fix: use doublestar fork to properly resolve symlinks

enix · May 17, 2023 · f7944e4 · f7944e4
1 parent 092177c
commit f7944e4
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 5 deletions.
diff --git a/go.mod b/go.mod
@@ -70,3 +70,5 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
+
+replace github.com/bmatcuk/doublestar/v4 => github.com/enix/doublestar/v4 v4.0.0-20230517083426-fa6d1b0d071d
diff --git a/go.sum b/go.sum
@@ -5,8 +5,6 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc=
-github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
@@ -25,6 +23,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE=
 github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/enix/doublestar/v4 v4.0.0-20230517083426-fa6d1b0d071d h1:XgDfI7CiZqA4yTAb1gGilrci8zfoHqN311QqHOor3Pw=
+github.com/enix/doublestar/v4 v4.0.0-20230517083426-fa6d1b0d071d/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=

diff --git a/internal/certificate.go b/internal/certificate.go
@@ -250,14 +250,23 @@ func readFile(file string) ([]byte, error) {
 		return contents, err
 	}
 
-	realPath, err := os.Readlink(file)
+	realPath, err := resolveSymlink(file)
 	if err != nil {
 		return nil, err
 	}
 
+	return os.ReadFile(realPath)
+}
+
+func resolveSymlink(link string) (string, error) {
+	realPath, err := os.Readlink(link)
+	if err != nil {
+		return "", err
+	}
+
 	// only resolve the symlink filename, and not its full path, to stay compatible with k8s volume mounts
 	// see https://github.com/enix/x509-certificate-exporter/tree/main/deploy/charts/x509-certificate-exporter#watching-symbolic-links
-	return os.ReadFile(path.Join(path.Dir(file), path.Base(realPath)))
+	return path.Join(path.Dir(link), path.Base(realPath)), nil
 }
 
 func parsePEM(data []byte) ([]*x509.Certificate, error) {

diff --git a/internal/exporter.go b/internal/exporter.go
@@ -277,7 +277,8 @@ func (exporter *Exporter) collectMatchingPaths(pattern string, format certificat
 	options := []doublestar.GlobOption{
 		doublestar.WithFailOnIOErrors(),
 		doublestar.WithFailOnPatternNotExist(),
-		// doublestar.WithNoFollow(),
+		doublestar.WithNoFollow(),
+		doublestar.WithStatFunc(stat),
 	}
 
 	if !directories {
@@ -423,3 +424,28 @@ func fillLabelsFromName(name *pkix.Name, prefix string, output map[string]string
 		output[fmt.Sprintf("%s_CN", prefix)] = name.CommonName
 	}
 }
+
+func stat(fsys fs.FS, name string, beforeMeta bool) (fs.FileInfo, bool, error) {
+	// name might end in a slash, but Stat doesn't like that
+	namelen := len(name)
+	if namelen > 1 && name[namelen-1] == '/' {
+		name = name[:namelen-1]
+	}
+
+	info, err := fs.Stat(fsys, name)
+	if errors.Is(err, fs.ErrNotExist) {
+		realPath, err := resolveSymlink(name)
+		if err != nil {
+			return nil, false, err
+		}
+
+		info, err := fs.Stat(fsys, realPath)
+		if errors.Is(err, fs.ErrNotExist) {
+			return nil, false, doublestar.ErrPatternNotExist
+		}
+
+		return info, err == nil, err
+	}
+
+	return info, err == nil, err
+}