This is not a security issue, just a bug in how we handle inside statements.
inside "/one" do
inside "two" do
end
inside "three" do
end
end
Right now, inside works with two but chdirs back to the workdir for three. I think this is caused by the inner end statement not handling its escape appropriately. This shouldn't be too hard to keep a stack for on the side so we can track it easier.
Workaround for now is to flatten inside statements and then use a constant/variable to scope each block, e.g.:
BUILD_DIR = "/one"
inside "#{BUILD_DIR}/two" do
end
inside "#{BUILD_DIR}/three" do
end
This is not a security issue, just a bug in how we handle
inside
statements.Right now,
inside
works withtwo
but chdirs back to the workdir forthree
. I think this is caused by the innerend
statement not handling its escape appropriately. This shouldn't be too hard to keep a stack for on the side so we can track it easier.Workaround for now is to flatten
inside
statements and then use a constant/variable to scope each block, e.g.: