Feat/cli support v1#14
Open
youssef-itanii wants to merge 3 commits into
Open
Conversation
- Addition of ARM Template detection in detect.go in order to use Infracost on ARM Templates. However, this only works with config files for the moment. - Addition of a test in the breadkdown_test.go file in order to test if the cost estimation through the breakdown command is working
10b5c5a to
d7a3696
Compare
d7a3696 to
eee1fe0
Compare
eee1fe0 to
d7a3696
Compare
d7a3696 to
33baecb
Compare
4b8bbad to
ad4062c
Compare
pull Bot
pushed a commit
that referenced
this pull request
Jun 26, 2026
…-318] (infracost#3586) The config-template parser (readFile/pathExists/isDir/matchPaths) and the hosted-app file()/templatefile() guard both confined paths with a lexical Rel/HasPrefix check plus a leaf-only Lstat/EvalSymlinks. An intermediate in-repo directory symlink (evil -> /etc, then readFile "evil/passwd") defeats both: the path is lexically clean and the leaf isn't a symlink, so it passed - but the read followed the symlink out of the repo. Add internal/security.IsPathAllowed as the single containment boundary: it resolves symlinks anywhere in the path (leaf and intermediate) before a segment-aware prefix compare against the resolved parent, with a longest-existing-prefix fallback for not-yet-existent paths and a process-wide resolve cache. Route the template parser and the Terraform funcs guard through it and drop the old isSubdirectory/symlinkPath helpers. Mirrors the recent fixes in the v2 config (#14) and parser (infracost#144) repos.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.