From c1b37586a9d6d978bd6a83c21a91d02112e78a7e Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Fri, 27 Mar 2020 16:50:23 +0530 Subject: [PATCH] Fix #88: Resolve unreachable statement in DockerAssemblyManager#ensureThatArtifactFileIsSet --- CHANGELOG.md | 1 + .../core/assembly/DockerAssemblyManager.java | 43 ++--- .../assembly/DockerAssemblyManagerTest.java | 168 ++++++++++++++++++ .../jkube/kit/common/util/MavenUtil.java | 4 + .../image/build/BuildConfiguration.java | 5 + 5 files changed, 196 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5666d5c92d..3dca1ddd3a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ Usage: * Fix #112: Fix windows specific path error while splitting file path * Fix #102: HelmMojo works again * Fix #120: Critical bugs reported by Sonar +* Fix #88: Unreachable statement in DockerAssemblyManager * Fix #122: Bug 561261 - jkube-kit - insecure yaml load leading to RCE (CWE-502) ### 0.2.0 (05-03-2020) diff --git a/jkube-kit/build/service/docker/src/main/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManager.java b/jkube-kit/build/service/docker/src/main/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManager.java index 4ad19a2868..9ac6d2a5fd 100644 --- a/jkube-kit/build/service/docker/src/main/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManager.java +++ b/jkube-kit/build/service/docker/src/main/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManager.java @@ -133,18 +133,15 @@ public File createDockerTarArchive( verifyGivenDockerfile(dockerFile, buildConfig, params.getProperties(), log); interpolateDockerfile(dockerFile, buildDirs, params.getProperties()); // User dedicated Dockerfile from extra directory - archiveCustomizers.add(new ArchiverCustomizer() { - @Override - public JKubeBuildTarArchiver customize(JKubeBuildTarArchiver archiver) { - // If the content is added as archive, then we need to add the Dockerfile from the builddir - // directly to docker.tar (as the output builddir is not picked up in archive mode) - if (isArchive(assemblyConfig)) { - String name = dockerFile.getName(); - archiver.includeFile(new File(buildDirs.getOutputDirectory(), name), name); - } - - return archiver; + archiveCustomizers.add(archiver -> { + // If the content is added as archive, then we need to add the Dockerfile from the builddir + // directly to docker.tar (as the output builddir is not picked up in archive mode) + if (isArchive(assemblyConfig)) { + String name = dockerFile.getName(); + archiver.includeFile(new File(buildDirs.getOutputDirectory(), name), name); } + + return archiver; }); } else { // Create custom docker file in output dir @@ -384,31 +381,27 @@ private void createAssemblyArchive(JKubeAssemblyConfiguration assemblyConfig, JK // object which is then not available for the BuildMojo (there the file is still null leading to the // the "Cannot include project artifact: ... The following patterns were never triggered in this artifact inclusion filter: " // warning with an error following. - private File ensureThatArtifactFileIsSet(JKubeProject project) throws IOException { - File artifact = project.getArtifact(); - if (artifact == null) { - return null; - } - File oldFile = artifact; + protected File ensureThatArtifactFileIsSet(JKubeProject project) throws IOException { + File oldFile = project.getArtifact(); if (oldFile != null) { return oldFile; } String finalName = project.getBuildFinalName(); String target = project.getBuildDirectory(); - if (finalName == null || target == null) { - return null; - } - File artifactFile = new File(target, finalName + "." + project.getPackaging()); - if (artifactFile.exists() && artifactFile.isFile()) { - setArtifactFile(project, artifactFile); + if (finalName != null && target != null) { + File artifactFile = new File(target, finalName + "." + project.getPackaging()); + if (artifactFile.exists() && artifactFile.isFile()) { + setArtifactFile(project, artifactFile); + return artifactFile; + } } return null; } private void setArtifactFile(JKubeProject project, File artifactFile) throws IOException { - File artifact = project.getArtifact(); - if (artifact != null && artifactFile != null) { + if (artifactFile != null) { + File artifact = new File(project.getBuildDirectory() + artifactFile.getName()); Files.copy(Paths.get(artifactFile.getAbsolutePath()), Paths.get(artifact.getAbsolutePath()), StandardCopyOption.REPLACE_EXISTING); } } diff --git a/jkube-kit/build/service/docker/src/test/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManagerTest.java b/jkube-kit/build/service/docker/src/test/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManagerTest.java index 6ab42f2d65..970734db54 100644 --- a/jkube-kit/build/service/docker/src/test/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManagerTest.java +++ b/jkube-kit/build/service/docker/src/test/java/org/eclipse/jkube/kit/build/core/assembly/DockerAssemblyManagerTest.java @@ -14,7 +14,10 @@ package org.eclipse.jkube.kit.build.core.assembly; import java.io.File; +import java.io.FileNotFoundException; import java.io.IOException; +import java.io.PrintWriter; +import java.io.UnsupportedEncodingException; import java.util.Properties; import org.eclipse.jkube.kit.build.core.JKubeBuildContext; @@ -30,10 +33,15 @@ import mockit.Mocked; import mockit.Tested; import mockit.Verifications; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.TemporaryFolder; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; public class DockerAssemblyManagerTest { @@ -43,6 +51,9 @@ public class DockerAssemblyManagerTest { @Tested private DockerAssemblyManager assemblyManager; + @Rule + public TemporaryFolder temporaryFolder = new TemporaryFolder(); + @Test public void testNoAssembly() { JKubeBuildConfiguration buildConfig = new JKubeBuildConfiguration.Builder().build(); @@ -131,5 +142,162 @@ private JKubeBuildConfiguration createBuildConfig() { .build(); } + @Test + public void testEnsureThatArtifactFileIsSetWithProjectArtifactSet() throws IOException { + // Given + JKubeProject project = new JKubeProject.Builder() + .artifact(temporaryFolder.newFile("temp-project-0.0.1.jar")) + .build(); + + // When + File artifactFile = assemblyManager.ensureThatArtifactFileIsSet(project); + + // Then + assertNotNull(artifactFile); + assertEquals("temp-project-0.0.1.jar", artifactFile.getName()); + } + + @Test + public void testEnsureThatArtifactFileIsSetWithNullProjectArtifact() throws IOException { + // Given + File targetDirectory = temporaryFolder.newFolder("target"); + File jarFile = new File(targetDirectory, "foo-project-0.0.1.jar"); + jarFile.createNewFile(); + JKubeProject project = new JKubeProject.Builder() + .buildDirectory(targetDirectory.getAbsolutePath()) + .packaging("jar") + .buildFinalName("foo-project-0.0.1") + .build(); + + // When + File artifactFile = assemblyManager.ensureThatArtifactFileIsSet(project); + + // Then + assertNotNull(artifactFile); + assertTrue(artifactFile.exists()); + assertEquals("foo-project-0.0.1.jar", artifactFile.getName()); + } + + @Test + public void testEnsureThatArtifactFileIsSetWithEverythingNull() throws IOException { + // Given + JKubeProject project = new JKubeProject.Builder().build(); + + // When + File artifactFile = assemblyManager.ensureThatArtifactFileIsSet(project); + + // Then + assertNull(artifactFile); + } + + @Test + public void testCreateDockerTarArchiveWithoutDockerfile() throws IOException { + // Given + File targetFolder = temporaryFolder.newFolder("target"); + File finalArtifactFile = new File(targetFolder, "test-0.1.0.jar"); + finalArtifactFile.createNewFile(); + File outputDirectory = new File(targetFolder, "docker"); + + final JKubeBuildContext jKubeBuildContext = new JKubeBuildContext.Builder() + .project(new JKubeProject.Builder() + .groupId("org.eclipse.jkube") + .artifactId("test") + .packaging("jar") + .version("0.1.0") + .buildDirectory(targetFolder.getAbsolutePath()) + .artifact(finalArtifactFile) + .build()) + .outputDirectory(outputDirectory.getAbsolutePath()) + .sourceDirectory(temporaryFolder.getRoot().getAbsolutePath() + "/src/main/docker") + .build(); + final JKubeBuildConfiguration jKubeBuildConfiguration = new JKubeBuildConfiguration.Builder() + .build(); + + // When + File dockerArchiveFile = assemblyManager.createDockerTarArchive("test-image", jKubeBuildContext, jKubeBuildConfiguration, prefixedLogger, null); + + // Then + assertNotNull(dockerArchiveFile); + assertTrue(dockerArchiveFile.exists()); + assertEquals(2560, dockerArchiveFile.length()); + assertTrue(outputDirectory.isDirectory() && outputDirectory.exists()); + File buildOutputDir = new File(outputDirectory, "test-image"); + assertTrue(buildOutputDir.isDirectory() && buildOutputDir.exists()); + File buildDir = new File(buildOutputDir, "build"); + File workDir = new File(buildOutputDir, "work"); + File tmpDir = new File(buildOutputDir, "tmp"); + assertTrue(buildDir.isDirectory() && buildDir.exists()); + assertTrue(workDir.isDirectory() && workDir.exists()); + assertTrue(tmpDir.isDirectory() && tmpDir.exists()); + assertTrue(new File(buildDir, "Dockerfile").exists()); + File assemblyNameDirInBuild = new File(buildDir, "maven"); + assertTrue(assemblyNameDirInBuild.isDirectory() && assemblyNameDirInBuild.exists()); + assertTrue(new File(assemblyNameDirInBuild, "test-0.1.0.jar").exists()); + + } + + @Test + public void testCreateDockerTarArchiveWithDockerfile() throws IOException { + // Given + File baseProjectDir = temporaryFolder.newFolder("test-workspace"); + File dockerFile = new File(baseProjectDir, "Dockerfile"); + dockerFile.createNewFile(); + writeASimpleDockerfile(dockerFile); + File targetFolder = new File(baseProjectDir, "target"); + targetFolder.mkdirs(); + File finalArtifactFile = new File(targetFolder, "test-0.1.0.jar"); + finalArtifactFile.createNewFile(); + File outputDirectory = new File(targetFolder, "docker"); + + + final JKubeBuildContext jKubeBuildContext = new JKubeBuildContext.Builder() + .project(new JKubeProject.Builder() + .groupId("org.eclipse.jkube") + .artifactId("test") + .packaging("jar") + .version("0.1.0") + .buildDirectory("target") + .baseDirectory(baseProjectDir) + .outputDirectory("target/classes") + .properties(new Properties()) + .artifact(finalArtifactFile) + .build()) + .outputDirectory("target/docker") + .sourceDirectory(baseProjectDir.getPath() + "/src/main/docker") + .build(); + final JKubeBuildConfiguration jKubeBuildConfiguration = new JKubeBuildConfiguration.Builder() + .dockerFileDir(baseProjectDir.getPath()) + .dockerFile(dockerFile.getPath()) + .dockerFileFile(dockerFile) + .build(); + + + // When + File dockerArchiveFile = assemblyManager.createDockerTarArchive("test-image", jKubeBuildContext, jKubeBuildConfiguration, prefixedLogger, null); + + // Then + assertNotNull(dockerArchiveFile); + assertTrue(dockerArchiveFile.exists()); + assertEquals(2048, dockerArchiveFile.length()); + assertTrue(outputDirectory.isDirectory() && outputDirectory.exists()); + File buildOutputDir = new File(outputDirectory, "test-image"); + assertTrue(buildOutputDir.isDirectory() && buildOutputDir.exists()); + File buildDir = new File(buildOutputDir, "build"); + File workDir = new File(buildOutputDir, "work"); + File tmpDir = new File(buildOutputDir, "tmp"); + assertTrue(buildDir.isDirectory() && buildDir.exists()); + assertTrue(workDir.isDirectory() && workDir.exists()); + assertTrue(tmpDir.isDirectory() && tmpDir.exists()); + assertTrue(new File(buildDir, "Dockerfile").exists()); + File assemblyNameDirInBuild = new File(buildDir, "maven"); + assertTrue(assemblyNameDirInBuild.isDirectory() && assemblyNameDirInBuild.exists()); + } + + private void writeASimpleDockerfile(File dockerFile) throws FileNotFoundException, UnsupportedEncodingException { + PrintWriter writer = new PrintWriter(dockerFile, "UTF-8"); + writer.println("FROM openjdk:jre"); + writer.close(); + } + } diff --git a/jkube-kit/common-maven/src/main/java/org/eclipse/jkube/kit/common/util/MavenUtil.java b/jkube-kit/common-maven/src/main/java/org/eclipse/jkube/kit/common/util/MavenUtil.java index d771bccb82..6eefb56c0e 100644 --- a/jkube-kit/common-maven/src/main/java/org/eclipse/jkube/kit/common/util/MavenUtil.java +++ b/jkube-kit/common-maven/src/main/java/org/eclipse/jkube/kit/common/util/MavenUtil.java @@ -425,6 +425,10 @@ public static JKubeProject convertMavenProjectToJKubeProject(MavenProject mavenP builder.scmUrl(mavenProject.getScm().getUrl()); } + if (mavenProject.getArtifact() != null) { + builder.artifact(mavenProject.getArtifact().getFile()); + } + return builder.build(); } } diff --git a/jkube-kit/config/image/src/main/java/org/eclipse/jkube/kit/config/image/build/BuildConfiguration.java b/jkube-kit/config/image/src/main/java/org/eclipse/jkube/kit/config/image/build/BuildConfiguration.java index c432120cce..254b654ad8 100644 --- a/jkube-kit/config/image/src/main/java/org/eclipse/jkube/kit/config/image/build/BuildConfiguration.java +++ b/jkube-kit/config/image/src/main/java/org/eclipse/jkube/kit/config/image/build/BuildConfiguration.java @@ -340,6 +340,11 @@ public TypedBuilder dockerFileDir(String dir) { return this; } + public TypedBuilder dockerFileFile(File dockerFile) { + config.dockerFileFile = dockerFile; + return this; + } + public TypedBuilder filter(String filter) { config.filter = filter; return this;