From 3fdee1b8e84a8d402214dcfe6d3d3b64208e14dc Mon Sep 17 00:00:00 2001
From: Don Olmstead <don.j.olmstead@gmail.com>
Date: Fri, 7 Aug 2015 16:18:11 -0700
Subject: [PATCH] Disallowing : in the path for a cached entry

---
 pkg/yaml/lint.go      |  4 ++++
 pkg/yaml/lint_test.go | 11 ++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkg/yaml/lint.go b/pkg/yaml/lint.go
index 26c741410..9141549af 100644
--- a/pkg/yaml/lint.go
+++ b/pkg/yaml/lint.go
@@ -110,6 +110,10 @@ func expectTrustedNotify(c *common.Config) error {
 // in the workspace.
 func expectCacheInWorkspace(c *common.Config) error {
 	for _, step := range c.Build.Cache {
+		if strings.Index(step, ":") != -1 {
+			return fmt.Errorf("Cache cannot contain : in the path")
+		}
+
 		cleaned := filepath.Clean(step)
 
 		if strings.Index(cleaned, "../") != -1 {
diff --git a/pkg/yaml/lint_test.go b/pkg/yaml/lint_test.go
index 0d8fd9e3e..d446f684a 100644
--- a/pkg/yaml/lint_test.go
+++ b/pkg/yaml/lint_test.go
@@ -113,7 +113,16 @@ func Test_Linter(t *testing.T) {
 				},
 			}
 			g.Assert(expectCacheInWorkspace(c) != nil).IsTrue()
-		})		
+		})
+
+		g.It("Should fail when : is in the path", func() {
+			c := &common.Config{
+				Build: &common.Step{
+					Cache: []string{".git",".git:/../"},
+				},
+			}
+			g.Assert(expectCacheInWorkspace(c) != nil).IsTrue()
+		})
 	})
 }