htwkmooc/poseidon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hide Nomad specific environment variables

Browse Source 
from the user environment.
This commit is contained in:
Maximilian Paß
2022-10-13 12:18:46 +01:00
committed by Sebastian Serth
parent 697e7723e4
commit 4c25473c9e
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/nomad/nomad.go
View File

@ -12,6 +12,7 @@ import (
"github.com/openHPI/poseidon/pkg/nullio" "github.com/openHPI/poseidon/pkg/nullio"
"io" "io"
"strconv" "strconv"
"strings"
"time" "time"
) )
@ -433,8 +434,8 @@ func (a *APIClient) executeCommandInteractivelyWithStderr(allocationID string, c
stderrExitChan <- exit stderrExitChan <- exit
}() }()
exit, err := a. command = hideEnvironmentVariables(setUserCommand(command, privilegedExecution))
Execute(allocationID, ctx, setUserCommand(command, privilegedExecution), true, stdin, stdout, io.Discard) exit, err := a.Execute(allocationID, ctx, command, true, stdin, stdout, io.Discard)
// Wait until the stderr catch command finished to make sure we receive all output. // Wait until the stderr catch command finished to make sure we receive all output.
<-stderrExitChan <-stderrExitChan
@ -442,6 +443,13 @@ func (a *APIClient) executeCommandInteractivelyWithStderr(allocationID string, c
} }
const ( const (
// unsetEnvironmentVariablesFormat prepends the call to unset the passed variables before the actual command.
unsetEnvironmentVariablesFormat = "\"unset %s && %s\""
// unsetEnvironmentVariablesPrefix is the prefix of all environment variables that will be filtered.
unsetEnvironmentVariablesPrefix = "NOMAD_"
// unsetEnvironmentVariablesShell is the shell functionality to get all environment variables starting with the prefix.
unsetEnvironmentVariablesShell = "${!" + unsetEnvironmentVariablesPrefix + "@}"
// stderrFifoFormat represents the format we use for our stderr fifos. The %d should be unique for the execution // stderrFifoFormat represents the format we use for our stderr fifos. The %d should be unique for the execution
// as otherwise multiple executions are not possible. // as otherwise multiple executions are not possible.
// Example: "/tmp/stderr_1623330777825234133.fifo". // Example: "/tmp/stderr_1623330777825234133.fifo".
@ -465,6 +473,11 @@ const (
UnprivilegedExecution = false UnprivilegedExecution = false
) )
func hideEnvironmentVariables(commands []string) []string {
command := strings.Join(commands, " ")
return []string{"sh", "-c", fmt.Sprintf(unsetEnvironmentVariablesFormat, unsetEnvironmentVariablesShell, command)}
}
func setUserCommand(command []string, privilegedExecution bool) []string { func setUserCommand(command []string, privilegedExecution bool) []string {
if privilegedExecution { if privilegedExecution {
return command return command

1
tests/e2e/websocket_test.go
View File

@ -168,6 +168,7 @@ func (s *E2ETestSuite) expectEnvironmentVariables(stdout string) []string {
s.Contains(variables, "CODEOCEAN=true") s.Contains(variables, "CODEOCEAN=true")
for _, envVar := range variables { for _, envVar := range variables {
s.False(strings.HasPrefix(envVar, "AWS")) s.False(strings.HasPrefix(envVar, "AWS"))
s.False(strings.HasPrefix(envVar, "NOMAD_"))
} }
return variables return variables
} }