From 0502e09399bdce020f3d7f08f5ac970504d60185 Mon Sep 17 00:00:00 2001 From: Lucas Bajolet Date: Thu, 21 Mar 2024 11:52:18 -0400 Subject: [PATCH] packer: check API version matches between name/bin As with the version of the plugin, the API version should also match between the path and the self-reported API version from the describe command. This was not checked before, so users could masquerade a plugin's use of an API version that may be incompatible with Packer. To avoid this problem, we make sure both versions are the same, so that they work as expected. --- packer/plugin-getter/plugins.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packer/plugin-getter/plugins.go b/packer/plugin-getter/plugins.go index e38c4e97e..80559ca24 100644 --- a/packer/plugin-getter/plugins.go +++ b/packer/plugin-getter/plugins.go @@ -211,6 +211,12 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL log.Printf("invalid plugin pre-release version %q, only development or release binaries are accepted", pluginVersionStr) } + // Check the API version matches between path and describe + if describeInfo.APIVersion != protocolVerionStr { + log.Printf("plugin %q reported API version %q while its name implies version %q, ignoring", path, describeInfo.APIVersion, protocolVerionStr) + continue + } + // no constraint means always pass, this will happen for implicit // plugin requirements and when we list all plugins. //