kbuntrock opened a new pull request, #104:
URL: https://github.com/apache/maven-build-cache-extension/pull/104
This PR covers some bugfix / enhancements with the restoration of outputs on
disk.
It is in draft since I expect some discussions. And the IT test has still do
be coded.
"Au menu" :
- Bugfix / "todo" : files in a base directory containing an underscore were
wrongly restored to disk (not at the same location).
-> To do so, the path is not guessed anymore from the classifier. I
introduced a "filePath" property in the "attachedArtifact" section of the
buildinfo.xml file.
-> Because the buildInfo structure change, I changed the cache
implementation version from "v1" to "v1.1". I assume it was one of the purpose
of this value : we don't have to deal with structure migration. Any previous
cache entry is defacto invalidated.
- Forbid the possibility to extract/restore data in a directory outside the
project (like extracting ../../../.ssh for example)
-> I guess the extraction part is not a vulnerability since someone with
commit permissions can guess other ways to extract data. But the possibility of
restoring at any place on the disk looks pretty dangerous to me if a remote
cache server is compromised.
- Gives the possibility to restore artefacts on disk, with a dedicated
property : maven.build.cache.restoreOnDiskArtefacts (default to true, open for
discussion)
- Introduce "globs" to filter extra attached outputs by filenames.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
