From 77bede94577eb63171f9cf79e579bda386077f68 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Mon, 18 Dec 2023 16:44:26 +0530 Subject: [PATCH 01/28] feat: password sanitization --- helper/DockerHelper.go | 12 ++++++------ helper/GitCliHelper.go | 16 ++++++++-------- util/CmdUtil.go | 6 ++++++ 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 21630a19..e1657239 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -171,7 +171,7 @@ func DockerLogin(dockerCredentials *DockerCredentials) error { pwd = pwd[:len(pwd)-1] } } - dockerLogin := fmt.Sprintf("docker login -u '%s' -p '%s' '%s' ", username, pwd, dockerCredentials.DockerRegistryURL) + dockerLogin := fmt.Sprintf("docker login -u '%q' -p '%q' '%q' ", username, pwd, dockerCredentials.DockerRegistryURL) awsLoginCmd := exec.Command("/bin/sh", "-c", dockerLogin) err := util.RunCommand(awsLoginCmd) if err != nil { @@ -295,7 +295,7 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { dockerBuild = getBuildxBuildCommand(cacheEnabled, dockerBuild, oldCacheBuildxPath, localCachePath, dest, dockerBuildConfig) } else { - dockerBuild = fmt.Sprintf("%s -f %s --network host -t %s %s", dockerBuild, dockerBuildConfig.DockerfilePath, ciRequest.DockerRepository, dockerBuildConfig.BuildContext) + dockerBuild = fmt.Sprintf("%s -f %q --network host -t %q %s", dockerBuild, dockerBuildConfig.DockerfilePath, ciRequest.DockerRepository, dockerBuildConfig.BuildContext) } if envVars.ShowDockerBuildCmdInLogs { log.Println("Starting docker build : ", dockerBuild) @@ -355,7 +355,7 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { } func getBuildxBuildCommand(cacheEnabled bool, dockerBuild, oldCacheBuildxPath, localCachePath, dest string, dockerBuildConfig *DockerBuildConfig) string { - dockerBuild = fmt.Sprintf("%s -f %s -t %s --push %s --network host --allow network.host --allow security.insecure", dockerBuild, dockerBuildConfig.DockerfilePath, dest, dockerBuildConfig.BuildContext) + dockerBuild = fmt.Sprintf("%s -f %q -t %q --push %s --network host --allow network.host --allow security.insecure", dockerBuild, dockerBuildConfig.DockerfilePath, dest, dockerBuildConfig.BuildContext) if cacheEnabled { dockerBuild = fmt.Sprintf("%s --cache-to=type=local,dest=%s,mode=max --cache-from=type=local,src=%s", dockerBuild, localCachePath, oldCacheBuildxPath) } @@ -455,7 +455,7 @@ func executeCmd(dockerBuild string) error { } func tagDockerBuild(dockerRepository string, dest string) error { - dockerTag := "docker tag " + dockerRepository + ":latest" + " " + dest + dockerTag := fmt.Sprintf("docker tag %q:latest %q", dockerRepository, dest) log.Println(" -----> " + dockerTag) dockerTagCMD := exec.Command("/bin/sh", "-c", dockerTag) err := util.RunCommand(dockerTagCMD) @@ -547,7 +547,7 @@ func BuildDockerImagePath(ciRequest *CommonWorkflowRequest) (string, error) { func PushArtifact(dest string) error { //awsLogin := "$(aws ecr get-login --no-include-email --region " + ciRequest.AwsRegion + ")" - dockerPush := "docker push " + dest + dockerPush := fmt.Sprintf("docker push %q", dest) log.Println("-----> " + dockerPush) dockerPushCMD := exec.Command("/bin/sh", "-c", dockerPush) err := util.RunCommand(dockerPushCMD) @@ -581,7 +581,7 @@ func ExtractDigestForBuildx(dest string) (string, error) { } func ExtractDigestUsingPull(dest string) (string, error) { - dockerPull := "docker pull " + dest + dockerPull := fmt.Sprintf("docker pull %q", dest) dockerPullCmd := exec.Command("/bin/sh", "-c", dockerPull) digest, err := runGetDockerImageDigest(dockerPullCmd) if err != nil { diff --git a/helper/GitCliHelper.go b/helper/GitCliHelper.go index 6ce6b542..98732c96 100644 --- a/helper/GitCliHelper.go +++ b/helper/GitCliHelper.go @@ -22,7 +22,7 @@ const GIT_AKS_PASS = "/git-ask-pass.sh" func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git fetch ", "location", rootDir) - cmd := exec.Command("git", "-C", rootDir, "fetch", "origin", "--tags", "--force") + cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "fetch", "origin", "--tags", "--force") output, errMsg, err := impl.runCommandWithCred(cmd, gitContext.auth.Username, gitContext.auth.Password) log.Println(util.DEVTRON, "fetch output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, "", nil @@ -30,7 +30,7 @@ func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, err func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git checkout ", "location", rootDir) - cmd := exec.Command("git", "-C", rootDir, "checkout", checkout, "--force") + cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "checkout", util.SanitizeCliParam(checkout), "--force") output, errMsg, err := impl.runCommand(cmd) log.Println(util.DEVTRON, "checkout output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, "", nil @@ -39,8 +39,8 @@ func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg func (impl *GitUtil) runCommandWithCred(cmd *exec.Cmd, userName, password string) (response, errMsg string, err error) { cmd.Env = append(os.Environ(), fmt.Sprintf("GIT_ASKPASS=%s", GIT_AKS_PASS), - fmt.Sprintf("GIT_USERNAME=%s", userName), // ignored - fmt.Sprintf("GIT_PASSWORD=%s", password), // this value is used + fmt.Sprintf("GIT_USERNAME=%q", userName), // ignored; %q is used intentionally to sanitise the username + fmt.Sprintf("GIT_PASSWORD=%q", password), // this value is used; %q is used intentionally to sanitise the password ) return impl.runCommand(cmd) } @@ -102,7 +102,7 @@ func (impl *GitUtil) Clone(gitContext GitContext, rootDir string, remoteUrl stri // setting user.name and user.email as for non-fast-forward merge, git ask for user.name and email func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git merge ", "location", rootDir) - command := "cd " + rootDir + " && git config user.email git@devtron.com && git config user.name Devtron && git merge " + commit + " --no-commit" + command := fmt.Sprintf("cd %q && git config user.email git@devtron.com && git config user.name Devtron && git merge %q --no-commit", rootDir, commit) cmd := exec.Command("/bin/sh", "-c", command) output, errMsg, err := impl.runCommand(cmd) log.Println(util.DEVTRON, "merge output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) @@ -111,7 +111,7 @@ func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg stri func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git recursive fetch submodules ", "location", rootDir) - cmd := exec.Command("git", "-C", rootDir, "submodule", "update", "--init", "--recursive") + cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "submodule", "update", "--init", "--recursive") output, eMsg, err := impl.runCommandForSuppliedNullifiedEnv(cmd, false) log.Println(util.DEVTRON, "recursive fetch submodules output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, eMsg, err @@ -119,7 +119,7 @@ func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper store ", "location", rootDir) - cmd := exec.Command("git", "-C", rootDir, "config", "--global", "credential.helper", "store") + cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "config", "--global", "credential.helper", "store") output, eMsg, err := impl.runCommandForSuppliedNullifiedEnv(cmd, false) log.Println(util.DEVTRON, "git credential helper store output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, eMsg, err @@ -127,7 +127,7 @@ func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg st func (impl *GitUtil) UnsetCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper unset ", "location", rootDir) - cmd := exec.Command("git", "-C", rootDir, "config", "--global", "--unset", "credential.helper") + cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "config", "--global", "--unset", "credential.helper") output, eMsg, err := impl.runCommandForSuppliedNullifiedEnv(cmd, false) log.Println(util.DEVTRON, "git credential helper unset output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, eMsg, err diff --git a/util/CmdUtil.go b/util/CmdUtil.go index 2eecf670..0a012ea0 100644 --- a/util/CmdUtil.go +++ b/util/CmdUtil.go @@ -19,6 +19,7 @@ package util import ( "bytes" + "fmt" "io" "os" "os/exec" @@ -43,3 +44,8 @@ func RunCommand(cmd *exec.Cmd) error { //log.Println(stdBuffer.String()) return nil } + +// SanitizeCliParam is used where we are directly injecting the user defined params to any CLI commands. This prevents any script injection to the running env +func SanitizeCliParam(param string) string { + return fmt.Sprintf("%q", param) +} From 12d497c7505d8db47900d354d2e3e4f8b5fa4a80 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 19 Dec 2023 10:51:23 +0530 Subject: [PATCH 02/28] updated docker login --- helper/DockerHelper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index e1657239..3dcf9d94 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -171,7 +171,7 @@ func DockerLogin(dockerCredentials *DockerCredentials) error { pwd = pwd[:len(pwd)-1] } } - dockerLogin := fmt.Sprintf("docker login -u '%q' -p '%q' '%q' ", username, pwd, dockerCredentials.DockerRegistryURL) + dockerLogin := fmt.Sprintf("docker login -u %q -p %q %q", username, pwd, dockerCredentials.DockerRegistryURL) awsLoginCmd := exec.Command("/bin/sh", "-c", dockerLogin) err := util.RunCommand(awsLoginCmd) if err != nil { From 3f7b9e8232cc9391dd23513979085ecfe239c0ef Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 19 Dec 2023 12:24:54 +0530 Subject: [PATCH 03/28] fixed: format --- util/CmdUtil.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/CmdUtil.go b/util/CmdUtil.go index 0a012ea0..cfca7b8a 100644 --- a/util/CmdUtil.go +++ b/util/CmdUtil.go @@ -47,5 +47,5 @@ func RunCommand(cmd *exec.Cmd) error { // SanitizeCliParam is used where we are directly injecting the user defined params to any CLI commands. This prevents any script injection to the running env func SanitizeCliParam(param string) string { - return fmt.Sprintf("%q", param) + return fmt.Sprintf("%s", param) } From 79882613305b68b21ebe6737b663ace5cf3af46a Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 19 Dec 2023 12:43:24 +0530 Subject: [PATCH 04/28] fixed: updated gitcli --- helper/GitCliHelper.go | 10 +++++----- util/CmdUtil.go | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helper/GitCliHelper.go b/helper/GitCliHelper.go index 98732c96..0d67006a 100644 --- a/helper/GitCliHelper.go +++ b/helper/GitCliHelper.go @@ -22,7 +22,7 @@ const GIT_AKS_PASS = "/git-ask-pass.sh" func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git fetch ", "location", rootDir) - cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "fetch", "origin", "--tags", "--force") + cmd := exec.Command("git", "-C", rootDir, "fetch", "origin", "--tags", "--force") output, errMsg, err := impl.runCommandWithCred(cmd, gitContext.auth.Username, gitContext.auth.Password) log.Println(util.DEVTRON, "fetch output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, "", nil @@ -30,7 +30,7 @@ func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, err func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git checkout ", "location", rootDir) - cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "checkout", util.SanitizeCliParam(checkout), "--force") + cmd := exec.Command("git", "-C", rootDir, "checkout", checkout, "--force") output, errMsg, err := impl.runCommand(cmd) log.Println(util.DEVTRON, "checkout output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, "", nil @@ -111,7 +111,7 @@ func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg stri func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git recursive fetch submodules ", "location", rootDir) - cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "submodule", "update", "--init", "--recursive") + cmd := exec.Command("git", "-C", rootDir, "submodule", "update", "--init", "--recursive") output, eMsg, err := impl.runCommandForSuppliedNullifiedEnv(cmd, false) log.Println(util.DEVTRON, "recursive fetch submodules output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, eMsg, err @@ -119,7 +119,7 @@ func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper store ", "location", rootDir) - cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "config", "--global", "credential.helper", "store") + cmd := exec.Command("git", "-C", rootDir, "config", "--global", "credential.helper", "store") output, eMsg, err := impl.runCommandForSuppliedNullifiedEnv(cmd, false) log.Println(util.DEVTRON, "git credential helper store output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, eMsg, err @@ -127,7 +127,7 @@ func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg st func (impl *GitUtil) UnsetCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper unset ", "location", rootDir) - cmd := exec.Command("git", "-C", util.SanitizeCliParam(rootDir), "config", "--global", "--unset", "credential.helper") + cmd := exec.Command("git", "-C", rootDir, "config", "--global", "--unset", "credential.helper") output, eMsg, err := impl.runCommandForSuppliedNullifiedEnv(cmd, false) log.Println(util.DEVTRON, "git credential helper unset output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, eMsg, err diff --git a/util/CmdUtil.go b/util/CmdUtil.go index cfca7b8a..0a012ea0 100644 --- a/util/CmdUtil.go +++ b/util/CmdUtil.go @@ -47,5 +47,5 @@ func RunCommand(cmd *exec.Cmd) error { // SanitizeCliParam is used where we are directly injecting the user defined params to any CLI commands. This prevents any script injection to the running env func SanitizeCliParam(param string) string { - return fmt.Sprintf("%s", param) + return fmt.Sprintf("%q", param) } From 275e6c959fd20284f2041d49360952a964a237e4 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 19 Dec 2023 13:10:50 +0530 Subject: [PATCH 05/28] fixed: git cli issue --- util/CmdUtil.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/util/CmdUtil.go b/util/CmdUtil.go index 0a012ea0..2eecf670 100644 --- a/util/CmdUtil.go +++ b/util/CmdUtil.go @@ -19,7 +19,6 @@ package util import ( "bytes" - "fmt" "io" "os" "os/exec" @@ -44,8 +43,3 @@ func RunCommand(cmd *exec.Cmd) error { //log.Println(stdBuffer.String()) return nil } - -// SanitizeCliParam is used where we are directly injecting the user defined params to any CLI commands. This prevents any script injection to the running env -func SanitizeCliParam(param string) string { - return fmt.Sprintf("%q", param) -} From f298e8f63eea20740de4d7a05478660d1d311c83 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 19 Dec 2023 18:39:36 +0530 Subject: [PATCH 06/28] sanitised buildx commands --- helper/DockerHelper.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 3dcf9d94..b1f5cf34 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -228,28 +228,28 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { dockerBuild = dockerBuildxBuild + " " } if isTargetPlatformSet { - dockerBuild += "--platform " + dockerBuildConfig.TargetPlatform + " " + dockerBuild += fmt.Sprintf("--platform %q ", dockerBuildConfig.TargetPlatform) } } dockerBuildFlags := make(map[string]string) dockerBuildArgsMap := dockerBuildConfig.Args for k, v := range dockerBuildArgsMap { - flagKey := fmt.Sprintf("%s %s", BUILD_ARG_FLAG, k) + flagKey := fmt.Sprintf("%s %q", BUILD_ARG_FLAG, strings.TrimSpace(k)) if strings.HasPrefix(v, DEVTRON_ENV_VAR_PREFIX) { valueFromEnv := os.Getenv(strings.TrimPrefix(v, DEVTRON_ENV_VAR_PREFIX)) - dockerBuildFlags[flagKey] = fmt.Sprintf("=\"%s\"", valueFromEnv) + dockerBuildFlags[flagKey] = fmt.Sprintf("=\"%s\"", strings.TrimSpace(valueFromEnv)) } else { - dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", v) + dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", strings.TrimSpace(v)) } } dockerBuildOptionsMap := dockerBuildConfig.DockerBuildOptions for k, v := range dockerBuildOptionsMap { - flagKey := "--" + k + flagKey := "--" + strings.TrimSpace(k) if strings.HasPrefix(v, DEVTRON_ENV_VAR_PREFIX) { valueFromEnv := os.Getenv(strings.TrimPrefix(v, DEVTRON_ENV_VAR_PREFIX)) - dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", valueFromEnv) + dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", strings.TrimSpace(valueFromEnv)) } else { - dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", v) + dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", strings.TrimSpace(v)) } } for key, value := range dockerBuildFlags { @@ -355,9 +355,9 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { } func getBuildxBuildCommand(cacheEnabled bool, dockerBuild, oldCacheBuildxPath, localCachePath, dest string, dockerBuildConfig *DockerBuildConfig) string { - dockerBuild = fmt.Sprintf("%s -f %q -t %q --push %s --network host --allow network.host --allow security.insecure", dockerBuild, dockerBuildConfig.DockerfilePath, dest, dockerBuildConfig.BuildContext) + dockerBuild = fmt.Sprintf("%s -f %q -t %q --push %q --network host --allow network.host --allow security.insecure", dockerBuild, dockerBuildConfig.DockerfilePath, dest, dockerBuildConfig.BuildContext) if cacheEnabled { - dockerBuild = fmt.Sprintf("%s --cache-to=type=local,dest=%s,mode=max --cache-from=type=local,src=%s", dockerBuild, localCachePath, oldCacheBuildxPath) + dockerBuild = fmt.Sprintf("%s --cache-to=type=local,dest=%q,mode=max --cache-from=type=local,src=%s", dockerBuild, localCachePath, oldCacheBuildxPath) } provenanceFlag := dockerBuildConfig.GetProvenanceFlag() From 21f3cfa66411caa62b1f410d603362e37a2e9a6b Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Wed, 20 Dec 2023 14:00:08 +0530 Subject: [PATCH 07/28] added comments and fixed build pack cmds --- helper/DockerHelper.go | 32 +++++++++++++++++++------- helper/GitCliHelper.go | 51 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 74 insertions(+), 9 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index b1f5cf34..04f015f0 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -94,6 +94,8 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA } dockerdstart = fmt.Sprintf("dockerd %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, dockerMtuValueFlag) } + // TODO: refactor dockerBuild string to []string for removing script injection + // Until then use fmt.Sprintf("%q", userInput) to sanitize the input out, _ := exec.Command("/bin/sh", "-c", dockerdstart).Output() log.Println(string(out)) waitForDockerDaemon(util.RETRYCOUNT) @@ -171,8 +173,7 @@ func DockerLogin(dockerCredentials *DockerCredentials) error { pwd = pwd[:len(pwd)-1] } } - dockerLogin := fmt.Sprintf("docker login -u %q -p %q %q", username, pwd, dockerCredentials.DockerRegistryURL) - awsLoginCmd := exec.Command("/bin/sh", "-c", dockerLogin) + awsLoginCmd := exec.Command("/bin/sh", "-c", "docker", "login", "-u", username, "-p", pwd, dockerCredentials.DockerRegistryURL) err := util.RunCommand(awsLoginCmd) if err != nil { log.Println(err) @@ -212,6 +213,8 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { return "", err } if ciBuildConfig.CiBuildType == SELF_DOCKERFILE_BUILD_TYPE || ciBuildConfig.CiBuildType == MANAGED_DOCKERFILE_BUILD_TYPE { + // TODO: refactor dockerBuild string to []string for removing script injection + // Until then use fmt.Sprintf("%q", userInput) to sanitize the input dockerBuild := "docker build " if ciRequest.CacheInvalidate && ciRequest.IsPvcMounted { dockerBuild = dockerBuild + "--no-cache " @@ -327,15 +330,17 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { projectPath = "./" + projectPath } handleLanguageVersion(projectPath, buildPackParams) - buildPackCmd := fmt.Sprintf("pack build %s --path %s --builder %s", dest, projectPath, buildPackParams.BuilderId) + // TODO: refactor buildPackCmd: string to []string for removing script injection + // Until then use fmt.Sprintf("%q", userInput) to sanitize the input + buildPackCmd := fmt.Sprintf("pack build %q --path %q --builder %q", dest, projectPath, buildPackParams.BuilderId) BuildPackArgsMap := buildPackParams.Args for k, v := range BuildPackArgsMap { - buildPackCmd = buildPackCmd + " --env " + k + "=" + v + buildPackCmd = buildPackCmd + " --env " + strings.TrimSpace(k) + "=" + strings.TrimSpace(v) } if len(buildPackParams.BuildPacks) > 0 { for _, buildPack := range buildPackParams.BuildPacks { - buildPackCmd = buildPackCmd + " --buildpack " + buildPack + buildPackCmd = buildPackCmd + " --buildpack " + strings.TrimSpace(buildPack) } } log.Println(" -----> " + buildPackCmd) @@ -343,8 +348,7 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { if err != nil { return "", err } - builderRmCmdString := "docker image rm " + buildPackParams.BuilderId - builderRmCmd := exec.Command("/bin/sh", "-c", builderRmCmdString) + builderRmCmd := exec.Command("/bin/sh", "-c", "docker", "image", "rm", buildPackParams.BuilderId) err := builderRmCmd.Run() if err != nil { return "", err @@ -357,7 +361,7 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { func getBuildxBuildCommand(cacheEnabled bool, dockerBuild, oldCacheBuildxPath, localCachePath, dest string, dockerBuildConfig *DockerBuildConfig) string { dockerBuild = fmt.Sprintf("%s -f %q -t %q --push %q --network host --allow network.host --allow security.insecure", dockerBuild, dockerBuildConfig.DockerfilePath, dest, dockerBuildConfig.BuildContext) if cacheEnabled { - dockerBuild = fmt.Sprintf("%s --cache-to=type=local,dest=%q,mode=max --cache-from=type=local,src=%s", dockerBuild, localCachePath, oldCacheBuildxPath) + dockerBuild = fmt.Sprintf("%s --cache-to=type=local,dest=%q,mode=max --cache-from=type=local,src=%q", dockerBuild, localCachePath, oldCacheBuildxPath) } provenanceFlag := dockerBuildConfig.GetProvenanceFlag() @@ -423,6 +427,8 @@ func handleLanguageVersion(projectPath string, buildpackConfig *BuildPackConfig) return } if strings.TrimSpace(string(outputBytes)) == "null" { + // TODO: refactor versionUpdateCmd string to []string for removing script injection + // Until then use fmt.Sprintf("%q", userInput) to sanitize the input tmpJsonFile := "./tmp.json" versionUpdateCmd := fmt.Sprintf("jq '.engines.node = \"%s\"' %s >%s", languageVersion, finalPath, tmpJsonFile) err := executeCmd(versionUpdateCmd) @@ -430,6 +436,8 @@ func handleLanguageVersion(projectPath string, buildpackConfig *BuildPackConfig) log.Println("error occurred while inserting node version", "err", err) return } + // TODO: refactor fileReplaceCmd string to []string for removing script injection + // Until then use fmt.Sprintf("%q", userInput) to sanitize the input fileReplaceCmd := fmt.Sprintf("mv %s %s", tmpJsonFile, finalPath) err = executeCmd(fileReplaceCmd) if err != nil { @@ -445,7 +453,15 @@ func handleLanguageVersion(projectPath string, buildpackConfig *BuildPackConfig) } +// executeCmd uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func executeCmd(dockerBuild string) error { + // TODO: dockerBuild should be []string{arg...} dockerBuildCMD := exec.Command("/bin/sh", "-c", dockerBuild) err := util.RunCommand(dockerBuildCMD) if err != nil { diff --git a/helper/GitCliHelper.go b/helper/GitCliHelper.go index 0d67006a..7d933c98 100644 --- a/helper/GitCliHelper.go +++ b/helper/GitCliHelper.go @@ -20,6 +20,13 @@ func NewGitUtil() *GitUtil { const GIT_AKS_PASS = "/git-ask-pass.sh" +// Fetch uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git fetch ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "fetch", "origin", "--tags", "--force") @@ -28,6 +35,13 @@ func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, err return output, "", nil } +// Checkout uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git checkout ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "checkout", checkout, "--force") @@ -36,6 +50,13 @@ func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg return output, "", nil } +// runCommandWithCred uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) runCommandWithCred(cmd *exec.Cmd, userName, password string) (response, errMsg string, err error) { cmd.Env = append(os.Environ(), fmt.Sprintf("GIT_ASKPASS=%s", GIT_AKS_PASS), @@ -99,7 +120,14 @@ func (impl *GitUtil) Clone(gitContext GitContext, rootDir string, remoteUrl stri return response, errMsg, err } -// setting user.name and user.email as for non-fast-forward merge, git ask for user.name and email +// Merge sets user.name and user.email as for non-fast-forward merge, git ask for user.name and email | +// Merge uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git merge ", "location", rootDir) command := fmt.Sprintf("cd %q && git config user.email git@devtron.com && git config user.name Devtron && git merge %q --no-commit", rootDir, commit) @@ -109,6 +137,13 @@ func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg stri return output, errMsg, err } +// RecursiveFetchSubmodules uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git recursive fetch submodules ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "submodule", "update", "--init", "--recursive") @@ -117,6 +152,13 @@ func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg return output, eMsg, err } +// UpdateCredentialHelper uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper store ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "config", "--global", "credential.helper", "store") @@ -125,6 +167,13 @@ func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg st return output, eMsg, err } +// UnsetCredentialHelper uses CLI to run git command and it is prone to script injection | +// Don'ts: +// 1- Never concatenate the whole cmd args into a single string and pass it as exec.Command(name, fmt.Sprintf("--flag1 %s --flag2 %s --flag3 %s", value1, value2, value3)) | +// DOs: +// 1- Break the command to name and []args as exec.Command(name, []arg...) +// 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) UnsetCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper unset ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "config", "--global", "--unset", "credential.helper") From 4c7ca25f998d5d47c1583dd282a320b95350a23e Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Wed, 20 Dec 2023 16:40:29 +0530 Subject: [PATCH 08/28] fixed: buildx k8s driver cmd --- helper/DockerHelper.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 04f015f0..fed411b7 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -734,7 +734,7 @@ func runCmd(cmd string) (error, *bytes.Buffer) { } func getBuildxK8sDriverCmd(driverOpts map[string]string, ciPipelineId, ciWorkflowId int) string { - buildxCreate := "docker buildx create --buildkitd-flags '--allow-insecure-entitlement network.host --allow-insecure-entitlement security.insecure' --name=%s --driver=kubernetes --node=%s --bootstrap " + buildxCreate := "docker buildx create --buildkitd-flags '--allow-insecure-entitlement network.host --allow-insecure-entitlement security.insecure' --name=%s --driver=kubernetes --node=%q --bootstrap " nodeName := driverOpts["node"] if nodeName == "" { nodeName = BUILDX_NODE_NAME + fmt.Sprintf("%v-%v", ciPipelineId, ciWorkflowId) + util.Generate(3) //need this to generate unique name for builder node in same builder. @@ -742,7 +742,7 @@ func getBuildxK8sDriverCmd(driverOpts map[string]string, ciPipelineId, ciWorkflo buildxCreate = fmt.Sprintf(buildxCreate, BUILDX_K8S_DRIVER_NAME, nodeName) platforms := driverOpts["platform"] if platforms != "" { - buildxCreate += " --platform=%s " + buildxCreate += " --platform=%q " buildxCreate = fmt.Sprintf(buildxCreate, platforms) } if len(driverOpts["driverOptions"]) > 0 { From 49472de7b74292acf1d764b672e00e89fbafe875 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 22 Dec 2023 17:47:03 +0530 Subject: [PATCH 09/28] sanitized --- helper/DockerHelper.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index fed411b7..c119a556 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -242,7 +242,7 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { valueFromEnv := os.Getenv(strings.TrimPrefix(v, DEVTRON_ENV_VAR_PREFIX)) dockerBuildFlags[flagKey] = fmt.Sprintf("=\"%s\"", strings.TrimSpace(valueFromEnv)) } else { - dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", strings.TrimSpace(v)) + dockerBuildFlags[flagKey] = fmt.Sprintf("=%q", strings.TrimSpace(v)) } } dockerBuildOptionsMap := dockerBuildConfig.DockerBuildOptions @@ -250,9 +250,9 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { flagKey := "--" + strings.TrimSpace(k) if strings.HasPrefix(v, DEVTRON_ENV_VAR_PREFIX) { valueFromEnv := os.Getenv(strings.TrimPrefix(v, DEVTRON_ENV_VAR_PREFIX)) - dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", strings.TrimSpace(valueFromEnv)) + dockerBuildFlags[flagKey] = fmt.Sprintf("=%q", strings.TrimSpace(valueFromEnv)) } else { - dockerBuildFlags[flagKey] = fmt.Sprintf("=%s", strings.TrimSpace(v)) + dockerBuildFlags[flagKey] = fmt.Sprintf("=%q", strings.TrimSpace(v)) } } for key, value := range dockerBuildFlags { From db9823ff8159f94303a18e03c135e7979d3bc964 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 9 Jan 2024 13:04:00 +0530 Subject: [PATCH 10/28] fixed: docker push command --- helper/DockerHelper.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index c119a556..0a40c19e 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -563,9 +563,9 @@ func BuildDockerImagePath(ciRequest *CommonWorkflowRequest) (string, error) { func PushArtifact(dest string) error { //awsLogin := "$(aws ecr get-login --no-include-email --region " + ciRequest.AwsRegion + ")" - dockerPush := fmt.Sprintf("docker push %q", dest) + dockerPush := fmt.Sprintf("docker push %s", dest) log.Println("-----> " + dockerPush) - dockerPushCMD := exec.Command("/bin/sh", "-c", dockerPush) + dockerPushCMD := exec.Command("/bin/sh", "-c", "docker", "push", dest) err := util.RunCommand(dockerPushCMD) if err != nil { log.Println(err) From 893b74743785278384f74e4238ee6ec3d8edf807 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Tue, 9 Jan 2024 15:14:46 +0530 Subject: [PATCH 11/28] fixed: docker command --- helper/DockerHelper.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 0a40c19e..ce44d90e 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -471,9 +471,9 @@ func executeCmd(dockerBuild string) error { } func tagDockerBuild(dockerRepository string, dest string) error { - dockerTag := fmt.Sprintf("docker tag %q:latest %q", dockerRepository, dest) + dockerTag := fmt.Sprintf("docker tag %s:latest %s", dockerRepository, dest) log.Println(" -----> " + dockerTag) - dockerTagCMD := exec.Command("/bin/sh", "-c", dockerTag) + dockerTagCMD := exec.Command("/bin/sh", "-c", "docker", "tag", fmt.Sprintf("%s:latest", dockerRepository), dest) err := util.RunCommand(dockerTagCMD) if err != nil { log.Println(err) @@ -597,8 +597,7 @@ func ExtractDigestForBuildx(dest string) (string, error) { } func ExtractDigestUsingPull(dest string) (string, error) { - dockerPull := fmt.Sprintf("docker pull %q", dest) - dockerPullCmd := exec.Command("/bin/sh", "-c", dockerPull) + dockerPullCmd := exec.Command("/bin/sh", "-c", "docker", "pull", dest) digest, err := runGetDockerImageDigest(dockerPullCmd) if err != nil { log.Println(err) From 544476c32be9285231e7d16e1812e852ec7920d8 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 16:53:54 +0530 Subject: [PATCH 12/28] Refactored: cli commands --- helper/DockerHelper.go | 176 +++++++++++++++++++---------------------- helper/GitCliHelper.go | 18 ++--- util/CmdUtil.go | 31 ++++++++ 3 files changed, 123 insertions(+), 102 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index ce44d90e..343096a3 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -59,7 +59,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA if err != nil { log.Fatal(err) } - dockerdstart := "" + dockerdStart := util.NewCommand() defaultAddressPoolFlag := "" dockerMtuValueFlag := "" if len(defaultAddressPoolBaseCidr) > 0 { @@ -72,7 +72,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA dockerMtuValueFlag = fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) } if connection == util.INSECURE { - dockerdstart = fmt.Sprintf("dockerd %s --insecure-registry %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, u.Host, dockerMtuValueFlag) + dockerdStart.AppendCommand("dockerd", defaultAddressPoolFlag, "--insecure-registry", u.Host, "--host=unix:///var/run/docker.sock", dockerMtuValueFlag, "--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") util.LogStage("Insecure Registry") } else { if connection == util.SECUREWITHCERT { @@ -92,11 +92,9 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA } util.LogStage("Secure with Cert") } - dockerdstart = fmt.Sprintf("dockerd %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, dockerMtuValueFlag) + dockerdStart.AppendCommand("dockerd", defaultAddressPoolFlag, "--host=unix:///var/run/docker.sock", dockerMtuValueFlag, "--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") } - // TODO: refactor dockerBuild string to []string for removing script injection - // Until then use fmt.Sprintf("%q", userInput) to sanitize the input - out, _ := exec.Command("/bin/sh", "-c", dockerdstart).Output() + out, _ := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() log.Println(string(out)) waitForDockerDaemon(util.RETRYCOUNT) } @@ -213,51 +211,48 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { return "", err } if ciBuildConfig.CiBuildType == SELF_DOCKERFILE_BUILD_TYPE || ciBuildConfig.CiBuildType == MANAGED_DOCKERFILE_BUILD_TYPE { - // TODO: refactor dockerBuild string to []string for removing script injection - // Until then use fmt.Sprintf("%q", userInput) to sanitize the input - dockerBuild := "docker build " + dockerBuild := util.NewCommand("docker", "build") if ciRequest.CacheInvalidate && ciRequest.IsPvcMounted { - dockerBuild = dockerBuild + "--no-cache " + dockerBuild.AppendCommand("--no-cache") } dockerBuildConfig := ciBuildConfig.DockerBuildConfig isTargetPlatformSet := dockerBuildConfig.TargetPlatform != "" useBuildx := dockerBuildConfig.CheckForBuildX() - dockerBuildxBuild := "docker buildx build " + dockerBuildxBuild := util.NewCommand("docker", "buildx", "build") if useBuildx { + dockerBuild = dockerBuildxBuild if ciRequest.CacheInvalidate && ciRequest.IsPvcMounted { - dockerBuild = dockerBuildxBuild + "--no-cache " - } else { - dockerBuild = dockerBuildxBuild + " " + dockerBuild.AppendCommand("--no-cache") } if isTargetPlatformSet { - dockerBuild += fmt.Sprintf("--platform %q ", dockerBuildConfig.TargetPlatform) + dockerBuild.AppendCommand("--platform", dockerBuildConfig.TargetPlatform) } } - dockerBuildFlags := make(map[string]string) dockerBuildArgsMap := dockerBuildConfig.Args for k, v := range dockerBuildArgsMap { - flagKey := fmt.Sprintf("%s %q", BUILD_ARG_FLAG, strings.TrimSpace(k)) + dockerBuild.AppendCommand(BUILD_ARG_FLAG) if strings.HasPrefix(v, DEVTRON_ENV_VAR_PREFIX) { valueFromEnv := os.Getenv(strings.TrimPrefix(v, DEVTRON_ENV_VAR_PREFIX)) - dockerBuildFlags[flagKey] = fmt.Sprintf("=\"%s\"", strings.TrimSpace(valueFromEnv)) + dockerBuildArg := fmt.Sprintf("%s=\"%s\"", strings.TrimSpace(k), strings.TrimSpace(valueFromEnv)) + dockerBuild.AppendCommand(dockerBuildArg) } else { - dockerBuildFlags[flagKey] = fmt.Sprintf("=%q", strings.TrimSpace(v)) + dockerBuildArg := fmt.Sprintf("%s=%s", strings.TrimSpace(k), strings.TrimSpace(v)) + dockerBuild.AppendCommand(dockerBuildArg) } } dockerBuildOptionsMap := dockerBuildConfig.DockerBuildOptions for k, v := range dockerBuildOptionsMap { - flagKey := "--" + strings.TrimSpace(k) + dockerBuildFlag := fmt.Sprintf("--%s", strings.TrimSpace(k)) if strings.HasPrefix(v, DEVTRON_ENV_VAR_PREFIX) { valueFromEnv := os.Getenv(strings.TrimPrefix(v, DEVTRON_ENV_VAR_PREFIX)) - dockerBuildFlags[flagKey] = fmt.Sprintf("=%q", strings.TrimSpace(valueFromEnv)) + dockerBuildFlag += fmt.Sprintf("=%s", strings.TrimSpace(valueFromEnv)) } else { - dockerBuildFlags[flagKey] = fmt.Sprintf("=%q", strings.TrimSpace(v)) + dockerBuildFlag += fmt.Sprintf("=%s", strings.TrimSpace(v)) } + dockerBuild.AppendCommand(dockerBuildFlag) } - for key, value := range dockerBuildFlags { - dockerBuild = dockerBuild + " " + key + value - } + if !ciRequest.EnableBuildContext || dockerBuildConfig.BuildContext == "" { dockerBuildConfig.BuildContext = ROOT_PATH } @@ -295,13 +290,12 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { } oldCacheBuildxPath = oldCacheBuildxPath + "/cache" } - - dockerBuild = getBuildxBuildCommand(cacheEnabled, dockerBuild, oldCacheBuildxPath, localCachePath, dest, dockerBuildConfig) + createBuildxBuildCommand(dockerBuild, cacheEnabled, oldCacheBuildxPath, localCachePath, dest, dockerBuildConfig) } else { - dockerBuild = fmt.Sprintf("%s -f %q --network host -t %q %s", dockerBuild, dockerBuildConfig.DockerfilePath, ciRequest.DockerRepository, dockerBuildConfig.BuildContext) + dockerBuild.AppendCommand("-f", dockerBuildConfig.DockerfilePath, "--network host", "-t", ciRequest.DockerRepository, dockerBuildConfig.BuildContext) } if envVars.ShowDockerBuildCmdInLogs { - log.Println("Starting docker build : ", dockerBuild) + log.Println("Starting docker build : ", dockerBuild.PrintCommand()) } else { log.Println("Docker build started..") } @@ -330,20 +324,18 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { projectPath = "./" + projectPath } handleLanguageVersion(projectPath, buildPackParams) - // TODO: refactor buildPackCmd: string to []string for removing script injection - // Until then use fmt.Sprintf("%q", userInput) to sanitize the input - buildPackCmd := fmt.Sprintf("pack build %q --path %q --builder %q", dest, projectPath, buildPackParams.BuilderId) + buildPackCmd := util.NewCommand("pack", "build", dest, "--path", projectPath, "--builder", buildPackParams.BuilderId) BuildPackArgsMap := buildPackParams.Args for k, v := range BuildPackArgsMap { - buildPackCmd = buildPackCmd + " --env " + strings.TrimSpace(k) + "=" + strings.TrimSpace(v) + buildPackCmd.AppendCommand("--env", fmt.Sprintf("%s=%s", strings.TrimSpace(k), strings.TrimSpace(v))) } if len(buildPackParams.BuildPacks) > 0 { for _, buildPack := range buildPackParams.BuildPacks { - buildPackCmd = buildPackCmd + " --buildpack " + strings.TrimSpace(buildPack) + buildPackCmd.AppendCommand("--buildpack", strings.TrimSpace(buildPack)) } } - log.Println(" -----> " + buildPackCmd) + log.Println(" -----> " + buildPackCmd.PrintCommand()) err = executeCmd(buildPackCmd) if err != nil { return "", err @@ -358,18 +350,19 @@ func BuildArtifact(ciRequest *CommonWorkflowRequest) (string, error) { return dest, nil } -func getBuildxBuildCommand(cacheEnabled bool, dockerBuild, oldCacheBuildxPath, localCachePath, dest string, dockerBuildConfig *DockerBuildConfig) string { - dockerBuild = fmt.Sprintf("%s -f %q -t %q --push %q --network host --allow network.host --allow security.insecure", dockerBuild, dockerBuildConfig.DockerfilePath, dest, dockerBuildConfig.BuildContext) +func createBuildxBuildCommand(dockerBuild *util.CommandType, cacheEnabled bool, oldCacheBuildxPath, localCachePath, dest string, dockerBuildConfig *DockerBuildConfig) { + dockerBuild.AppendCommand("-f", dockerBuildConfig.DockerfilePath, "-t", dest, "--push", dockerBuildConfig.BuildContext, "--network", "host", "--allow network.host", "--allow security.insecure") if cacheEnabled { - dockerBuild = fmt.Sprintf("%s --cache-to=type=local,dest=%q,mode=max --cache-from=type=local,src=%q", dockerBuild, localCachePath, oldCacheBuildxPath) + cacheDest := fmt.Sprintf("--cache-to=type=local,dest=%s,mode=max", localCachePath) + cacheSrc := fmt.Sprintf("--cache-from=type=local,src=%s", oldCacheBuildxPath) + dockerBuild.AppendCommand(cacheDest, cacheSrc) } provenanceFlag := dockerBuildConfig.GetProvenanceFlag() - dockerBuild = fmt.Sprintf("%s %s", dockerBuild, provenanceFlag) + dockerBuild.AppendCommand(provenanceFlag) manifestLocation := util.LOCAL_BUILDX_LOCATION + "/manifest.json" - dockerBuild = fmt.Sprintf("%s --metadata-file %s", dockerBuild, manifestLocation) - - return dockerBuild + dockerBuild.AppendCommand("--metadata-file", manifestLocation) + return } func handleLanguageVersion(projectPath string, buildpackConfig *BuildPackConfig) { @@ -420,28 +413,26 @@ func handleLanguageVersion(projectPath string, buildpackConfig *BuildPackConfig) log.Println("final Path is ", finalPath) ext := filepath.Ext(finalPath) if ext == ".json" { - jqCmd := fmt.Sprintf("jq '.engines.node' %s", finalPath) - outputBytes, err := exec.Command("/bin/sh", "-c", jqCmd).Output() + jqCmd := util.NewCommand("jq", "'.engines.node'", finalPath) + outputBytes, err := exec.Command("/bin/sh", jqCmd.GetCommandToBeExecuted("-c")...).Output() if err != nil { log.Println("error occurred while fetching node version", "err", err) return } if strings.TrimSpace(string(outputBytes)) == "null" { - // TODO: refactor versionUpdateCmd string to []string for removing script injection - // Until then use fmt.Sprintf("%q", userInput) to sanitize the input + languageVersionFlag := fmt.Sprintf("'.engines.node = \"%s\"'", languageVersion) tmpJsonFile := "./tmp.json" - versionUpdateCmd := fmt.Sprintf("jq '.engines.node = \"%s\"' %s >%s", languageVersion, finalPath, tmpJsonFile) + tmpJsonFileFlag := fmt.Sprintf(">%s", tmpJsonFile) + versionUpdateCmd := util.NewCommand("jq", languageVersionFlag, finalPath, tmpJsonFileFlag) err := executeCmd(versionUpdateCmd) if err != nil { log.Println("error occurred while inserting node version", "err", err) return } - // TODO: refactor fileReplaceCmd string to []string for removing script injection - // Until then use fmt.Sprintf("%q", userInput) to sanitize the input - fileReplaceCmd := fmt.Sprintf("mv %s %s", tmpJsonFile, finalPath) + fileReplaceCmd := util.NewCommand("mv", tmpJsonFile, finalPath) err = executeCmd(fileReplaceCmd) if err != nil { - log.Println("error occurred while executing cmd ", fileReplaceCmd, "err", err) + log.Println("error occurred while executing cmd ", fileReplaceCmd.PrintCommand(), "err", err) return } } @@ -459,10 +450,9 @@ func handleLanguageVersion(projectPath string, buildpackConfig *BuildPackConfig) // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) -func executeCmd(dockerBuild string) error { - // TODO: dockerBuild should be []string{arg...} - dockerBuildCMD := exec.Command("/bin/sh", "-c", dockerBuild) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +func executeCmd(dockerBuild *util.CommandType) error { + dockerBuildCMD := exec.Command("/bin/sh", dockerBuild.GetCommandToBeExecuted("-c")...) err := util.RunCommand(dockerBuildCMD) if err != nil { log.Println(err) @@ -471,9 +461,9 @@ func executeCmd(dockerBuild string) error { } func tagDockerBuild(dockerRepository string, dest string) error { - dockerTag := fmt.Sprintf("docker tag %s:latest %s", dockerRepository, dest) - log.Println(" -----> " + dockerTag) - dockerTagCMD := exec.Command("/bin/sh", "-c", "docker", "tag", fmt.Sprintf("%s:latest", dockerRepository), dest) + dockerTagCmd := util.NewCommand("docker", "tag", fmt.Sprintf("%s:latest", dockerRepository), dest) + log.Println(" -----> " + dockerTagCmd.PrintCommand()) + dockerTagCMD := exec.Command("/bin/sh", dockerTagCmd.GetCommandToBeExecuted("-c")...) err := util.RunCommand(dockerTagCMD) if err != nil { log.Println(err) @@ -491,16 +481,14 @@ func setupCacheForBuildx(localCachePath string, oldCacheBuildxPath string) error if err != nil { return err } - copyContent := "cp -R " + localCachePath + " " + oldCacheBuildxPath - copyContentCmd := exec.Command("/bin/sh", "-c", copyContent) + copyContentCmd := exec.Command("/bin/sh", "-c", "cp", "-R", localCachePath, oldCacheBuildxPath) err = util.RunCommand(copyContentCmd) if err != nil { log.Println(err) return err } - cleanContent := "rm -rf " + localCachePath + "/*" - cleanContentCmd := exec.Command("/bin/sh", "-c", cleanContent) + cleanContentCmd := exec.Command("/bin/sh", "-c", "rm", "-rf", localCachePath, "/*") err = util.RunCommand(cleanContentCmd) if err != nil { log.Println(err) @@ -510,9 +498,9 @@ func setupCacheForBuildx(localCachePath string, oldCacheBuildxPath string) error } func createBuildxBuilder() error { - multiPlatformCmd := "docker buildx create --use --buildkitd-flags '--allow-insecure-entitlement network.host --allow-insecure-entitlement security.insecure'" - log.Println(" -----> " + multiPlatformCmd) - dockerBuildCMD := exec.Command("/bin/sh", "-c", multiPlatformCmd) + multiPlatformCmd := util.NewCommand("docker", "buildx", "create", "--use", "--buildkitd-flags", "'--allow-insecure-entitlement network.host --allow-insecure-entitlement security.insecure'") + log.Println(" -----> " + multiPlatformCmd.PrintCommand()) + dockerBuildCMD := exec.Command("/bin/sh", multiPlatformCmd.GetCommandToBeExecuted("-c")...) err := util.RunCommand(dockerBuildCMD) if err != nil { log.Println(err) @@ -522,9 +510,9 @@ func createBuildxBuilder() error { } func installAllSupportedPlatforms() error { - multiPlatformCmd := "docker run --privileged --rm quay.io/devtron/binfmt:stable --install all" - log.Println(" -----> " + multiPlatformCmd) - dockerBuildCMD := exec.Command("/bin/sh", "-c", multiPlatformCmd) + multiPlatformCmd := util.NewCommand("docker", "run", "--privileged", "--rm", "quay.io/devtron/binfmt:stable", "--install", "all") + log.Println(" -----> " + multiPlatformCmd.PrintCommand()) + dockerBuildCMD := exec.Command("/bin/sh", multiPlatformCmd.GetCommandToBeExecuted("-c")...) err := util.RunCommand(dockerBuildCMD) if err != nil { log.Println(err) @@ -534,8 +522,7 @@ func installAllSupportedPlatforms() error { } func checkAndCreateDirectory(localCachePath string) error { - makeDirCmd := "mkdir -p " + localCachePath - pathCreateCommand := exec.Command("/bin/sh", "-c", makeDirCmd) + pathCreateCommand := exec.Command("/bin/sh", "-c", "mkdir", "-p", localCachePath) err := util.RunCommand(pathCreateCommand) if err != nil { log.Println(err) @@ -662,11 +649,10 @@ func createBuildxBuilderWithK8sDriver(builderNodes []map[string]string, ciPipeli defaultNodeOpts := builderNodes[0] buildxCreate := getBuildxK8sDriverCmd(defaultNodeOpts, ciPipelineId, ciWorkflowId) - buildxCreate = fmt.Sprintf("%s %s", buildxCreate, "--use") - + buildxCreate.AppendCommand("--use") err, errBuf := runCmd(buildxCreate) if err != nil { - fmt.Println(util.DEVTRON, "buildxCreate : ", buildxCreate, " err : ", err, " error : ", errBuf.String(), "\n ") + fmt.Println(util.DEVTRON, "buildxCreate : ", buildxCreate.PrintCommand(), " err : ", err, " error : ", errBuf.String(), "\n ") return err } @@ -674,11 +660,11 @@ func createBuildxBuilderWithK8sDriver(builderNodes []map[string]string, ciPipeli for i := 1; i < len(builderNodes); i++ { nodeOpts := builderNodes[i] appendNode := getBuildxK8sDriverCmd(nodeOpts, ciPipelineId, ciWorkflowId) - appendNode = fmt.Sprintf("%s %s", appendNode, "--append") + appendNode.AppendCommand("--append") err, errBuf = runCmd(appendNode) if err != nil { - fmt.Println(util.DEVTRON, " appendNode : ", appendNode, " err : ", err, " error : ", errBuf.String(), "\n ") + fmt.Println(util.DEVTRON, " appendNode : ", appendNode.PrintCommand(), " err : ", err, " error : ", errBuf.String(), "\n ") return err } } @@ -706,15 +692,17 @@ func leaveNodesFromBuildxK8sDriver(nodeNames []string) (error, *bytes.Buffer) { var err error var errBuf *bytes.Buffer defer func() { - removeCmd := fmt.Sprintf("docker buildx rm %s", BUILDX_K8S_DRIVER_NAME) + removeCmd := util.NewCommand("docker", "buildx", "rm", BUILDX_K8S_DRIVER_NAME) err, errBuf = runCmd(removeCmd) if err != nil { log.Println(util.DEVTRON, "error in removing docker buildx err : ", errBuf.String()) } }() for _, node := range nodeNames { - cmds := fmt.Sprintf("docker buildx create --name=%s --node=%s --leave", BUILDX_K8S_DRIVER_NAME, node) - err, errBuf = runCmd(cmds) + k8sDriverNameFlag := fmt.Sprintf("--name=%s", BUILDX_K8S_DRIVER_NAME) + k8sDriverNodeFlag := fmt.Sprintf("--node=%s", node, BUILDX_K8S_DRIVER_NAME) + k8sDriverLeaveNodeCmd := util.NewCommand("docker", "buildx", "create", k8sDriverNameFlag, k8sDriverNodeFlag, "--leave") + err, errBuf = runCmd(k8sDriverLeaveNodeCmd) if err != nil { log.Println(util.DEVTRON, "error in leaving node : ", errBuf.String()) return err, errBuf @@ -723,32 +711,34 @@ func leaveNodesFromBuildxK8sDriver(nodeNames []string) (error, *bytes.Buffer) { return err, errBuf } -func runCmd(cmd string) (error, *bytes.Buffer) { - fmt.Println(util.DEVTRON, " cmd : ", cmd) - builderCreateCmd := exec.Command("/bin/sh", "-c", cmd) +func runCmd(cmd *util.CommandType) (error, *bytes.Buffer) { + fmt.Println(util.DEVTRON, " cmd : ", cmd.PrintCommand()) + builderCreateCmd := exec.Command("/bin/sh", cmd.GetCommandToBeExecuted("-c")...) errBuf := &bytes.Buffer{} builderCreateCmd.Stderr = errBuf err := builderCreateCmd.Run() return err, errBuf } -func getBuildxK8sDriverCmd(driverOpts map[string]string, ciPipelineId, ciWorkflowId int) string { - buildxCreate := "docker buildx create --buildkitd-flags '--allow-insecure-entitlement network.host --allow-insecure-entitlement security.insecure' --name=%s --driver=kubernetes --node=%q --bootstrap " +func getBuildxK8sDriverCmd(driverOpts map[string]string, ciPipelineId, ciWorkflowId int) *util.CommandType { nodeName := driverOpts["node"] if nodeName == "" { nodeName = BUILDX_NODE_NAME + fmt.Sprintf("%v-%v", ciPipelineId, ciWorkflowId) + util.Generate(3) //need this to generate unique name for builder node in same builder. } - buildxCreate = fmt.Sprintf(buildxCreate, BUILDX_K8S_DRIVER_NAME, nodeName) + k8sDriverNameFlag := fmt.Sprintf("--name=%s", BUILDX_K8S_DRIVER_NAME) + k8sDriverNodeFlag := fmt.Sprintf("--node=%s", nodeName) + buildxCreateCmd := util.NewCommand("docker", "buildx", "create", "--buildkitd-flags", "'--allow-insecure-entitlement network.host --allow-insecure-entitlement security.insecure'", k8sDriverNameFlag, "--driver=kubernetes", k8sDriverNodeFlag, "--bootstrap") + platforms := driverOpts["platform"] if platforms != "" { - buildxCreate += " --platform=%q " - buildxCreate = fmt.Sprintf(buildxCreate, platforms) + buildxPlatformFlag := fmt.Sprintf("--platform=%s", platforms) + buildxCreateCmd.AppendCommand(buildxPlatformFlag) } if len(driverOpts["driverOptions"]) > 0 { - buildxCreate += " '--driver-opt=%s' " - buildxCreate = fmt.Sprintf(buildxCreate, driverOpts["driverOptions"]) + buildxDriverOptions := fmt.Sprintf("'--driver-opt=%s'", driverOpts["driverOptions"]) + buildxCreateCmd.AppendCommand(buildxDriverOptions) } - return buildxCreate + return buildxCreateCmd } func StopDocker() error { @@ -766,9 +756,9 @@ func StopDocker() error { log.Fatal(err) return err } - removeContainerCmds := "docker rm -v -f $(docker ps -a -q)" + removeContainerCmds := util.NewCommand("docker", "rm", "-v", "-f", "$(docker ps -a -q)") log.Println(util.DEVTRON, " -----> removing docker container") - removeContainerCmd := exec.Command("/bin/sh", "-c", removeContainerCmds) + removeContainerCmd := exec.Command("/bin/sh", removeContainerCmds.GetCommandToBeExecuted("-c")...) err = util.RunCommand(removeContainerCmd) log.Println(util.DEVTRON, " -----> removed docker container") if err != nil { @@ -817,8 +807,8 @@ func waitForDockerDaemon(retryCount int) { } func DockerdUpCheck() error { - dockerCheck := "docker ps" - dockerCheckCmd := exec.Command("/bin/sh", "-c", dockerCheck) + dockerCheck := util.NewCommand("docker", "ps") + dockerCheckCmd := exec.Command("/bin/sh", dockerCheck.GetCommandToBeExecuted("-c")...) err := dockerCheckCmd.Run() return err } diff --git a/helper/GitCliHelper.go b/helper/GitCliHelper.go index 7d933c98..d968c530 100644 --- a/helper/GitCliHelper.go +++ b/helper/GitCliHelper.go @@ -26,7 +26,7 @@ const GIT_AKS_PASS = "/git-ask-pass.sh" // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git fetch ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "fetch", "origin", "--tags", "--force") @@ -41,7 +41,7 @@ func (impl *GitUtil) Fetch(gitContext GitContext, rootDir string) (response, err // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git checkout ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "checkout", checkout, "--force") @@ -56,7 +56,7 @@ func (impl *GitUtil) Checkout(rootDir string, checkout string) (response, errMsg // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) runCommandWithCred(cmd *exec.Cmd, userName, password string) (response, errMsg string, err error) { cmd.Env = append(os.Environ(), fmt.Sprintf("GIT_ASKPASS=%s", GIT_AKS_PASS), @@ -127,11 +127,11 @@ func (impl *GitUtil) Clone(gitContext GitContext, rootDir string, remoteUrl stri // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git merge ", "location", rootDir) - command := fmt.Sprintf("cd %q && git config user.email git@devtron.com && git config user.name Devtron && git merge %q --no-commit", rootDir, commit) - cmd := exec.Command("/bin/sh", "-c", command) + command := util.NewCommand("cd", rootDir, "&&", "git", "config", "user.email", "git@devtron.com", "&&", "git", "config", "user.name", "Devtron", "&&", "git", "merge", "commit", "--no-commit") + cmd := exec.Command("/bin/sh", command.GetCommandToBeExecuted("-c")...) output, errMsg, err := impl.runCommand(cmd) log.Println(util.DEVTRON, "merge output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) return output, errMsg, err @@ -143,7 +143,7 @@ func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg stri // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git recursive fetch submodules ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "submodule", "update", "--init", "--recursive") @@ -158,7 +158,7 @@ func (impl *GitUtil) RecursiveFetchSubmodules(rootDir string) (response, errMsg // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper store ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "config", "--global", "credential.helper", "store") @@ -173,7 +173,7 @@ func (impl *GitUtil) UpdateCredentialHelper(rootDir string) (response, errMsg st // DOs: // 1- Break the command to name and []args as exec.Command(name, []arg...) // 2- Use strings.TrimSpace() to build an user defined flags; e.g: fmt.Sprintf("--%s", strings.TrimSpace(userDefinedFlag)) -// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf() with %q to sanitize user defined inputs; exec.Command(name, "--flag=", fmt.Sprintf("key1=%q,key2=%q,key3=%q", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) +// 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) UnsetCredentialHelper(rootDir string) (response, errMsg string, error error) { log.Println(util.DEVTRON, "git credential helper unset ", "location", rootDir) cmd := exec.Command("git", "-C", rootDir, "config", "--global", "--unset", "credential.helper") diff --git a/util/CmdUtil.go b/util/CmdUtil.go index 2eecf670..4b41f532 100644 --- a/util/CmdUtil.go +++ b/util/CmdUtil.go @@ -22,6 +22,7 @@ import ( "io" "os" "os/exec" + "strings" ) func DeleteFile(path string) error { @@ -43,3 +44,33 @@ func RunCommand(cmd *exec.Cmd) error { //log.Println(stdBuffer.String()) return nil } + +type CommandType []string + +func NewCommand(newArgs ...string) *CommandType { + cmd := make(CommandType, 0) + cmd.AppendCommand(newArgs...) + return &cmd +} + +func (c *CommandType) AppendCommand(newArgs ...string) { + for _, newArg := range newArgs { + *c = append(*c, strings.TrimSpace(newArg)) + } +} + +func (c *CommandType) PrintCommand() string { + if c == nil { + return "" + } + return strings.Join(*c, " ") +} + +func (c *CommandType) GetCommandToBeExecuted(initialArgs ...string) []string { + runCmd := initialArgs + if c == nil { + return runCmd + } + runCmd = append(runCmd, *c...) + return runCmd +} From 0e559e24f858f28fa89a6ba1d0460c53c9e417ac Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 18:00:04 +0530 Subject: [PATCH 13/28] fixed: docker daemon command --- helper/DockerHelper.go | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 343096a3..6779c0d5 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -60,19 +60,17 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA log.Fatal(err) } dockerdStart := util.NewCommand() - defaultAddressPoolFlag := "" - dockerMtuValueFlag := "" + dockerdStart.AppendCommand("dockerd") if len(defaultAddressPoolBaseCidr) > 0 { if defaultAddressPoolSize <= 0 { defaultAddressPoolSize = 24 } - defaultAddressPoolFlag = fmt.Sprintf("--default-address-pool base=%s,size=%d", defaultAddressPoolBaseCidr, defaultAddressPoolSize) - } - if ciRunnerDockerMtuValue > 0 { - dockerMtuValueFlag = fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) + defaultAddressPoolFlag := fmt.Sprintf("base=%s,size=%d", defaultAddressPoolBaseCidr, defaultAddressPoolSize) + dockerdStart.AppendCommand("--default-address-pool", defaultAddressPoolFlag) } + if connection == util.INSECURE { - dockerdStart.AppendCommand("dockerd", defaultAddressPoolFlag, "--insecure-registry", u.Host, "--host=unix:///var/run/docker.sock", dockerMtuValueFlag, "--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") + dockerdStart.AppendCommand("--insecure-registry", u.Host) util.LogStage("Insecure Registry") } else { if connection == util.SECUREWITHCERT { @@ -92,8 +90,13 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA } util.LogStage("Secure with Cert") } - dockerdStart.AppendCommand("dockerd", defaultAddressPoolFlag, "--host=unix:///var/run/docker.sock", dockerMtuValueFlag, "--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") } + dockerdStart.AppendCommand("--host=unix:///var/run/docker.sock") + if ciRunnerDockerMtuValue > 0 { + dockerMtuValueFlag := fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) + dockerdStart.AppendCommand(dockerMtuValueFlag) + } + dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") out, _ := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() log.Println(string(out)) waitForDockerDaemon(util.RETRYCOUNT) From c0da9c8ba3b34336bb1811bb93aa284b8ece1717 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 18:20:31 +0530 Subject: [PATCH 14/28] added empty arg check to cmd --- util/CmdUtil.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/util/CmdUtil.go b/util/CmdUtil.go index 4b41f532..acb72682 100644 --- a/util/CmdUtil.go +++ b/util/CmdUtil.go @@ -55,7 +55,10 @@ func NewCommand(newArgs ...string) *CommandType { func (c *CommandType) AppendCommand(newArgs ...string) { for _, newArg := range newArgs { - *c = append(*c, strings.TrimSpace(newArg)) + trimmedArg := strings.TrimSpace(newArg) + if trimmedArg != "" { + *c = append(*c, trimmedArg) + } } } From 384c3722d4630c4819e002842a5934c0d6877a77 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 18:27:25 +0530 Subject: [PATCH 15/28] fixed: docker stop command --- helper/DockerHelper.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 6779c0d5..c12ff4cf 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -750,9 +750,8 @@ func StopDocker() error { return err } if len(out) > 0 { - stopCmdS := "docker stop -t 5 $(docker ps -a -q)" log.Println(util.DEVTRON, " -----> stopping docker container") - stopCmd := exec.Command("/bin/sh", "-c", stopCmdS) + stopCmd := exec.Command("/bin/sh", "-c", "docker", "stop", "-t", "5", "$(docker ps -a -q)") err := util.RunCommand(stopCmd) log.Println(util.DEVTRON, " -----> stopped docker container") if err != nil { From efe62ed67610c2aaf1696c78626b77b6c71fc17a Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 19:18:44 +0530 Subject: [PATCH 16/28] added logs for debugging --- helper/DockerHelper.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index c12ff4cf..df3038ad 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -59,8 +59,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA if err != nil { log.Fatal(err) } - dockerdStart := util.NewCommand() - dockerdStart.AppendCommand("dockerd") + dockerdStart := util.NewCommand("dockerd") if len(defaultAddressPoolBaseCidr) > 0 { if defaultAddressPoolSize <= 0 { defaultAddressPoolSize = 24 @@ -97,6 +96,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA dockerdStart.AppendCommand(dockerMtuValueFlag) } dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") + log.Println(util.DEVTRON, " ", dockerdStart.PrintCommand()) out, _ := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() log.Println(string(out)) waitForDockerDaemon(util.RETRYCOUNT) From c2fc9de35fd046cafdcebec796368cedf9bc6409 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 19:36:56 +0530 Subject: [PATCH 17/28] added: todo --- helper/DockerHelper.go | 1 + 1 file changed, 1 insertion(+) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index df3038ad..da8ef131 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -96,6 +96,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA dockerdStart.AppendCommand(dockerMtuValueFlag) } dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") + // TODO Asutosh: remove log.Println(util.DEVTRON, " ", dockerdStart.PrintCommand()) out, _ := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() log.Println(string(out)) From 2d753aff36362f4e2e015271d4a0debde1abc920 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 20:02:21 +0530 Subject: [PATCH 18/28] err log added --- helper/DockerHelper.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index da8ef131..80386093 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -96,9 +96,10 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA dockerdStart.AppendCommand(dockerMtuValueFlag) } dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") - // TODO Asutosh: remove + // TODO Asutosh: remove log log.Println(util.DEVTRON, " ", dockerdStart.PrintCommand()) - out, _ := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() + out, err := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() + log.Println(util.DEVTRON, " err: ", err) log.Println(string(out)) waitForDockerDaemon(util.RETRYCOUNT) } From c69e8eaf4a3914a347ea59f5e7a78887ea22e2f5 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Thu, 11 Jan 2024 20:19:53 +0530 Subject: [PATCH 19/28] added: log --- helper/DockerHelper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 80386093..aa497b45 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -97,7 +97,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA } dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") // TODO Asutosh: remove log - log.Println(util.DEVTRON, " ", dockerdStart.PrintCommand()) + log.Println(util.DEVTRON, " ", dockerdStart.GetCommandToBeExecuted("-c")) out, err := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() log.Println(util.DEVTRON, " err: ", err) log.Println(string(out)) From 5051979c9ffc8bfb0e594b236878ec87d92fba73 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 12 Jan 2024 09:59:00 +0530 Subject: [PATCH 20/28] fixed: docker daemon command --- helper/DockerHelper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index aa497b45..c0ea0af8 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -95,7 +95,7 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA dockerMtuValueFlag := fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) dockerdStart.AppendCommand(dockerMtuValueFlag) } - dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1", "&") + dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1 &") // TODO Asutosh: remove log log.Println(util.DEVTRON, " ", dockerdStart.GetCommandToBeExecuted("-c")) out, err := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() From 41c994504a45b9aae92d365338ad662029bcb44c Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 12 Jan 2024 12:02:20 +0530 Subject: [PATCH 21/28] reverted: docker daemon command --- helper/DockerHelper.go | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index c0ea0af8..475a2120 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -59,17 +59,20 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA if err != nil { log.Fatal(err) } - dockerdStart := util.NewCommand("dockerd") + dockerdstart := "" + defaultAddressPoolFlag := "" + dockerMtuValueFlag := "" if len(defaultAddressPoolBaseCidr) > 0 { if defaultAddressPoolSize <= 0 { defaultAddressPoolSize = 24 } - defaultAddressPoolFlag := fmt.Sprintf("base=%s,size=%d", defaultAddressPoolBaseCidr, defaultAddressPoolSize) - dockerdStart.AppendCommand("--default-address-pool", defaultAddressPoolFlag) + defaultAddressPoolFlag = fmt.Sprintf("--default-address-pool base=%s,size=%d", defaultAddressPoolBaseCidr, defaultAddressPoolSize) + } + if ciRunnerDockerMtuValue > 0 { + dockerMtuValueFlag = fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) } - if connection == util.INSECURE { - dockerdStart.AppendCommand("--insecure-registry", u.Host) + dockerdstart = fmt.Sprintf("dockerd %s --insecure-registry %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, u.Host, dockerMtuValueFlag) util.LogStage("Insecure Registry") } else { if connection == util.SECUREWITHCERT { @@ -89,17 +92,9 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA } util.LogStage("Secure with Cert") } + dockerdstart = fmt.Sprintf("dockerd %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, dockerMtuValueFlag) } - dockerdStart.AppendCommand("--host=unix:///var/run/docker.sock") - if ciRunnerDockerMtuValue > 0 { - dockerMtuValueFlag := fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) - dockerdStart.AppendCommand(dockerMtuValueFlag) - } - dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1 &") - // TODO Asutosh: remove log - log.Println(util.DEVTRON, " ", dockerdStart.GetCommandToBeExecuted("-c")) - out, err := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...).Output() - log.Println(util.DEVTRON, " err: ", err) + out, _ := exec.Command("/bin/sh", "-c", dockerdstart).Output() log.Println(string(out)) waitForDockerDaemon(util.RETRYCOUNT) } From f62fa4a71c083089c7096f351a50ce4de811db52 Mon Sep 17 00:00:00 2001 From: Devtron Date: Fri, 12 Jan 2024 14:45:57 +0530 Subject: [PATCH 22/28] debug: docker daemon command --- helper/DockerHelper.go | 28 +++++++++++++++++----------- helper/GitCliHelper.go | 2 +- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 475a2120..4e620333 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -59,20 +59,17 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA if err != nil { log.Fatal(err) } - dockerdstart := "" - defaultAddressPoolFlag := "" - dockerMtuValueFlag := "" + dockerdStart := util.NewCommand("dockerd") if len(defaultAddressPoolBaseCidr) > 0 { if defaultAddressPoolSize <= 0 { defaultAddressPoolSize = 24 } - defaultAddressPoolFlag = fmt.Sprintf("--default-address-pool base=%s,size=%d", defaultAddressPoolBaseCidr, defaultAddressPoolSize) - } - if ciRunnerDockerMtuValue > 0 { - dockerMtuValueFlag = fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) + defaultAddressPoolFlag := fmt.Sprintf("base=%s,size=%d", defaultAddressPoolBaseCidr, defaultAddressPoolSize) + dockerdStart.AppendCommand("--default-address-pool", defaultAddressPoolFlag) } + if connection == util.INSECURE { - dockerdstart = fmt.Sprintf("dockerd %s --insecure-registry %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, u.Host, dockerMtuValueFlag) + dockerdStart.AppendCommand("--insecure-registry", u.Host) util.LogStage("Insecure Registry") } else { if connection == util.SECUREWITHCERT { @@ -92,10 +89,19 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA } util.LogStage("Secure with Cert") } - dockerdstart = fmt.Sprintf("dockerd %s --host=unix:///var/run/docker.sock %s --host=tcp://0.0.0.0:2375 > /usr/local/bin/nohup.out 2>&1 &", defaultAddressPoolFlag, dockerMtuValueFlag) } - out, _ := exec.Command("/bin/sh", "-c", dockerdstart).Output() - log.Println(string(out)) + dockerdStart.AppendCommand("--host=unix:///var/run/docker.sock") + if ciRunnerDockerMtuValue > 0 { + dockerMtuValueFlag := fmt.Sprintf("--mtu=%d", ciRunnerDockerMtuValue) + dockerdStart.AppendCommand(dockerMtuValueFlag) + } + dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1") + // TODO Asutosh: remove log + log.Println(util.DEVTRON, " ", dockerdStart.GetCommandToBeExecuted("-c")) + dockerdStartCmd := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...) + err = dockerdStartCmd.Start() + log.Println(util.DEVTRON, " err: ", err) + log.Println(util.DEVTRON, "docker daemon ran in subprocess: ", dockerdStartCmd.Process.Pid) waitForDockerDaemon(util.RETRYCOUNT) } diff --git a/helper/GitCliHelper.go b/helper/GitCliHelper.go index d968c530..c739f85a 100644 --- a/helper/GitCliHelper.go +++ b/helper/GitCliHelper.go @@ -130,7 +130,7 @@ func (impl *GitUtil) Clone(gitContext GitContext, rootDir string, remoteUrl stri // 3- In case a single arg contains multiple user defined inputs, then use fmt.Sprintf(); exec.Command(name, "--flag=", fmt.Sprintf("key1=%s,key2=%s,key3=%s", userDefinedArg-1, userDefinedArg-2, userDefinedArg-2)) func (impl *GitUtil) Merge(rootDir string, commit string) (response, errMsg string, err error) { log.Println(util.DEVTRON, "git merge ", "location", rootDir) - command := util.NewCommand("cd", rootDir, "&&", "git", "config", "user.email", "git@devtron.com", "&&", "git", "config", "user.name", "Devtron", "&&", "git", "merge", "commit", "--no-commit") + command := util.NewCommand("cd", rootDir, "&&", "git", "config", "user.email", "git@devtron.com", "&&", "git", "config", "user.name", "Devtron", "&&", "git", "merge", commit, "--no-commit") cmd := exec.Command("/bin/sh", command.GetCommandToBeExecuted("-c")...) output, errMsg, err := impl.runCommand(cmd) log.Println(util.DEVTRON, "merge output", "root", rootDir, "opt", output, "errMsg", errMsg, "error", err) From e2d8c9beb655852a0bcd6e372bf5ddc6355548d6 Mon Sep 17 00:00:00 2001 From: Devtron Date: Fri, 12 Jan 2024 15:05:31 +0530 Subject: [PATCH 23/28] removed: debug logs --- helper/DockerHelper.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 4e620333..4496b1ae 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -96,12 +96,10 @@ func StartDockerDaemon(dockerConnection, dockerRegistryUrl, dockerCert, defaultA dockerdStart.AppendCommand(dockerMtuValueFlag) } dockerdStart.AppendCommand("--host=tcp://0.0.0.0:2375", ">", "/usr/local/bin/nohup.out", "2>&1") - // TODO Asutosh: remove log log.Println(util.DEVTRON, " ", dockerdStart.GetCommandToBeExecuted("-c")) dockerdStartCmd := exec.Command("/bin/sh", dockerdStart.GetCommandToBeExecuted("-c")...) err = dockerdStartCmd.Start() - log.Println(util.DEVTRON, " err: ", err) - log.Println(util.DEVTRON, "docker daemon ran in subprocess: ", dockerdStartCmd.Process.Pid) + log.Println(util.DEVTRON, "docker daemon ran in subprocess:", dockerdStartCmd.Process.Pid) waitForDockerDaemon(util.RETRYCOUNT) } From 80601392355709a85147d67a1ac079f10bbaa92d Mon Sep 17 00:00:00 2001 From: Devtron Date: Fri, 12 Jan 2024 15:15:33 +0530 Subject: [PATCH 24/28] debug: git merge logs --- helper/GitHelper.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/helper/GitHelper.go b/helper/GitHelper.go index 38819267..e1b83e42 100644 --- a/helper/GitHelper.go +++ b/helper/GitHelper.go @@ -128,7 +128,12 @@ func CloneAndCheckout(ciProjectDetails []CiProjectDetails) error { if cErr != nil { log.Fatal("could not checkout hash ", " err ", cErr, "msgMsg", msgMsg) } - + // merge source + _, msgMsg, cErr = gitCli.Merge(filepath.Join(util.WORKINGDIR, prj.CheckoutPath), "main") + if cErr != nil { + log.Fatal("could not merge ", "sourceCheckout ", "main", " err ", cErr, " msgMsg", msgMsg) + return cErr + } } else if prj.SourceType == SOURCE_TYPE_WEBHOOK { webhookData := prj.WebhookData From 478119e8877d50459af08ca6e62e820230bd0700 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 12 Jan 2024 16:03:34 +0530 Subject: [PATCH 25/28] reverted: debug commits --- helper/DockerHelper.go | 2 +- helper/GitHelper.go | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 4496b1ae..46609825 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -704,7 +704,7 @@ func leaveNodesFromBuildxK8sDriver(nodeNames []string) (error, *bytes.Buffer) { }() for _, node := range nodeNames { k8sDriverNameFlag := fmt.Sprintf("--name=%s", BUILDX_K8S_DRIVER_NAME) - k8sDriverNodeFlag := fmt.Sprintf("--node=%s", node, BUILDX_K8S_DRIVER_NAME) + k8sDriverNodeFlag := fmt.Sprintf("--node=%s", node) k8sDriverLeaveNodeCmd := util.NewCommand("docker", "buildx", "create", k8sDriverNameFlag, k8sDriverNodeFlag, "--leave") err, errBuf = runCmd(k8sDriverLeaveNodeCmd) if err != nil { diff --git a/helper/GitHelper.go b/helper/GitHelper.go index e1b83e42..6b3051be 100644 --- a/helper/GitHelper.go +++ b/helper/GitHelper.go @@ -128,12 +128,6 @@ func CloneAndCheckout(ciProjectDetails []CiProjectDetails) error { if cErr != nil { log.Fatal("could not checkout hash ", " err ", cErr, "msgMsg", msgMsg) } - // merge source - _, msgMsg, cErr = gitCli.Merge(filepath.Join(util.WORKINGDIR, prj.CheckoutPath), "main") - if cErr != nil { - log.Fatal("could not merge ", "sourceCheckout ", "main", " err ", cErr, " msgMsg", msgMsg) - return cErr - } } else if prj.SourceType == SOURCE_TYPE_WEBHOOK { webhookData := prj.WebhookData From 4762af69d638d4002504d92947450991e51acc57 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 12 Jan 2024 16:11:12 +0530 Subject: [PATCH 26/28] updated: LOCAL_BUILDX_LOCATION value --- util/CommonConstants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/CommonConstants.go b/util/CommonConstants.go index 25ee423f..ea70cf76 100644 --- a/util/CommonConstants.go +++ b/util/CommonConstants.go @@ -27,7 +27,7 @@ const ( RETRYCOUNT = 10 HOMEDIR = "/" WORKINGDIR = "/devtroncd" - LOCAL_BUILDX_LOCATION = "/var/lib/devtron/buildx" + LOCAL_BUILDX_LOCATION = "var/lib/devtron/buildx" LOCAL_BUILDX_CACHE_LOCATION = LOCAL_BUILDX_LOCATION + "/cache" CIEVENT = "CI" CDSTAGE = "CD" From a15cb450c92d57c6a03c99f2d4cb86530ba18b11 Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 12 Jan 2024 17:37:34 +0530 Subject: [PATCH 27/28] feat: updated checkAndCreateDirectory --- helper/DockerHelper.go | 3 ++- util/CommonConstants.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 46609825..66aa994e 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -526,7 +526,8 @@ func installAllSupportedPlatforms() error { } func checkAndCreateDirectory(localCachePath string) error { - pathCreateCommand := exec.Command("/bin/sh", "-c", "mkdir", "-p", localCachePath) + makeDirCmd := "mkdir -p " + localCachePath + pathCreateCommand := exec.Command("/bin/sh", "-c", makeDirCmd) err := util.RunCommand(pathCreateCommand) if err != nil { log.Println(err) diff --git a/util/CommonConstants.go b/util/CommonConstants.go index ea70cf76..25ee423f 100644 --- a/util/CommonConstants.go +++ b/util/CommonConstants.go @@ -27,7 +27,7 @@ const ( RETRYCOUNT = 10 HOMEDIR = "/" WORKINGDIR = "/devtroncd" - LOCAL_BUILDX_LOCATION = "var/lib/devtron/buildx" + LOCAL_BUILDX_LOCATION = "/var/lib/devtron/buildx" LOCAL_BUILDX_CACHE_LOCATION = LOCAL_BUILDX_LOCATION + "/cache" CIEVENT = "CI" CDSTAGE = "CD" From fdff04fa81665b29da266e2ab42000364828342b Mon Sep 17 00:00:00 2001 From: Ash-exp Date: Fri, 12 Jan 2024 17:43:02 +0530 Subject: [PATCH 28/28] feat: updated checkAndCreateDirectory --- helper/DockerHelper.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/helper/DockerHelper.go b/helper/DockerHelper.go index 66aa994e..c2988fc1 100644 --- a/helper/DockerHelper.go +++ b/helper/DockerHelper.go @@ -526,8 +526,7 @@ func installAllSupportedPlatforms() error { } func checkAndCreateDirectory(localCachePath string) error { - makeDirCmd := "mkdir -p " + localCachePath - pathCreateCommand := exec.Command("/bin/sh", "-c", makeDirCmd) + pathCreateCommand := exec.Command("/bin/sh", "-c", "mkdir", "-pv", localCachePath) err := util.RunCommand(pathCreateCommand) if err != nil { log.Println(err)