iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix security hole with ami filter

This commit is contained in:
Megan Marsh 2018-08-13 17:01:13 -07:00
parent 39fc8593de
commit 250da0ab49
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
builder/amazon/common/run_config.go
View File

@ -25,6 +25,10 @@ func (d *AmiFilterOptions) Empty() bool {
return len(d.Owners) == 0 && len(d.Filters) == 0 return len(d.Owners) == 0 && len(d.Filters) == 0
} }
func (d *AmiFilterOptions) NoOwner() bool {
return len(d.Owners) == 0
}
// RunConfig contains configuration for running an instance from a source // RunConfig contains configuration for running an instance from a source
// AMI and details on how to access that launched image. // AMI and details on how to access that launched image.
type RunConfig struct { type RunConfig struct {
@ -101,6 +105,10 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
errs = append(errs, fmt.Errorf("A source_ami or source_ami_filter must be specified")) errs = append(errs, fmt.Errorf("A source_ami or source_ami_filter must be specified"))
} }
if c.SourceAmi == "" && c.SourceAmiFilter.NoOwner() {
errs = append(errs, fmt.Errorf("For security reasons, your source AMI filter must declare an owner."))
}
if c.InstanceType == "" { if c.InstanceType == "" {
errs = append(errs, fmt.Errorf("An instance_type must be specified")) errs = append(errs, fmt.Errorf("An instance_type must be specified"))
} }