artifact: fix numerous go-getter security issues

Fix numerous go-getter security issues: - Add timeouts to http, git, and hg operations to prevent DoS - Add size limit to http to prevent resource exhaustion - Disable following symlinks in both artifacts and `job run` - Stop performing initial HEAD request to avoid file corruption on retries and DoS opportunities. **Approach** Since Nomad has no ability to differentiate a DoS-via-large-artifact vs a legitimate workload, all of the new limits are configurable at the client agent level. The max size of HTTP downloads is also exposed as a node attribute so that if some workloads have large artifacts they can specify a high limit in their jobspecs. In the future all of this plumbing could be extended to enable/disable specific getters or artifact downloading entirely on a per-node basis.
2026-01-01 16:05:42 +03:00 · 2022-05-03 15:38:32 -07:00
parent 94abe338e9
commit 3968509886
29 changed files with 1092 additions and 77 deletions
--- a/command/agent/command.go
+++ b/command/agent/command.go
@@ -406,6 +406,11 @@ func (c *Command) IsValidConfig(config, cmdConfig *Config) bool {
 		}
 	}

+	if err := config.Client.Artifact.Validate(); err != nil {
+		c.Ui.Error(fmt.Sprintf("client.artifact stanza invalid: %v", err))
+		return false
+	}
+
 	if !config.DevMode {
 		// Ensure that we have the directories we need to run.
 		if config.Server.Enabled && config.DataDir == "" {