Clean template destination path

dannykopping · dannykopping · commit a6ae71adba50 · 2024-03-12T17:33:13.000+02:00
Signed-off-by: Danny Kopping &lt;danny@coder.com&gt;
diff --git a/cli/templatepull.go b/cli/templatepull.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"path/filepath"
 	"sort"
 
 	"github.com/codeclysm/extract/v3"
@@ -130,6 +131,17 @@ func (r *RootCmd) templatePull() *clibase.Cmd {
 				dest = templateName
 			}
 
+			clean, err := filepath.Abs(filepath.Clean(dest))
+			if err != nil {
+				cliui.Error(inv.Stderr, fmt.Sprintf("cleaning destination path %s failed: %q", dest, err))
+				return err
+			}
+
+			if dest != clean {
+				cliui.Warn(inv.Stderr, fmt.Sprintf("cleaning destination path from %s to %s", dest, clean))
+				dest = clean
+			}
+
 			err = os.MkdirAll(dest, 0o750)
 			if err != nil {
 				return xerrors.Errorf("mkdirall %q: %w", dest, err)
diff --git a/cli/templatepull_test.go b/cli/templatepull_test.go
@@ -230,118 +230,93 @@ func TestTemplatePull_LatestStdout(t *testing.T) {
 
 // ToDir tests that 'templates pull' pulls down the active template
 // and writes it to the correct directory.
+// nolint: paralleltest
 func TestTemplatePull_ToDir(t *testing.T) {
-	t.Parallel()
-
-	client := coderdtest.New(t, &coderdtest.Options{
-		IncludeProvisionerDaemon: true,
-	})
-	owner := coderdtest.CreateFirstUser(t, client)
-	templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin())
-
-	// Create an initial template bundle.
-	source1 := genTemplateVersionSource()
-	// Create an updated template bundle. This will be used to ensure
-	// that templates are correctly returned in order from latest to oldest.
-	source2 := genTemplateVersionSource()
-
-	expected, err := echo.Tar(source2)
-	require.NoError(t, err)
-
-	version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1)
-	_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID)
-
-	template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID)
-
-	// Update the template version so that we can assert that templates
-	// are being sorted correctly.
-	updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID)
-	_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID)
-	coderdtest.UpdateActiveTemplateVersion(t, client, template.ID, updatedVersion.ID)
-
-	dir := t.TempDir()
-
-	expectedDest := filepath.Join(dir, "expected")
-	actualDest := filepath.Join(dir, "actual")
-	ctx := context.Background()
-
-	err = extract.Tar(ctx, bytes.NewReader(expected), expectedDest, nil)
-	require.NoError(t, err)
-
-	inv, root := clitest.New(t, "templates", "pull", template.Name, actualDest)
-	clitest.SetupConfig(t, templateAdmin, root)
-
-	ptytest.New(t).Attach(inv)
+	// Prevents the tests from running in parallel.
+	tmp := t.TempDir()
+	expectedDest := filepath.Join(tmp, "expected")
+
+	tests := []struct {
+		name      string
+		givenPath string
+	}{
+		{
+			name:      "absolute path works",
+			givenPath: filepath.Join(tmp, "actual"),
+		},
+		{
+			name:      "relative path is cleaned up",
+			givenPath: "./pulltmp",
+		},
+		{
+			name:      "directory traversal is acceptable",
+			givenPath: "../../../mytmpl",
+		},
+		{
+			name:      "empty path falls back to using template name",
+			givenPath: "",
+		},
+	}
 
-	require.NoError(t, inv.Run())
+	for _, tc := range tests {
+		tc := tc
 
-	require.Equal(t,
-		dirSum(t, expectedDest),
-		dirSum(t, actualDest),
-	)
-}
+		t.Run(tc.name, func(t *testing.T) {
+			t.Cleanup(func() {
+				_ = os.RemoveAll(tc.givenPath)
+				_ = os.RemoveAll(expectedDest)
+			})
 
-// ToDir tests that 'templates pull' pulls down the active template and writes
-// it to a directory with the name of the template if the path is not implicitly
-// supplied.
-// nolint: paralleltest
-func TestTemplatePull_ToImplicit(t *testing.T) {
-	client := coderdtest.New(t, &coderdtest.Options{
-		IncludeProvisionerDaemon: true,
-	})
-	owner := coderdtest.CreateFirstUser(t, client)
-	templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin())
+			client := coderdtest.New(t, &coderdtest.Options{
+				IncludeProvisionerDaemon: true,
+			})
+			owner := coderdtest.CreateFirstUser(t, client)
+			templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin())
 
-	// Create an initial template bundle.
-	source1 := genTemplateVersionSource()
-	// Create an updated template bundle. This will be used to ensure
-	// that templates are correctly returned in order from latest to oldest.
-	source2 := genTemplateVersionSource()
+			// Create an initial template bundle.
+			source1 := genTemplateVersionSource()
+			// Create an updated template bundle. This will be used to ensure
+			// that templates are correctly returned in order from latest to oldest.
+			source2 := genTemplateVersionSource()
 
-	expected, err := echo.Tar(source2)
-	require.NoError(t, err)
+			expected, err := echo.Tar(source2)
+			require.NoError(t, err)
 
-	version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1)
-	_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID)
+			version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1)
+			_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID)
 
-	template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID)
+			template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID)
 
-	// Update the template version so that we can assert that templates
-	// are being sorted correctly.
-	updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID)
-	_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID)
-	coderdtest.UpdateActiveTemplateVersion(t, client, template.ID, updatedVersion.ID)
+			// Update the template version so that we can assert that templates
+			// are being sorted correctly.
+			updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID)
+			_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID)
+			coderdtest.UpdateActiveTemplateVersion(t, client, template.ID, updatedVersion.ID)
 
-	// create a tempdir and change the working directory to it for the duration of the test (cannot run in parallel)
-	dir := t.TempDir()
-	wd, err := os.Getwd()
-	require.NoError(t, err)
-	err = os.Chdir(dir)
-	require.NoError(t, err)
-	defer func() {
-		err := os.Chdir(wd)
-		require.NoError(t, err, "if this fails, it can break other subsequent tests due to wrong working directory")
-	}()
+			ctx := context.Background()
 
-	expectedDest := filepath.Join(dir, "expected")
-	actualDest := filepath.Join(dir, template.Name)
+			err = extract.Tar(ctx, bytes.NewReader(expected), expectedDest, nil)
+			require.NoError(t, err)
 
-	ctx := context.Background()
+			inv, root := clitest.New(t, "templates", "pull", template.Name, tc.givenPath)
+			clitest.SetupConfig(t, templateAdmin, root)
 
-	err = extract.Tar(ctx, bytes.NewReader(expected), expectedDest, nil)
-	require.NoError(t, err)
+			ptytest.New(t).Attach(inv)
 
-	inv, root := clitest.New(t, "templates", "pull", template.Name)
-	clitest.SetupConfig(t, templateAdmin, root)
-
-	ptytest.New(t).Attach(inv)
+			require.NoError(t, inv.Run())
 
-	require.NoError(t, inv.Run())
+			// Validate behaviour of choosing template name in the absence of an output path argument.
+			destPath := tc.givenPath
+			if destPath == "" {
+				destPath = template.Name
+			}
 
-	require.Equal(t,
-		dirSum(t, expectedDest),
-		dirSum(t, actualDest),
-	)
+			require.Equal(t,
+				dirSum(t, expectedDest),
+				dirSum(t, destPath),
+			)
+		})
+	}
 }
 
 // FolderConflict tests that 'templates pull' fails when a folder with has
