Apparent file traversal bug during dry runs of Scaffolder

Solution In Progress - Updated -

Issue

When using Scaffolder in RHDH v1.4 in dry run mode, I get errors related to path traversal. The first error is NotAllowedError: Relative path is not allowed to refer to a directory outside its parent, which I think I'm getting because I'm doing ../../skeletons/github-repository in

    - id: fetch-common
      name: Add common configuration
      action: fetch:template
      input:
        url: ../../skeletons/github-repository
        targetPath: ./
        values:
          gitleaksNotifyUserList: ${{ parameters.owner }}

I'm pretty sure that's allowed because it's done in Red Hat's own example templates: https://github.com/search?q=repo%3Aredhat-developer%2Fred-hat-developer-hub-software-templates%20..%2F..%2F&type=code

Outside of dry run, it gets past these steps.

Environment

  • Red Hat Developer Hub (RHDH) 1.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content