From de52e024a027a774eefcc7ec70f64ed04f0aa6c0 Mon Sep 17 00:00:00 2001
From: Christian Kellner <christian@kellner.me>
Date: Sat, 6 Aug 2022 22:39:45 +0200
Subject: [PATCH] disk: use path policy for mount point checking

Replace the simple allow list of paths with the more sophisticated
path policies. It enables us to e.g. allow one path but not any
sub-path. This will be useful for `/boot` where we want to allow
its customization but not any sub-path because that might actually
break booting.
---
 internal/disk/disk.go | 40 ++++++++++++++--------------------------
 1 file changed, 14 insertions(+), 26 deletions(-)

diff --git a/internal/disk/disk.go b/internal/disk/disk.go
index a939e6ca8..909e157c0 100644
--- a/internal/disk/disk.go
+++ b/internal/disk/disk.go
@@ -21,8 +21,6 @@ import (
 	"fmt"
 	"io"
 	"math/rand"
-	"path"
-	"strings"
 
 	"github.com/google/uuid"
 	"github.com/osbuild/osbuild-composer/internal/blueprint"
@@ -54,9 +52,17 @@ const (
 	XBootLDRPartitionGUID = "BC13C2FF-59E6-4262-A352-B275FD6F7172"
 )
 
-var MountpointAllowList = []string{
-	"/", "/var", "/opt", "/srv", "/usr", "/app", "/data", "/home", "/tmp",
-}
+var MountpointAllowList = NewPathPolicies(map[string]PathPolicy{
+	"/":     {Exact: true},
+	"/var":  {},
+	"/opt":  {},
+	"/srv":  {},
+	"/usr":  {},
+	"/app":  {},
+	"/data": {},
+	"/home": {},
+	"/tmp":  {},
+})
 
 // Entity is the base interface for all disk-related entities.
 type Entity interface {
@@ -173,29 +179,11 @@ func NewVolIDFromRand(r *rand.Rand) string {
 	return hex.EncodeToString(volid)
 }
 
-func IsMountpointAllowed(mountpoint string, allowlist []string) bool {
-	for _, allowed := range allowlist {
-		match, _ := path.Match(allowed, mountpoint)
-		if match {
-			return true
-		}
-		// ensure that only clean mountpoints
-		// are valid
-		if strings.Contains(mountpoint, "//") {
-			return false
-		}
-		match = strings.HasPrefix(mountpoint, allowed+"/")
-		if allowed != "/" && match {
-			return true
-		}
-	}
-	return false
-}
-
-func CheckMountpoints(mountpoints []blueprint.FilesystemCustomization, mountpointAllowList []string) error {
+func CheckMountpoints(mountpoints []blueprint.FilesystemCustomization, mountpointAllowList *PathPolicies) error {
 	invalidMountpoints := []string{}
 	for _, m := range mountpoints {
-		if !IsMountpointAllowed(m.Mountpoint, mountpointAllowList) {
+		err := mountpointAllowList.Check(m.Mountpoint)
+		if err != nil {
 			invalidMountpoints = append(invalidMountpoints, m.Mountpoint)
 		}
 	}