diff --git a/cmd/sops/subcommand/exec/exec.go b/cmd/sops/subcommand/exec/exec.go index 3ac7cfd63..35f519c3c 100644 --- a/cmd/sops/subcommand/exec/exec.go +++ b/cmd/sops/subcommand/exec/exec.go @@ -35,25 +35,25 @@ type ExecOpts struct { Env []string } -func GetFile(dir, filename string) *os.File { +func GetFile(dir, filename string) (*os.File, error) { // If no filename is provided, create a random one based on FallbackFilename if filename == "" { handle, err := os.CreateTemp(dir, FallbackFilename) if err != nil { - log.Fatal(err) + return nil, err } - return handle + return handle, nil } // If a filename is provided, use that one handle, err := os.Create(filepath.Join(dir, filename)) if err != nil { - log.Fatal(err) + return nil, err } // read+write for owner only if err = handle.Chmod(0600); err != nil { - log.Fatal(err) + return nil, err } - return handle + return handle, nil } func ExecWithFile(opts ExecOpts) error { @@ -68,10 +68,16 @@ func ExecWithFile(opts ExecOpts) error { dir, err := os.MkdirTemp("", ".sops") if err != nil { - log.Fatal(err) + return err } defer os.RemoveAll(dir) + if opts.Filename != "" { + if filepath.IsAbs(opts.Filename) || !filepath.IsLocal(opts.Filename) { + return fmt.Errorf("The provided filename is not a local path.") + } + } + var filename string if opts.Fifo { // fifo handling needs to be async, even opening to write @@ -80,12 +86,18 @@ func ExecWithFile(opts ExecOpts) error { if filename == "" { filename = FallbackFilename } - filename = GetPipe(dir, filename) + filename, err = GetPipe(dir, filename) + if err != nil { + return err + } go WritePipe(filename, opts.Plaintext) } else { // GetFile handles opts.Filename == "" specially, that's why we have // to pass in opts.Filename without handling the fallback here - handle := GetFile(dir, opts.Filename) + handle, err := GetFile(dir, opts.Filename) + if err != nil { + return err + } handle.Write(opts.Plaintext) handle.Close() filename = handle.Name() diff --git a/cmd/sops/subcommand/exec/exec_unix.go b/cmd/sops/subcommand/exec/exec_unix.go index e8ea7729e..f36d6326a 100644 --- a/cmd/sops/subcommand/exec/exec_unix.go +++ b/cmd/sops/subcommand/exec/exec_unix.go @@ -32,14 +32,14 @@ func WritePipe(pipe string, contents []byte) { handle.Close() } -func GetPipe(dir, filename string) string { +func GetPipe(dir, filename string) (string, error) { tmpfn := filepath.Join(dir, filename) err := syscall.Mkfifo(tmpfn, 0600) if err != nil { - log.Fatal(err) + return "", err } - return tmpfn + return tmpfn, nil } func SwitchUser(username string) { diff --git a/cmd/sops/subcommand/exec/exec_windows.go b/cmd/sops/subcommand/exec/exec_windows.go index a510f2826..c4870ba62 100644 --- a/cmd/sops/subcommand/exec/exec_windows.go +++ b/cmd/sops/subcommand/exec/exec_windows.go @@ -1,6 +1,7 @@ package exec import ( + "fmt" "os/exec" ) @@ -17,9 +18,8 @@ func WritePipe(pipe string, contents []byte) { log.Fatal("fifos are not available on windows") } -func GetPipe(dir, filename string) string { - log.Fatal("fifos are not available on windows") - return "" +func GetPipe(dir, filename string) (string, error) { + return "", fmt.Errorf("fifos are not available on windows") } func SwitchUser(username string) {