fix(compose):filter out symlink in custom template EE-1928 (#6579)

* fix prevent symlink in customtemplate
2025-07-19 13:29:41 +02:00 · 2022-03-04 12:05:34 +08:00 · 2022-03-04 12:05:34 +08:00 · c442d936d3
commit c442d936d3
parent 0cd164bada
1 changed files with 20 additions and 4 deletions
--- a/api/http/handler/customtemplates/customtemplate_create.go
+++ b/api/http/handler/customtemplates/customtemplate_create.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"log"
 	"net/http"
+	"os"
 	"regexp"
 	"strconv"

@ -271,14 +272,19 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 	if err != nil {
 		return nil, err
 	}
+	isValidProject := true
+	defer func() {
+		if !isValidProject {
+			if err := handler.FileService.RemoveDirectory(projectPath); err != nil {
+				log.Printf("[WARN] [http,customtemplate,git] [error: %s] [message: unable to remove git repository directory]", err)
+			}
+		}
+	}()

 	entryPath := filesystem.JoinPaths(projectPath, customTemplate.EntryPoint)
-
 	exists, err := handler.FileService.FileExists(entryPath)
 	if err != nil || !exists {
-		if err := handler.FileService.RemoveDirectory(projectPath); err != nil {
-			log.Printf("[WARN] [http,customtemplate,git] [error: %s] [message: unable to remove git repository directory]", err)
-		}
+		isValidProject = false
 	}

 	if err != nil {
@ -289,6 +295,16 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 		return nil, errors.New("Invalid Compose file, ensure that the Compose file path is correct")
 	}

+	info, err := os.Lstat(entryPath)
+	if err != nil {
+		isValidProject = false
+		return nil, err
+	}
+	if info.Mode()&os.ModeSymlink != 0 { // entry is a symlink
+		isValidProject = false
+		return nil, errors.New("Invalid Compose file, ensure that the Compose file is not a symbolic link")
+	}
+
 	return customTemplate, nil
 }