2020-02-24 19:14:46 +03:00
|
|
|
// Copyright 2019 The Kubernetes Authors.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package download
|
|
|
|
|
|
|
|
import (
|
|
|
|
"archive/tar"
|
|
|
|
"archive/zip"
|
|
|
|
"bytes"
|
|
|
|
"compress/gzip"
|
2022-10-27 06:17:16 +03:00
|
|
|
"fmt"
|
2020-02-24 19:14:46 +03:00
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
|
2022-10-27 06:17:16 +03:00
|
|
|
"github.com/hasura/graphql-engine/cli/v2/internal/errors"
|
2020-02-24 19:14:46 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
// download gets a file from the internet in memory and writes it content
|
|
|
|
// to a Verifier.
|
|
|
|
func download(url string, verifier Verifier, fetcher Fetcher) (io.ReaderAt, int64, error) {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.download"
|
2020-02-24 19:14:46 +03:00
|
|
|
body, err := fetcher.Get(url)
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return nil, 0, errors.E(op, fmt.Errorf("failed to obtain plugin archive: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
defer body.Close()
|
|
|
|
|
|
|
|
data, err := ioutil.ReadAll(io.TeeReader(body, verifier))
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return nil, 0, errors.E(op, fmt.Errorf("could not read archive: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
2022-10-27 06:17:16 +03:00
|
|
|
err = verifier.Verify()
|
|
|
|
if err != nil {
|
|
|
|
return bytes.NewReader(data), int64(len(data)), errors.E(op, err)
|
|
|
|
}
|
|
|
|
return bytes.NewReader(data), int64(len(data)), nil
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// extractZIP extracts a zip file into the target directory.
|
|
|
|
func extractZIP(targetDir, fileName string, read io.ReaderAt, size int64) error {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.extractZIP"
|
2020-02-24 19:14:46 +03:00
|
|
|
zipReader, err := zip.NewReader(read, size)
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, err)
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, f := range zipReader.File {
|
|
|
|
if err := suspiciousPath(f.Name); err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, err)
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
path := filepath.Join(targetDir, filepath.FromSlash(f.Name))
|
|
|
|
if f.FileInfo().IsDir() {
|
|
|
|
if err := os.MkdirAll(path, f.Mode()); err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("can't create directory tree: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
src, err := f.Open()
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("could not open inflating zip file: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
dst, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, f.Mode())
|
|
|
|
if err != nil {
|
|
|
|
src.Close()
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("can't create file in zip destination dir: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
closeAll := func() {
|
|
|
|
src.Close()
|
|
|
|
dst.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := io.Copy(dst, src); err != nil {
|
|
|
|
closeAll()
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("can't copy content to zip destination file: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
closeAll()
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// extractTARGZ extracts a gzipped tar file into the target directory.
|
|
|
|
func extractTARGZ(targetDir, fileName string, at io.ReaderAt, size int64) error {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.extractTARGZ"
|
2020-02-24 19:14:46 +03:00
|
|
|
in := io.NewSectionReader(at, 0, size)
|
|
|
|
|
|
|
|
gzr, err := gzip.NewReader(in)
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to create gzip reader: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
defer gzr.Close()
|
|
|
|
|
|
|
|
tr := tar.NewReader(gzr)
|
|
|
|
for {
|
|
|
|
hdr, err := tr.Next()
|
|
|
|
if err == io.EOF {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("tar extraction error: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
// see https://golang.org/cl/78355 for handling pax_global_header
|
|
|
|
if hdr.Name == "pax_global_header" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := suspiciousPath(hdr.Name); err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, err)
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
path := filepath.Join(targetDir, filepath.FromSlash(hdr.Name))
|
|
|
|
switch hdr.Typeflag {
|
|
|
|
case tar.TypeDir:
|
|
|
|
if err := os.MkdirAll(path, os.FileMode(hdr.Mode)); err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to create directory from tar: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
case tar.TypeReg:
|
|
|
|
dir := filepath.Dir(path)
|
|
|
|
if err := os.MkdirAll(dir, 0755); err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to create directory for tar: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, os.FileMode(hdr.Mode))
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to create file %q: %w", path, err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := io.Copy(f, tr); err != nil {
|
|
|
|
f.Close()
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to copy %q from tar into file: %w", hdr.Name, err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
f.Close()
|
|
|
|
default:
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("unable to handle file type %d for %q in tar", hdr.Typeflag, hdr.Name))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func extractOctetStream(targetDir, fileName string, at io.ReaderAt, size int64) error {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.extractOctetStream"
|
2020-02-24 19:14:46 +03:00
|
|
|
in := io.NewSectionReader(at, 0, size)
|
|
|
|
path := filepath.Join(targetDir, fileName)
|
|
|
|
|
|
|
|
if err := os.MkdirAll(targetDir, 0755); err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to create directory for tar: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, os.FileMode(os.ModePerm))
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to create file %q: %w", path, err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
if _, err := io.Copy(f, in); err != nil {
|
|
|
|
f.Close()
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to copy %q into file: %w", fileName, err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
f.Close()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func suspiciousPath(path string) error {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.suspiciousPath"
|
2020-02-24 19:14:46 +03:00
|
|
|
if strings.Contains(path, "..") {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("refusing to unpack archive with suspicious entry %q", path))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if strings.HasPrefix(path, `/`) || strings.HasPrefix(path, `\`) {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("refusing to unpack archive with absolute entry %q", path))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func detectMIMEType(at io.ReaderAt) (string, error) {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.detectMIMEType"
|
2020-02-24 19:14:46 +03:00
|
|
|
buf := make([]byte, 512)
|
|
|
|
n, err := at.ReadAt(buf, 0)
|
|
|
|
if err != nil && err != io.EOF {
|
2022-10-27 06:17:16 +03:00
|
|
|
return "", errors.E(op, fmt.Errorf("failed to read first 512 bytes: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
2021-10-13 17:38:07 +03:00
|
|
|
// if n < 512 {
|
|
|
|
//klog.V(5).Infof("Did only read %d of 512 bytes to determine the file type", n)
|
|
|
|
// }
|
2020-02-24 19:14:46 +03:00
|
|
|
|
|
|
|
// Cut off mime extra info beginning with ';' i.e:
|
|
|
|
// "text/plain; charset=utf-8" should result in "text/plain".
|
|
|
|
return strings.Split(http.DetectContentType(buf[:n]), ";")[0], nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type extractor func(targetDir, fileName string, read io.ReaderAt, size int64) error
|
|
|
|
|
|
|
|
var defaultExtractors = map[string]extractor{
|
|
|
|
"application/zip": extractZIP,
|
|
|
|
"application/x-gzip": extractTARGZ,
|
|
|
|
"application/octet-stream": extractOctetStream,
|
|
|
|
"application/x-ms-dos-executable": extractOctetStream,
|
|
|
|
}
|
|
|
|
|
|
|
|
func extractArchive(dst, fileName string, at io.ReaderAt, size int64) error {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.extractArchive"
|
2020-02-24 19:14:46 +03:00
|
|
|
t, err := detectMIMEType(at)
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("failed to determine content type: %w", err))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
exf, ok := defaultExtractors[t]
|
|
|
|
if !ok {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, fmt.Errorf("mime type %q for archive file is not a supported archive format", t))
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
2022-10-27 06:17:16 +03:00
|
|
|
err = exf(dst, fileName, at, size)
|
|
|
|
if err != nil {
|
|
|
|
return errors.E(op, fmt.Errorf("failed to extract file: %w", err))
|
|
|
|
}
|
|
|
|
return nil
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// Downloader is responsible for fetching, verifying and extracting a binary.
|
|
|
|
type Downloader struct {
|
|
|
|
verifier Verifier
|
|
|
|
fetcher Fetcher
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewDownloader builds a new Downloader.
|
|
|
|
func NewDownloader(v Verifier, f Fetcher) Downloader {
|
|
|
|
return Downloader{
|
|
|
|
verifier: v,
|
|
|
|
fetcher: f,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get pulls the uri and verifies it. On success, the download gets extracted
|
|
|
|
// into dst.
|
|
|
|
func (d Downloader) Get(uri, dst string) error {
|
2022-10-27 06:17:16 +03:00
|
|
|
var op errors.Op = "download.Downloader.Get"
|
2020-02-24 19:14:46 +03:00
|
|
|
body, size, err := download(uri, d.verifier, d.fetcher)
|
|
|
|
if err != nil {
|
2022-10-27 06:17:16 +03:00
|
|
|
return errors.E(op, err)
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|
|
|
|
fileName := filepath.Base(uri)
|
2022-10-27 06:17:16 +03:00
|
|
|
err = extractArchive(dst, fileName, body, size)
|
|
|
|
if err != nil {
|
|
|
|
return errors.E(op, err)
|
|
|
|
}
|
|
|
|
return nil
|
2020-02-24 19:14:46 +03:00
|
|
|
}
|