particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

osbuildexecutor: add validateOutputArchive() and run before extract

Browse source 
The tar file from the `osbuild-worker-executor` is potentially
tainted. Ensure we validate and only extract if it harmless.
This commit is contained in:
Michael Vogt 2024-06-07 09:56:39 +02:00 committed by Sanne Raymaekers
parent 22769305d8
commit 984f51feb8
3 changed files with 126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/osbuildexecutor/export_test.go Normal file
View file

@ -0,0 +1,3 @@
package osbuildexecutor
var ValidateOutputArchive = validateOutputArchive