You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@yetus.apache.org by GitBox <gi...@apache.org> on 2022/04/21 09:30:06 UTC

[GitHub] [yetus] ndimiduk commented on a diff in pull request #254: YETUS-1159. fixes for CVE-2022-24765

ndimiduk commented on code in PR #254:
URL: https://github.com/apache/yetus/pull/254#discussion_r854977904


##########
precommit/src/main/shell/core.d/00-yetuslib.sh:
##########
@@ -528,3 +528,65 @@ function yetus_set_trap_handler
     trap "${func} ${signal}" "${signal}"
   done
 }
+
+## @description  Determine if running in a container
+## @audience     public
+## @stability    evolving
+## @replaceable  no
+function yetus_is_container
+{
+  declare mounts
+  declare cgroups
+
+  if [[ -n "${YETUS_CONTAINER_STATE}" ]]; then
+    if [[ "${YETUS_CONTAINER_STATE}" == "true" ]]; then
+      return 0
+    fi
+    return 1
+  fi
+
+  if [[ -f /.dockerenv ]]; then
+    YETUS_CONTAINER_STATE=true
+    return 0
+  fi
+
+  if [[ -n "${container}" ]]; then
+    YETUS_CONTAINER_STATE=true
+    return 0
+  fi
+
+  if [[ -d /proc/self/mountinfo ]]; then

Review Comment:
   Is the order of these checks important? Is it better to start with one proc mount vs the other?



##########
precommit/src/main/shell/core.d/00-yetuslib.sh:
##########
@@ -528,3 +528,65 @@ function yetus_set_trap_handler
     trap "${func} ${signal}" "${signal}"
   done
 }
+
+## @description  Determine if running in a container
+## @audience     public
+## @stability    evolving
+## @replaceable  no
+function yetus_is_container
+{
+  declare mounts
+  declare cgroups
+
+  if [[ -n "${YETUS_CONTAINER_STATE}" ]]; then
+    if [[ "${YETUS_CONTAINER_STATE}" == "true" ]]; then
+      return 0
+    fi
+    return 1
+  fi
+
+  if [[ -f /.dockerenv ]]; then
+    YETUS_CONTAINER_STATE=true
+    return 0
+  fi
+
+  if [[ -n "${container}" ]]; then

Review Comment:
   Where does `${container}` come from?



##########
precommit/src/main/shell/core.d/01-common.sh:
##########
@@ -303,6 +303,27 @@ function common_args
   USER_PLUGIN_DIR="${BASEDIR}/.yetus/plugins.d"
 }
 
+## @description  Verify that BASEDIR is a git repo
+## @description  and set some git settings
+## @audience     public
+## @stability    evolving
+## @replaceable  no
+function verify_basedir_repo
+{
+  if [[ ! -e "${BASEDIR}/.git" ]]; then
+    yetus_error "ERROR: ${BASEDIR} is not a git repo."
+    cleanup_and_exit 1

Review Comment:
   Forgive my ignorance. Is it a common pattern in our public API that functions prefixed with `verify_` can exit the process when their condition is not met?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@yetus.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org