diff options
author | Sebastiaan van Stijn <github@gone.nl> | 2023-03-06 17:25:54 +0100 |
---|---|---|
committer | Sebastiaan van Stijn <github@gone.nl> | 2023-03-06 17:25:54 +0100 |
commit | a79be4cf31c468fbff08f2b629f9432543bd0841 (patch) | |
tree | 4cdb7b0d42c47d9361ab58d26eedff9df5a774ae | |
parent | 6962a28bc8d4466b8da07a975f7f5b8b000f7829 (diff) | |
download | docker-a79be4cf31c468fbff08f2b629f9432543bd0841.tar.gz |
vendor: github.com/moby/buildkit v0.10.7-0.20230306143919-70f2ad56d3e5
- buildinfo: ensure URLs are redacted before written (fixes CVE-2023-26054)
full diff: https://github.com/moby/buildkit/compare/4f0ee09c40e2...70f2ad56d3e5a870ca1e167a051e7562249bfe8e
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
-rw-r--r-- | vendor.mod | 2 | ||||
-rw-r--r-- | vendor.sum | 4 | ||||
-rw-r--r-- | vendor/github.com/moby/buildkit/util/buildinfo/buildinfo.go | 11 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
4 files changed, 12 insertions, 7 deletions
diff --git a/vendor.mod b/vendor.mod index 8a38cb3402..7ea1dafba3 100644 --- a/vendor.mod +++ b/vendor.mod @@ -49,7 +49,7 @@ require ( github.com/klauspost/compress v1.15.12 github.com/miekg/dns v1.1.43 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible - github.com/moby/buildkit v0.10.7-0.20230208155512-4f0ee09c40e2 + github.com/moby/buildkit v0.10.7-0.20230306143919-70f2ad56d3e5 github.com/moby/ipvs v1.1.0 github.com/moby/locker v1.0.1 github.com/moby/patternmatcher v0.5.0 diff --git a/vendor.sum b/vendor.sum index 4a209cc467..52ccfec3ee 100644 --- a/vendor.sum +++ b/vendor.sum @@ -729,8 +729,8 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= -github.com/moby/buildkit v0.10.7-0.20230208155512-4f0ee09c40e2 h1:TF8U8vLWgBk9YtxrGqIpHx7/T+qQksNfqmMVGm/16/w= -github.com/moby/buildkit v0.10.7-0.20230208155512-4f0ee09c40e2/go.mod h1:tQuuyTWtOb9D+RE425cwOCUkX0/oZ+5iBZ+uWpWQ9bU= +github.com/moby/buildkit v0.10.7-0.20230306143919-70f2ad56d3e5 h1:1CEKLCfx4WEWbP4A+cI61IR6pC5h6cAN+20CXsU7NRU= +github.com/moby/buildkit v0.10.7-0.20230306143919-70f2ad56d3e5/go.mod h1:tQuuyTWtOb9D+RE425cwOCUkX0/oZ+5iBZ+uWpWQ9bU= github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ= github.com/moby/ipvs v1.1.0/go.mod h1:4VJMWuf098bsUMmZEiD4Tjk/O7mOn3l1PTD3s4OoYAs= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= diff --git a/vendor/github.com/moby/buildkit/util/buildinfo/buildinfo.go b/vendor/github.com/moby/buildkit/util/buildinfo/buildinfo.go index 9771d9d348..280b472d3e 100644 --- a/vendor/github.com/moby/buildkit/util/buildinfo/buildinfo.go +++ b/vendor/github.com/moby/buildkit/util/buildinfo/buildinfo.go @@ -313,6 +313,11 @@ func filterAttrs(key string, attrs map[string]*string) map[string]*string { if len(skey) == 2 { platform = skey[1] } + const defaultContextKey = "context" + contextKey := defaultContextKey + if v, ok := attrs["contextkey"]; ok && *v != "" { + contextKey = *v + } filtered := make(map[string]*string) for k, v := range attrs { if v == nil { @@ -329,7 +334,7 @@ func filterAttrs(key string, attrs map[string]*string) map[string]*string { } // input context key and value has to be cleaned up // before being included - if strings.HasPrefix(k, "context:") { + if k == contextKey || strings.HasPrefix(k, defaultContextKey+":") { ctxkey := strings.SplitN(k, "::", 2) hasCtxPlatform := len(ctxkey) == 2 // if platform is set and also defined in key, set context @@ -338,11 +343,11 @@ func filterAttrs(key string, attrs map[string]*string) map[string]*string { continue } if platform == "" && hasCtxPlatform { - ctxval := strings.TrimSuffix(*v, "::"+ctxkey[1]) + ctxval := urlutil.RedactCredentials(strings.TrimSuffix(*v, "::"+ctxkey[1])) filtered[strings.TrimSuffix(k, "::"+ctxkey[1])] = &ctxval continue } - ctxival := strings.TrimSuffix(*v, "::"+platform) + ctxival := urlutil.RedactCredentials(strings.TrimSuffix(*v, "::"+platform)) filtered[strings.TrimSuffix(k, "::"+platform)] = &ctxival continue } diff --git a/vendor/modules.txt b/vendor/modules.txt index ce192da3d1..1ca49b0d47 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -486,7 +486,7 @@ github.com/mistifyio/go-zfs # github.com/mitchellh/hashstructure/v2 v2.0.2 ## explicit; go 1.14 github.com/mitchellh/hashstructure/v2 -# github.com/moby/buildkit v0.10.7-0.20230208155512-4f0ee09c40e2 +# github.com/moby/buildkit v0.10.7-0.20230306143919-70f2ad56d3e5 ## explicit; go 1.17 github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/types |