diff --git a/src/pkg/bundle/common.go b/src/pkg/bundle/common.go index ef4941aa..8ff40dbb 100644 --- a/src/pkg/bundle/common.go +++ b/src/pkg/bundle/common.go @@ -280,7 +280,8 @@ func validateOverrides(pkg types.Package, zarfYAML zarfTypes.ZarfPackage) error var foundComponent *zarfTypes.ZarfComponent for _, component := range zarfYAML.Components { if component.Name == componentName { - foundComponent = &component + componentCopy := component // Create a copy of the component + foundComponent = &componentCopy break } } @@ -292,7 +293,8 @@ func validateOverrides(pkg types.Package, zarfYAML zarfTypes.ZarfPackage) error var foundChart *zarfTypes.ZarfChart for _, chart := range foundComponent.Charts { if chart.Name == chartName { - foundChart = &chart + chartCopy := chart // Create a copy of the chart + foundChart = &chartCopy break } } diff --git a/src/pkg/bundle/deploy.go b/src/pkg/bundle/deploy.go index 53ffe950..a370f3a8 100644 --- a/src/pkg/bundle/deploy.go +++ b/src/pkg/bundle/deploy.go @@ -289,11 +289,12 @@ func (b *Bundle) loadChartOverrides(pkg types.Package) (ZarfOverrideMap, error) // Loop through each package component's charts and process overrides for componentName, component := range pkg.Overrides { for chartName, chart := range component { - err := b.processOverrideValues(&overrideMap, &chart.Values, componentName, chartName) + chartCopy := chart // Create a copy of the chart + err := b.processOverrideValues(&overrideMap, &chartCopy.Values, componentName, chartName) if err != nil { return nil, err } - err = b.processOverrideVariables(&overrideMap, pkg.Name, &chart.Variables, componentName, chartName) + err = b.processOverrideVariables(&overrideMap, pkg.Name, &chartCopy.Variables, componentName, chartName) if err != nil { return nil, err } diff --git a/src/pkg/bundler/fetcher/local.go b/src/pkg/bundler/fetcher/local.go index 9a50298b..399e4b69 100644 --- a/src/pkg/bundler/fetcher/local.go +++ b/src/pkg/bundler/fetcher/local.go @@ -68,12 +68,7 @@ func (f *localFetcher) GetPkgMetadata() (zarfTypes.ZarfPackage, error) { if err != nil { return zarfTypes.ZarfPackage{}, err } - defer func(path string) { - err := os.RemoveAll(path) - if err != nil { - - } - }(tmpDir) + defer os.RemoveAll(tmpDir) //nolint:errcheck zarfTarball, err := os.Open(f.cfg.Bundle.Packages[f.cfg.PkgIter].Path) if err != nil { diff --git a/src/pkg/sources/remote.go b/src/pkg/sources/remote.go index 56dceb2e..08d3c2c1 100644 --- a/src/pkg/sources/remote.go +++ b/src/pkg/sources/remote.go @@ -111,7 +111,7 @@ func (r *RemoteBundle) LoadPackageMetadata(dst *layout.PackagePaths, _ bool, _ b if err = goyaml.Unmarshal(zarfYAMLBytes, &zarfYAML); err != nil { return err } - err = zarfUtils.WriteYaml(filepath.Join(dst.Base, config.ZarfYAML), zarfYAML, 0644) + err = zarfUtils.WriteYaml(filepath.Join(dst.Base, config.ZarfYAML), zarfYAML, 0600) if err != nil { return err } @@ -124,7 +124,7 @@ func (r *RemoteBundle) LoadPackageMetadata(dst *layout.PackagePaths, _ bool, _ b if err != nil { return err } - err = os.WriteFile(filepath.Join(dst.Base, config.ChecksumsTxt), checksumBytes, 0644) + err = os.WriteFile(filepath.Join(dst.Base, config.ChecksumsTxt), checksumBytes, 0600) if err != nil { return err } diff --git a/src/pkg/utils/sbom.go b/src/pkg/utils/sbom.go index aac99d29..3836fee8 100644 --- a/src/pkg/utils/sbom.go +++ b/src/pkg/utils/sbom.go @@ -63,7 +63,7 @@ func SBOMExtractor(dst string, SBOMArtifactPathMap map[string]string) func(ctx c } path := filepath.Join(dst, config.BundleSBOM, f.NameInArchive) // todo: handle collisions? especially for zarf-component SBOM files? - err = os.WriteFile(path, buffer, 0644) + err = os.WriteFile(path, buffer, 0600) if err != nil { return err }