Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Fix the permission errors in Windows and add back the CVE-2007-4559 Patch changes #4580

Merged
merged 7 commits into from
Jan 20, 2023
Merged

fix: Fix the permission errors in Windows and add back the CVE-2007-4559 Patch changes #4580

merged 7 commits into from
Jan 20, 2023

Conversation

hnnasit
Copy link
Contributor

@hnnasit hnnasit commented Jan 16, 2023
edited
Loading

Reverts #4560

The CVE Security Patch changes were breaking the windows integrations tests due to a permission denied error while running --use-container for buildcmd tests. The issue was NamedTemporaryFile.name was used to open the file a second time and according to https://docs.python.org/3/library/tempfile.html#tempfile.NamedTemporaryFile, name cannot be used to open the file a second time while its still open on Windows.

The extract_tarfile function now takes in file_obj and file name as input parameters. Either option can be used to extract a tar_file.

Integration tests were run on Windows, MacOS, & Linux to confirm the new changes work. Functional tests are added to test extracting a tarfile using the file name. Integration tests that run the buildcmd with --use-container flag can be used for verifying the behavior for extracting a tarfile using fileobj.

@hnnasit hnnasit marked this pull request as ready for review January 18, 2023 17:04
@hnnasit hnnasit requested a review from a team as a code owner January 18, 2023 17:04
@hnnasit hnnasit requested review from qingchm and moelasmar January 18, 2023 17:04
qingchm
qingchm approved these changes Jan 20, 2023
View reviewed changes
Copy link
Contributor

@qingchm qingchm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@hnnasit hnnasit merged commit 4564b8d into develop Jan 20, 2023
mildaniel pushed a commit to mildaniel/aws-sam-cli that referenced this pull request Jan 26, 2023
@hnnasit @mildaniel
fix: Fix the permission errors in Windows and add back the CVE-2007-4559
6f22086 
 Patch changes (aws#4580)

* Revert "Revert "fix: Add back the fixed CVE-2007-4559 Patch changes (aws#4539)" (aws#4560)"

This reverts commit 6aab7de.

* Updated extract_tarfile to include fileobj as input parameter as well

* Added functional tests for file_obj kw arg
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qingchm qingchm qingchm approved these changes

@hawflau hawflau hawflau approved these changes

@moelasmar moelasmar Awaiting requested review from moelasmar moelasmar was automatically assigned from aws/serverless-application-experience-sbt

Assignees
No one assigned
Labels
area/local/invoke sam local invoke command area/local/start-api sam local start-api command area/local/start-invoke pr/internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hnnasit @hawflau @qingchm