Possible to escape working directory with cwd:// for remote plaintext Bake definitions

[dvdksn]

Contributing guidelines

• I've read the contributing guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... the documentation does not mention anything about my problem
• ... there are no open or closed issues that are related to my problem

Description

Bake should error out if you try to escape the current working directory in a remote Bake definition. This validation only occurs for remote Bake files in Git. For remote plaintext files, no validation occurs.

Expected behaviour

ERROR: path /private/tmp is outside of the working directory, please set BAKE_ALLOW_REMOTE_FS_ACCESS=1

Actual behaviour

It copies the files fine.

Buildx version

github.com/docker/buildx 056cf8a 056cf8a

Docker info

No response

Builders list

Name:          container
Driver:        docker-container
Last Activity: 2024-09-13 13:46:41 +0000 UTC

Nodes:
Name:                  container0
Endpoint:              desktop-linux
Driver Options:        default-load="true" image="moby/buildkit:master"
Status:                running
BuildKit daemon flags: --allow-insecure-entitlement=network.host
BuildKit version:      3a70550

Configuration

target "default" {
  context = "cwd:///tmp"
  dockerfile-inline = <<EOT
FROM alpine
WORKDIR /src
COPY . .
RUN ls -l && stop
EOT
}

target "named" {
  contexts = {
    tmp = "cwd:///tmp"
  }
  dockerfile-inline = <<EOT
FROM alpine
WORKDIR /src
COPY --from=tmp . .
RUN ls -l && stop
EOT
}