Remove sprig "env" and "expandenv" functions.

This commit is contained in:
Mariano Cano 2021-10-27 11:50:55 -07:00
parent 0927e0d22a
commit 0f63d43a91
2 changed files with 17 additions and 2 deletions

View file

@ -21,8 +21,14 @@ type helmVariables struct {
Provisioners []provisioner.Interface
}
// WriteHelmTemplate a helm template to configure the
// smallstep/step-certificates helm chart.
func (p *PKI) WriteHelmTemplate(w io.Writer) error {
tmpl, err := template.New("helm").Funcs(sprig.TxtFuncMap()).Parse(helmTemplate)
funcs := sprig.TxtFuncMap()
delete(funcs, "env")
delete(funcs, "expandenv")
tmpl, err := template.New("helm").Funcs(funcs).Parse(helmTemplate)
if err != nil {
return errors.Wrap(err, "error writing helm template")
}

View file

@ -183,7 +183,7 @@ func (t *Template) Load() error {
// the template fails.
func (t *Template) LoadBytes(b []byte) error {
t.backfill(b)
tmpl, err := template.New(t.Name).Funcs(sprig.TxtFuncMap()).Parse(string(b))
tmpl, err := template.New(t.Name).Funcs(getFuncMap()).Parse(string(b))
if err != nil {
return errors.Wrapf(err, "error parsing template %s", t.Name)
}
@ -270,3 +270,12 @@ func mkdir(path string, perm os.FileMode) error {
}
return nil
}
// getFuncMap returns sprig.TxtFuncMap but removing the "env" and "expandenv"
// functions to avoid any leak of information.
func getFuncMap() template.FuncMap {
m := sprig.TxtFuncMap()
delete(m, "env")
delete(m, "expandenv")
return m
}