Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

:bug: remove ability to call env and expandenv in webhook (#1977)

This allows an attacker to exfiltrate environment variables.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Moritz Johner 3 years ago
parent
fa3acc5fa4
commit
6da8b96d4d
1 changed files with 1 additions and 2 deletions
Split View Show Diff Stats
  1. 1 2
      pkg/provider/webhook/webhook.go

+ 1 - 2
pkg/provider/webhook/webhook.go
View File 

@@ -27,7 +27,6 @@ import (
 
 	tpl "text/template"
 
 	"time"
 
 
-	"github.com/Masterminds/sprig/v3"
 
 	"github.com/PaesslerAG/jsonpath"
 
 	"gopkg.in/yaml.v3"
 
 	corev1 "k8s.io/api/core/v1"
 
@@ -446,7 +445,7 @@ func executeTemplate(tmpl string, data map[string]map[string]string) (bytes.Buff
 
 	if tmpl == "" {
 
 		return result, nil
 
 	}
 
-	urlt, err := tpl.New("webhooktemplate").Funcs(sprig.TxtFuncMap()).Funcs(template.FuncMap()).Parse(tmpl)
 
+	urlt, err := tpl.New("webhooktemplate").Funcs(template.FuncMap()).Parse(tmpl)
 
 	if err != nil {
 
 		return result, err
 
 	}