1
2
3
4 package loader
5
6 import (
7 "fmt"
8
9 "sigs.k8s.io/kustomize/kyaml/filesys"
10 )
11
12 type LoadRestrictorFunc func(
13 filesys.FileSystem, filesys.ConfirmedDir, string) (string, error)
14
15 func RestrictionRootOnly(
16 fSys filesys.FileSystem, root filesys.ConfirmedDir, path string) (string, error) {
17 d, f, err := fSys.CleanedAbs(path)
18 if err != nil {
19 return "", err
20 }
21 if f == "" {
22 return "", fmt.Errorf("'%s' must resolve to a file", path)
23 }
24 if !d.HasPrefix(root) {
25 return "", fmt.Errorf(
26 "security; file '%s' is not in or below '%s'",
27 path, root)
28 }
29 return d.Join(f), nil
30 }
31
32 func RestrictionNone(
33 _ filesys.FileSystem, _ filesys.ConfirmedDir, path string) (string, error) {
34 return path, nil
35 }
36
View as plain text