From fb1ef1d67e8498d8e7435b9259be734d4ae07565 Mon Sep 17 00:00:00 2001 From: jberkhahn Date: Thu, 26 Jan 2023 16:33:54 -0800 Subject: [PATCH] change kustomize install templating to avoid tripping security alerts Signed-off-by: jberkhahn --- pkg/plugins/golang/v3/scaffolds/internal/templates/makefile.go | 2 +- pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go | 2 +- testdata/project-v3-config/Makefile | 2 +- testdata/project-v3-declarative-v1/Makefile | 2 +- testdata/project-v3-multigroup/Makefile | 2 +- testdata/project-v3-with-deploy-image/Makefile | 2 +- testdata/project-v3-with-grafana/Makefile | 2 +- testdata/project-v3/Makefile | 2 +- testdata/project-v4-config/Makefile | 2 +- testdata/project-v4-declarative-v1/Makefile | 2 +- testdata/project-v4-multigroup/Makefile | 2 +- testdata/project-v4-with-deploy-image/Makefile | 2 +- testdata/project-v4-with-grafana/Makefile | 2 +- testdata/project-v4/Makefile | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/makefile.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/makefile.go index 2bc0d485b97..9c274577aae 100644 --- a/pkg/plugins/golang/v3/scaffolds/internal/templates/makefile.go +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/makefile.go @@ -203,7 +203,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go b/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go index ceded0c26d6..ea685f299c0 100644 --- a/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go +++ b/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go @@ -203,7 +203,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v3-config/Makefile b/testdata/project-v3-config/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v3-config/Makefile +++ b/testdata/project-v3-config/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v3-declarative-v1/Makefile b/testdata/project-v3-declarative-v1/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v3-declarative-v1/Makefile +++ b/testdata/project-v3-declarative-v1/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v3-multigroup/Makefile b/testdata/project-v3-multigroup/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v3-multigroup/Makefile +++ b/testdata/project-v3-multigroup/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v3-with-deploy-image/Makefile b/testdata/project-v3-with-deploy-image/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v3-with-deploy-image/Makefile +++ b/testdata/project-v3-with-deploy-image/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v3-with-grafana/Makefile b/testdata/project-v3-with-grafana/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v3-with-grafana/Makefile +++ b/testdata/project-v3-with-grafana/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v3/Makefile b/testdata/project-v3/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v3/Makefile +++ b/testdata/project-v3/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v4-config/Makefile b/testdata/project-v4-config/Makefile index 971bfb70e69..8159e4f2664 100644 --- a/testdata/project-v4-config/Makefile +++ b/testdata/project-v4-config/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v4-declarative-v1/Makefile b/testdata/project-v4-declarative-v1/Makefile index 971bfb70e69..8159e4f2664 100644 --- a/testdata/project-v4-declarative-v1/Makefile +++ b/testdata/project-v4-declarative-v1/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v4-multigroup/Makefile b/testdata/project-v4-multigroup/Makefile index 971bfb70e69..8159e4f2664 100644 --- a/testdata/project-v4-multigroup/Makefile +++ b/testdata/project-v4-multigroup/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v4-with-deploy-image/Makefile b/testdata/project-v4-with-deploy-image/Makefile index 971bfb70e69..8159e4f2664 100644 --- a/testdata/project-v4-with-deploy-image/Makefile +++ b/testdata/project-v4-with-deploy-image/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v4-with-grafana/Makefile b/testdata/project-v4-with-grafana/Makefile index 57f9988af70..f22bdaf1798 100644 --- a/testdata/project-v4-with-grafana/Makefile +++ b/testdata/project-v4-with-grafana/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/testdata/project-v4/Makefile b/testdata/project-v4/Makefile index 971bfb70e69..8159e4f2664 100644 --- a/testdata/project-v4/Makefile +++ b/testdata/project-v4/Makefile @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.