From 90bb99a48d86cf1d327cee9968f7428f90ba13c1 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Mon, 26 Mar 2018 18:01:14 -0700 Subject: [PATCH] use go-safetemp to safely allocate temporary directories that don't exist --- client.go | 10 ++++------ get_git.go | 7 +++---- get_hg.go | 10 +++++----- get_http.go | 14 ++++++-------- 4 files changed, 18 insertions(+), 23 deletions(-) diff --git a/client.go b/client.go index 6e5ab8264..300301c2e 100644 --- a/client.go +++ b/client.go @@ -17,6 +17,7 @@ import ( "strings" urlhelper "github.com/hashicorp/go-getter/helper/url" + "github.com/hashicorp/go-safetemp" ) // Client is a client for downloading things. @@ -100,17 +101,14 @@ func (c *Client) Get() error { dst := c.Dst src, subDir := SourceDirSubdir(src) if subDir != "" { - tmpDir, err := ioutil.TempDir("", "tf") + td, tdcloser, err := safetemp.Dir("", "getter") if err != nil { return err } - if err := os.RemoveAll(tmpDir); err != nil { - return err - } - defer os.RemoveAll(tmpDir) + defer tdcloser.Close() realDst = dst - dst = tmpDir + dst = td } u, err := urlhelper.Parse(src) diff --git a/get_git.go b/get_git.go index 6f5d9142b..cb1d02947 100644 --- a/get_git.go +++ b/get_git.go @@ -11,6 +11,7 @@ import ( "strings" urlhelper "github.com/hashicorp/go-getter/helper/url" + "github.com/hashicorp/go-safetemp" "github.com/hashicorp/go-version" ) @@ -105,13 +106,11 @@ func (g *GitGetter) Get(dst string, u *url.URL) error { // GetFile for Git doesn't support updating at this time. It will download // the file every time. func (g *GitGetter) GetFile(dst string, u *url.URL) error { - td, err := ioutil.TempDir("", "getter-git") + td, tdcloser, err := safetemp.Dir("", "getter") if err != nil { return err } - if err := os.RemoveAll(td); err != nil { - return err - } + defer tdcloser.Close() // Get the filename, and strip the filename from the URL so we can // just get the repository directly. diff --git a/get_hg.go b/get_hg.go index 820bdd488..f38692270 100644 --- a/get_hg.go +++ b/get_hg.go @@ -2,7 +2,6 @@ package getter import ( "fmt" - "io/ioutil" "net/url" "os" "os/exec" @@ -10,6 +9,7 @@ import ( "runtime" urlhelper "github.com/hashicorp/go-getter/helper/url" + "github.com/hashicorp/go-safetemp" ) // HgGetter is a Getter implementation that will download a module from @@ -64,13 +64,13 @@ func (g *HgGetter) Get(dst string, u *url.URL) error { // GetFile for Hg doesn't support updating at this time. It will download // the file every time. func (g *HgGetter) GetFile(dst string, u *url.URL) error { - td, err := ioutil.TempDir("", "getter-hg") + // Create a temporary directory to store the full source. This has to be + // a non-existent directory. + td, tdcloser, err := safetemp.Dir("", "getter") if err != nil { return err } - if err := os.RemoveAll(td); err != nil { - return err - } + defer tdcloser.Close() // Get the filename, and strip the filename from the URL so we can // just get the repository directly. diff --git a/get_http.go b/get_http.go index 084ecb856..d2e28796d 100644 --- a/get_http.go +++ b/get_http.go @@ -4,12 +4,13 @@ import ( "encoding/xml" "fmt" "io" - "io/ioutil" "net/http" "net/url" "os" "path/filepath" "strings" + + "github.com/hashicorp/go-safetemp" ) // HttpGetter is a Getter implementation that will download from an HTTP @@ -149,16 +150,13 @@ func (g *HttpGetter) GetFile(dst string, u *url.URL) error { // getSubdir downloads the source into the destination, but with // the proper subdir. func (g *HttpGetter) getSubdir(dst, source, subDir string) error { - // Create a temporary directory to store the full source - td, err := ioutil.TempDir("", "tf") + // Create a temporary directory to store the full source. This has to be + // a non-existent directory. + td, tdcloser, err := safetemp.Dir("", "getter") if err != nil { return err } - defer os.RemoveAll(td) - - // We have to create a subdirectory that doesn't exist for the file - // getter to work. - td = filepath.Join(td, "data") + defer tdcloser.Close() // Download that into the given directory if err := Get(td, source); err != nil {