(codes.Internal, "failed to create archive for snapshot: %v", err)
}
klog.V(2).Infof("tar %s -> %s complete", srcPath, dstPath)

Expand Down Expand Up @@ -571,9 +572,10 @@ func (cs *ControllerServer) copyFromSnapshot(ctx context.Context, req *csi.Creat
snapPath := filepath.Join(getInternalVolumePath(cs.Driver.workingMountDir, snapVol), snap.archiveName())
dstPath := getInternalVolumePath(cs.Driver.workingMountDir, dstVol)
klog.V(2).Infof("copy volume from snapshot %v -> %v", snapPath, dstPath)
out, err := exec.Command("tar", "-xzvf", snapPath, "-C", dstPath).CombinedOutput()

err = TarUnpack(snapPath, dstPath, true)
if err != nil {
return status.Errorf(codes.Internal, "failed to copy volume for snapshot: %v: %v", err, string(out))
return status.Errorf(codes.Internal, "failed to copy volume for snapshot: %v", err)
}
klog.V(2).Infof("volume copied from snapshot %v -> %v", snapPath, dstPath)
return nil
Expand Down
241 changes: 241 additions & 0 deletions pkg/nfs/tar.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
/*
Copyright 2024 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package nfs

import (
"archive/tar"
"compress/gzip"
"errors"
"fmt"
"io"
"io/fs"
"os"
"path"
"path/filepath"
"strings"
)

func TarPack(srcDirPath string, dstPath string, enableCompression bool) error {
// normalize all paths to be absolute and clean
dstPath, err := filepath.Abs(dstPath)
if err != nil {
return fmt.Errorf("normalizing destination path: %w", err)
}

srcDirPath, err = filepath.Abs(srcDirPath)
if err != nil {
return fmt.Errorf("normalizing source path: %w", err)
}

if strings.Index(path.Dir(dstPath), srcDirPath) == 0 {
return fmt.Errorf("destination file %s cannot be under source directory %s", dstPath, srcDirPath)
}

tarFile, err := os.Create(dstPath)
if err != nil {
return fmt.Errorf("creating destination file: %w", err)
}
defer func() {
err = errors.Join(err, closeAndWrapErr(tarFile, "closing destination file %s: %w", dstPath))
}()

var tarDst io.Writer = tarFile
if enableCompression {
gzipWriter := gzip.NewWriter(tarFile)
defer func() {
err = errors.Join(err, closeAndWrapErr(gzipWriter, "closing gzip writer"))
}()
tarDst = gzipWriter
}

tarWriter := tar.NewWriter(tarDst)
defer func() {
err = errors.Join(err, closeAndWrapErr(tarWriter, "closing tar writer"))
}()

// recursively visit every file and write it
if err = filepath.Walk(
srcDirPath,
func(srcSubPath string, fileInfo fs.FileInfo, walkErr error) error {
return tarVisitFileToPack(tarWriter, srcDirPath, srcSubPath, fileInfo, walkErr)
},
); err != nil {
return fmt.Errorf("walking source directory: %w", err)
}

return nil
}

func tarVisitFileToPack(
tarWriter *tar.Writer,
srcPath string,
srcSubPath string,
fileInfo os.FileInfo,
walkErr error,
) (err error) {
if walkErr != nil {
return walkErr
}

linkTarget := ""
if fileInfo.Mode()&fs.ModeSymlink != 0 {
linkTarget, err = os.Readlink(srcSubPath)
if err != nil {
return fmt.Errorf("reading link %s: %w", srcSubPath, err)
}
}

tarHeader, err := tar.FileInfoHeader(fileInfo, linkTarget)
if err != nil {
return fmt.Errorf("creating tar header for %s: %w", srcSubPath, err)
}

// srcSubPath always starts with srcPath and both are absolute
tarHeader.Name, err = filepath.Rel(srcPath, srcSubPath)
if err != nil {
return fmt.Errorf("making tar header name for file %s: %w", srcSubPath, err)
}

if err = tarWriter.WriteHeader(tarHeader); err != nil {
return fmt.Errorf("writing tar header for file %s: %w", srcSubPath, err)
}

if !fileInfo.Mode().IsRegular() {
return nil
}

srcFile, err := os.Open(srcSubPath)
if err != nil {
return fmt.Errorf("opening file being packed %s: %w", srcSubPath, err)
}
defer func() {
err = errors.Join(err, closeAndWrapErr(srcFile, "closing file being packed %s: %w", srcSubPath))
}()
_, err = io.Copy(tarWriter, srcFile)
if err != nil {
return fmt.Errorf("packing file %s: %w", srcSubPath, err)
}
return nil
}

func TarUnpack(srcPath, dstDirPath string, enableCompression bool) (err error) {
// normalize all paths to be absolute and clean
srcPath, err = filepath.Abs(srcPath)
if err != nil {
return fmt.Errorf("normalizing archive path: %w", err)
}

dstDirPath, err = filepath.Abs(dstDirPath)
if err != nil {
return fmt.Errorf("normalizing archive destination path: %w", err)
}

tarFile, err := os.Open(srcPath)
if err != nil {
return fmt.Errorf("opening archive %s: %w", srcPath, err)
}
defer func() {
err = errors.Join(err, closeAndWrapErr(tarFile, "closing archive %s: %w", srcPath))
}()

var tarDst io.Reader = tarFile
if enableCompression {
var gzipReader *gzip.Reader

Check failure

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
.
gzipReader, err = gzip.NewReader(tarFile)
if err != nil {
return fmt.Errorf("creating gzip reader: %w", err)
}
defer func() {
err = errors.Join(err, closeAndWrapErr(gzipReader, "closing gzip reader: %w"))
}()

tarDst = gzipReader
}

tarReader := tar.NewReader(tarDst)

for {
var tarHeader *tar.Header
tarHeader, err = tarReader.Next()
if err == io.EOF {
break
}
if err != nil {
return fmt.Errorf("reading tar header of %s: %w", srcPath, err)
}

fileInfo := tarHeader.FileInfo()

filePath := filepath.Join(dstDirPath, tarHeader.Name)

// protect against "Zip Slip"
if strings.Index(filePath, dstDirPath) != 0 {
// mimic standard error, which will be returned in future versions of Go by default
// more info can be found by "tarinsecurepath" variable name
return tar.ErrInsecurePath
}

fileDirPath := filePath
if !fileInfo.Mode().IsDir() {
fileDirPath = filepath.Dir(fileDirPath)
}

if err = os.MkdirAll(fileDirPath, 0755); err != nil {
return fmt.Errorf("making dirs for path %s: %w", fileDirPath, err)
}

if fileInfo.Mode().IsDir() {
continue
}

err = tarUnpackFile(filePath, tarReader, fileInfo)
if err != nil {
return fmt.Errorf("unpacking archive %s: %w", filePath, err)
}
}
return nil
}

func tarUnpackFile(dstFileName string, src io.Reader, srcFileInfo fs.FileInfo) (err error) {
var dstFile *os.File
dstFile, err = os.OpenFile(dstFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, srcFileInfo.Mode().Perm())
if err != nil {
return fmt.Errorf("opening destination file %s: %w", dstFileName, err)
}
defer func() {
err = errors.Join(err, closeAndWrapErr(dstFile, "closing destination file %s: %w", dstFile))
}()

n, err := io.Copy(dstFile, src)
if err != nil {
return fmt.Errorf("copying to destination file %s: %w", dstFileName, err)
}

if srcFileInfo.Mode().IsRegular() && n != srcFileInfo.Size() {
return fmt.Errorf("written size check failed for %s: wrote %d, want %d", dstFileName, n, srcFileInfo.Size())
}

return nil
}

func closeAndWrapErr(closer io.Closer, errFormat string, a ...any) error {
if err := closer.Close(); err != nil {
a = append(a, err)
return fmt.Errorf(errFormat, a...)
}
return nil
}
Loading

0 comments on commit 0805083

Please sign in to comment.