Skip to content

fix: ensure proper prefix for tenant repositories in storage operations #1082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: ensure proper prefix for tenant repositories in storage operations #1082

wants to merge 2 commits into from

Conversation

@nerdeveloper
Copy link
Member

@nerdeveloper nerdeveloper commented May 18, 2025
edited
Loading

This PR fixes a critical tenant isolation bug in ChartMuseum:

Before the fix:

  • When listing charts for tenant "abc", ChartMuseum incorrectly included any chart that started with "abc" (like "abc-def-1.1.1.tgz") even if it was in the root directory
  • This was a security issue as tenants could potentially see charts they shouldn't have access to

After the fix:

  • ChartMuseum now properly isolates tenant charts by only including charts that are actually inside the tenant's directory
  • For example, for tenant "abc", only charts inside the "abc/" directory are included
  • Charts in the root that just happen to start with "abc" are correctly excluded

To make it super clear:

Before Fix:
└── bucket
    ├── abc-def-1.1.1.tgz    ❌ (ChartMuseum wrongly included these)
    ├── abc-def-1.1.24.tgz   ❌ (because they start with "abc")
    └── abc/
        └── xyz-1.1.1.tgz    ✅ (should only include this)

After Fix:
└── bucket
    ├── abc-def-1.1.1.tgz    ✅ (ChartMuseum correctly ignores these)
    ├── abc-def-1.1.24.tgz   ✅ (because they're not in the abc/ folder)
    └── abc/
        └── xyz-1.1.1.tgz    ✅ (only includes this, as it should!)

@nerdeveloper nerdeveloper linked an issue May 18, 2025 that may be closed by this pull request
Unable to refresh tenant index and get new chart versions #794
Open
@nerdeveloper nerdeveloper mentioned this pull request May 18, 2025
Open
@nerdeveloper nerdeveloper requested review from cbuto and scbizu May 18, 2025 18:42
@scbizu
Copy link
Contributor

scbizu commented May 19, 2025

@nerdeveloper Thank you for following this issue , I looked it before and totally forget this after a period XD . The implementation is LGTM , but I am a little confusing about the testing code , in my opinion , we do not need to mock the backend storage , we use the local storage as the backend provider by default , and the tests maybe should include the behavior changes about multi-tenant's depth server , or do I miss the some original information ?

@nerdeveloper
Copy link
Member Author

nerdeveloper commented May 19, 2025

I am using the local‐filesystem backend (not a mock) inside the tests and added the behaviour change you mentioned (prefix isolation for multi-tenant depth). @scbizu, let me know

@scbizu scbizu added this to the v0.16.4 milestone Jul 11, 2025
@scbizu
Copy link
Contributor

scbizu commented Jul 12, 2025

Hi @nerdeveloper , I am looking back this issue , and find that the unit testing code maybe unnecessary for this case , because our test code using local as backend provider . And the local storage impl is correct for this case . To keep the behavior is the similar from every backend provider , I prefer to change the storage package and not the CM end , what do you think ?

scbizu added a commit to chartmuseum/storage that referenced this pull request Jul 12, 2025
@scbizu
all: oss: ListObjects should treat prefix as a dir
62f50a3 
See:
- helm/chartmuseum#1082
- helm/chartmuseum#794

Signed-off-by: scnace <[email protected]>
@scbizu scbizu mentioned this pull request Jul 12, 2025
Open
@scbizu
Copy link
Contributor

scbizu commented Jul 12, 2025

I have created a PR in storage , @nerdeveloper can you help to check it ?

scbizu added a commit to chartmuseum/storage that referenced this pull request Jul 12, 2025
@scbizu
all: oss: ListObjects should treat prefix as a dir
c53873e 
See:
- helm/chartmuseum#1082
- helm/chartmuseum#794

Signed-off-by: scnace <[email protected]>
scbizu added a commit to chartmuseum/storage that referenced this pull request Jul 12, 2025
@scbizu
all: oss: ListObjects should treat prefix as a dir
8daab2f 
See:
- helm/chartmuseum#1082
- helm/chartmuseum#794

Signed-off-by: scnace <[email protected]>
scbizu added a commit to chartmuseum/storage that referenced this pull request Jul 12, 2025
@scbizu
all: oss: ListObjects should treat prefix as a dir
61fed52 
See:
- helm/chartmuseum#1082
- helm/chartmuseum#794

Signed-off-by: scnace <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scbizu scbizu Awaiting requested review from scbizu

@cbuto cbuto Awaiting requested review from cbuto

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

v0.16.4

Development

Successfully merging this pull request may close these issues.

Unable to refresh tenant index and get new chart versions

2 participants

@nerdeveloper @scbizu