MCPcopy
hub / github.com/docker/compose / preChecks

Method preChecks

pkg/compose/publish.go:318–365  ·  view source on GitHub ↗
(ctx context.Context, project *types.Project, options api.PublishOptions)

Source from the content-addressed store, hash-verified

316}
317
318func (s *composeService) preChecks(ctx context.Context, project *types.Project, options api.PublishOptions) (bool, error) {
319 if ok, err := s.checkOnlyBuildSection(project); !ok || err != nil {
320 return false, err
321 }
322 bindMounts := s.checkForBindMount(project)
323 if len(bindMounts) > 0 {
324 b := strings.Builder{}
325 b.WriteString("you are about to publish bind mounts declaration within your OCI artifact.\n" +
326 "only the bind mount declarations will be added to the OCI artifact (not content)\n" +
327 "please double check that you are not mounting potential user's sensitive directories or data\n")
328 for key, val := range bindMounts {
329 b.WriteString(key)
330 for _, v := range val {
331 b.WriteString(v.String())
332 b.WriteRune('\n')
333 }
334 }
335 b.WriteString("Are you ok to publish these bind mount declarations?")
336 confirm, err := s.prompt(b.String(), false)
337 if err != nil || !confirm {
338 return false, err
339 }
340 }
341 detectedSecrets, err := s.checkForSensitiveData(ctx, project)
342 if err != nil {
343 return false, err
344 }
345 if len(detectedSecrets) > 0 {
346 b := strings.Builder{}
347 b.WriteString("you are about to publish sensitive data within your OCI artifact.\n" +
348 "please double check that you are not leaking sensitive data\n")
349 for _, val := range detectedSecrets {
350 b.WriteString(val.Type)
351 b.WriteRune('\n')
352 fmt.Fprintf(&b, "%q: %s\n", val.Key, val.Value)
353 }
354 b.WriteString("Are you ok to publish these sensitive data?")
355 confirm, err := s.prompt(b.String(), false)
356 if err != nil || !confirm {
357 return false, err
358 }
359 }
360 err = s.checkEnvironmentVariables(ctx, project, options)
361 if err != nil {
362 return false, err
363 }
364 return true, nil
365}
366
367// envCheckFindings groups everything checkEnvironmentVariables surfaces to
368// the user during publish pre-checks for env-related leak risks.

Callers 2

publishMethod · 0.95

Calls 5

checkOnlyBuildSectionMethod · 0.95
checkForBindMountMethod · 0.95
checkForSensitiveDataMethod · 0.95
StringMethod · 0.45