Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
salt.4663
0044-Add-general-sanitisers.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0044-Add-general-sanitisers.patch of Package salt.4663
From 16ebe554952ee8a2c7c71fd0cdbd2828645f6eb6 Mon Sep 17 00:00:00 2001 From: Bo Maryniuk <bo@suse.de> Date: Wed, 23 Nov 2016 19:07:00 +0100 Subject: [PATCH 44/45] Add general sanitisers Add filename sanitiser Add hostname sanitiser Rename "general.py" to "sanitisers.py" Add a stub for ID sanitiser (at the moment same as hostname) Rename for american spelling Remove trailing dots Sanitize ID input for key generator Add test case for sanitizers Fix imports: builtins was deprecated Sanitize only non-None values --- salt/utils/sanitizers.py | 61 +++++++++++++++++++++++++++++++++++++ salt/wheel/key.py | 5 +++ tests/unit/utils/sanitizers_test.py | 57 ++++++++++++++++++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 salt/utils/sanitizers.py create mode 100644 tests/unit/utils/sanitizers_test.py diff --git a/salt/utils/sanitizers.py b/salt/utils/sanitizers.py new file mode 100644 index 0000000000..a80d8e22eb --- /dev/null +++ b/salt/utils/sanitizers.py @@ -0,0 +1,61 @@ +# -*- coding: utf-8 -*- +# +# Copyright 2016 SUSE LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import re +import os.path +from salt.ext.six import text_type as text + +from salt.exceptions import CommandExecutionError + + +class InputSanitizer(object): + @staticmethod + def trim(value): + ''' + Raise an exception if value is empty. Otherwise strip it down. + :param value: + :return: + ''' + value = (value or '').strip() + if not value: + raise CommandExecutionError("Empty value during sanitation") + + return text(value) + + @staticmethod + def filename(value): + ''' + Remove everything that would affect paths in the filename + + :param value: + :return: + ''' + return re.sub('[^a-zA-Z0-9.-_ ]', '', os.path.basename(InputSanitizer.trim(value))) + + @staticmethod + def hostname(value): + ''' + Clean value for RFC1123. + + :param value: + :return: + ''' + return re.sub(r'[^a-zA-Z0-9.-]', '', InputSanitizer.trim(value)).strip('.') + + id = hostname + + +clean = InputSanitizer() diff --git a/salt/wheel/key.py b/salt/wheel/key.py index 6b69e150ad..8730ca783d 100644 --- a/salt/wheel/key.py +++ b/salt/wheel/key.py @@ -11,6 +11,8 @@ import hashlib # Import salt libs import salt.key import salt.crypt +from salt.utils.sanitizers import clean + __func_alias__ = { 'list_': 'list' @@ -117,6 +119,8 @@ def gen(id_=None, keysize=2048): ''' if id_ is None: id_ = hashlib.sha512(os.urandom(32)).hexdigest() + else: + id_ = clean.id(id_) ret = {'priv': '', 'pub': ''} priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize) @@ -135,6 +139,7 @@ def gen_accept(id_, keysize=2048, force=False): Generate a key pair then accept the public key. This function returns the key pair in a dict, only the public key is preserved on the master. ''' + id_ = clean.id(id_) ret = gen(id_, keysize) acc_path = os.path.join(__opts__['pki_dir'], 'minions', id_) if os.path.isfile(acc_path) and not force: diff --git a/tests/unit/utils/sanitizers_test.py b/tests/unit/utils/sanitizers_test.py new file mode 100644 index 0000000000..a80d80d4cf --- /dev/null +++ b/tests/unit/utils/sanitizers_test.py @@ -0,0 +1,57 @@ +# -*- coding: utf-8 -*- + +# Import python libs +from __future__ import absolute_import +from salt.ext.six import text_type as text + +# Import Salt Libs +from salt.utils.sanitizers import clean + +# Import Salt Testing Libs +from salttesting import TestCase, skipIf +from salttesting.mock import NO_MOCK, NO_MOCK_REASON +from salttesting.helpers import ensure_in_syspath + +ensure_in_syspath('../../') + + +@skipIf(NO_MOCK, NO_MOCK_REASON) +class SanitizersTestCase(TestCase): + ''' + TestCase for sanitizers + ''' + def test_sanitized_trim(self): + ''' + Test sanitized input for trimming + ''' + value = u' sample ' + response = clean.trim(value) + assert response == 'sample' + assert type(response) == text + + def test_sanitized_filename(self): + ''' + Test sanitized input for filename + ''' + value = '/absolute/path/to/the/file.txt' + response = clean.filename(value) + assert response == 'file.txt' + + value = '../relative/path/to/the/file.txt' + response = clean.filename(value) + assert response == 'file.txt' + + def test_sanitized_hostname(self): + ''' + Test sanitized input for hostname (id) + ''' + value = ' ../ ../some/dubious/hostname ' + response = clean.hostname(value) + assert response == 'somedubioushostname' + + test_sanitized_id = test_sanitized_hostname + + +if __name__ == '__main__': + from integration import run_tests + run_tests(ArgsTestCase, needs_daemon=False) -- 2.11.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor