mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-22 00:08:11 +00:00
Add nolint for exec calls
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This commit is contained in:
parent
709e27bf4b
commit
48d68e4eff
@ -142,6 +142,7 @@ func doPrestart() {
|
|||||||
args = append(args, rootfs)
|
args = append(args, rootfs)
|
||||||
|
|
||||||
env := append(os.Environ(), cli.Environment...)
|
env := append(os.Environ(), cli.Environment...)
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection?
|
||||||
err = syscall.Exec(args[0], args, env)
|
err = syscall.Exec(args[0], args, env)
|
||||||
log.Panicln("exec failed:", err)
|
log.Panicln("exec failed:", err)
|
||||||
}
|
}
|
||||||
|
@ -86,6 +86,7 @@ func TestBadInput(t *testing.T) {
|
|||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmdCreate := exec.Command(nvidiaRuntime, "create", "--bundle")
|
cmdCreate := exec.Command(nvidiaRuntime, "create", "--bundle")
|
||||||
t.Logf("executing: %s\n", strings.Join(cmdCreate.Args, " "))
|
t.Logf("executing: %s\n", strings.Join(cmdCreate.Args, " "))
|
||||||
err = cmdCreate.Run()
|
err = cmdCreate.Run()
|
||||||
@ -103,6 +104,7 @@ func TestGoodInput(t *testing.T) {
|
|||||||
t.Fatalf("error generating runtime spec: %v", err)
|
t.Fatalf("error generating runtime spec: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmdRun := exec.Command(nvidiaRuntime, "run", "--bundle", cfg.bundlePath(), "testcontainer")
|
cmdRun := exec.Command(nvidiaRuntime, "run", "--bundle", cfg.bundlePath(), "testcontainer")
|
||||||
t.Logf("executing: %s\n", strings.Join(cmdRun.Args, " "))
|
t.Logf("executing: %s\n", strings.Join(cmdRun.Args, " "))
|
||||||
output, err := cmdRun.CombinedOutput()
|
output, err := cmdRun.CombinedOutput()
|
||||||
@ -113,6 +115,7 @@ func TestGoodInput(t *testing.T) {
|
|||||||
require.NoError(t, err, "should be no errors when reading and parsing spec from config.json")
|
require.NoError(t, err, "should be no errors when reading and parsing spec from config.json")
|
||||||
require.Empty(t, spec.Hooks, "there should be no hooks in config.json")
|
require.Empty(t, spec.Hooks, "there should be no hooks in config.json")
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmdCreate := exec.Command(nvidiaRuntime, "create", "--bundle", cfg.bundlePath(), "testcontainer")
|
cmdCreate := exec.Command(nvidiaRuntime, "create", "--bundle", cfg.bundlePath(), "testcontainer")
|
||||||
t.Logf("executing: %s\n", strings.Join(cmdCreate.Args, " "))
|
t.Logf("executing: %s\n", strings.Join(cmdCreate.Args, " "))
|
||||||
err = cmdCreate.Run()
|
err = cmdCreate.Run()
|
||||||
@ -158,6 +161,7 @@ func TestDuplicateHook(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Test how runtime handles already existing prestart hook in config.json
|
// Test how runtime handles already existing prestart hook in config.json
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmdCreate := exec.Command(nvidiaRuntime, "create", "--bundle", cfg.bundlePath(), "testcontainer")
|
cmdCreate := exec.Command(nvidiaRuntime, "create", "--bundle", cfg.bundlePath(), "testcontainer")
|
||||||
t.Logf("executing: %s\n", strings.Join(cmdCreate.Args, " "))
|
t.Logf("executing: %s\n", strings.Join(cmdCreate.Args, " "))
|
||||||
output, err := cmdCreate.CombinedOutput()
|
output, err := cmdCreate.CombinedOutput()
|
||||||
@ -226,6 +230,7 @@ func (c testConfig) generateNewRuntimeSpec() error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmd := exec.Command("cp", c.unmodifiedSpecFile(), c.specFilePath())
|
cmd := exec.Command("cp", c.unmodifiedSpecFile(), c.specFilePath())
|
||||||
err = cmd.Run()
|
err = cmd.Run()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -127,6 +127,7 @@ func (m command) run(c *cli.Context, cfg *config) error {
|
|||||||
|
|
||||||
args := append([]string{filepath.Base(chmodPath), cfg.mode}, paths...)
|
args := append([]string{filepath.Base(chmodPath), cfg.mode}, paths...)
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
return syscall.Exec(chmodPath, args, nil)
|
return syscall.Exec(chmodPath, args, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -100,6 +100,7 @@ func (m command) run(c *cli.Context, cfg *config) error {
|
|||||||
args = append(args, "-r", containerRoot)
|
args = append(args, "-r", containerRoot)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
return syscall.Exec(args[0], args, nil)
|
return syscall.Exec(args[0], args, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,6 +27,7 @@ type syscallExec struct{}
|
|||||||
var _ Runtime = (*syscallExec)(nil)
|
var _ Runtime = (*syscallExec)(nil)
|
||||||
|
|
||||||
func (r syscallExec) Exec(args []string) error {
|
func (r syscallExec) Exec(args []string) error {
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
err := syscall.Exec(args[0], args, os.Environ())
|
err := syscall.Exec(args[0], args, os.Environ())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("could not exec '%v': %v", args[0], err)
|
return fmt.Errorf("could not exec '%v': %v", args[0], err)
|
||||||
|
@ -157,6 +157,7 @@ func (o Options) SystemdRestart(service string) error {
|
|||||||
|
|
||||||
logrus.Infof("Restarting %v%v using systemd: %v", service, msg, args)
|
logrus.Infof("Restarting %v%v using systemd: %v", service, msg, args)
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmd := exec.Command(args[0], args[1:]...)
|
cmd := exec.Command(args[0], args[1:]...)
|
||||||
cmd.Stdout = os.Stdout
|
cmd.Stdout = os.Stdout
|
||||||
cmd.Stderr = os.Stderr
|
cmd.Stderr = os.Stderr
|
||||||
|
@ -229,6 +229,7 @@ func installToolkit(o *options) error {
|
|||||||
filepath.Join(o.root, toolkitSubDir),
|
filepath.Join(o.root, toolkitSubDir),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmd := exec.Command("sh", "-c", strings.Join(cmdline, " "))
|
cmd := exec.Command("sh", "-c", strings.Join(cmdline, " "))
|
||||||
cmd.Stdout = os.Stdout
|
cmd.Stdout = os.Stdout
|
||||||
cmd.Stderr = os.Stderr
|
cmd.Stderr = os.Stderr
|
||||||
@ -247,6 +248,7 @@ func setupRuntime(o *options) error {
|
|||||||
|
|
||||||
cmdline := fmt.Sprintf("%v setup %v %v\n", o.runtime, o.runtimeArgs, toolkitDir)
|
cmdline := fmt.Sprintf("%v setup %v %v\n", o.runtime, o.runtimeArgs, toolkitDir)
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmd := exec.Command("sh", "-c", cmdline)
|
cmd := exec.Command("sh", "-c", cmdline)
|
||||||
cmd.Stdout = os.Stdout
|
cmd.Stdout = os.Stdout
|
||||||
cmd.Stderr = os.Stderr
|
cmd.Stderr = os.Stderr
|
||||||
@ -272,6 +274,7 @@ func cleanupRuntime(o *options) error {
|
|||||||
|
|
||||||
cmdline := fmt.Sprintf("%v cleanup %v %v\n", o.runtime, o.runtimeArgs, toolkitDir)
|
cmdline := fmt.Sprintf("%v cleanup %v %v\n", o.runtime, o.runtimeArgs, toolkitDir)
|
||||||
|
|
||||||
|
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
||||||
cmd := exec.Command("sh", "-c", cmdline)
|
cmd := exec.Command("sh", "-c", cmdline)
|
||||||
cmd.Stdout = os.Stdout
|
cmd.Stdout = os.Stdout
|
||||||
cmd.Stderr = os.Stderr
|
cmd.Stderr = os.Stderr
|
||||||
|
Loading…
Reference in New Issue
Block a user