File 0044-Add-general-sanitisers.patch of Package salt.4663

Overview Repositories Revisions Requests Users Attributes Meta

File 0044-Add-general-sanitisers.patch of Package salt.4663

From 16ebe554952ee8a2c7c71fd0cdbd2828645f6eb6 Mon Sep 17 00:00:00 2001
From: Bo Maryniuk <bo@suse.de>
Date: Wed, 23 Nov 2016 19:07:00 +0100
Subject: [PATCH 44/45] Add general sanitisers

Add filename sanitiser

Add hostname sanitiser

Rename "general.py" to "sanitisers.py"

Add a stub for ID sanitiser (at the moment same as hostname)

Rename for american spelling

Remove trailing dots

Sanitize ID input for key generator

Add test case for sanitizers

Fix imports: builtins was deprecated

Sanitize only non-None values
---
 salt/utils/sanitizers.py            | 61 +++++++++++++++++++++++++++++++++++++
 salt/wheel/key.py                   |  5 +++
 tests/unit/utils/sanitizers_test.py | 57 ++++++++++++++++++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 salt/utils/sanitizers.py
 create mode 100644 tests/unit/utils/sanitizers_test.py

diff --git a/salt/utils/sanitizers.py b/salt/utils/sanitizers.py
new file mode 100644
index 0000000000..a80d8e22eb
--- /dev/null
+++ b/salt/utils/sanitizers.py
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright 2016 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import re
+import os.path
+from salt.ext.six import text_type as text
+
+from salt.exceptions import CommandExecutionError
+
+
+class InputSanitizer(object):
+    @staticmethod
+    def trim(value):
+        '''
+        Raise an exception if value is empty. Otherwise strip it down.
+        :param value:
+        :return:
+        '''
+        value = (value or '').strip()
+        if not value:
+            raise CommandExecutionError("Empty value during sanitation")
+
+        return text(value)
+
+    @staticmethod
+    def filename(value):
+        '''
+        Remove everything that would affect paths in the filename
+
+        :param value:
+        :return:
+        '''
+        return re.sub('[^a-zA-Z0-9.-_ ]', '', os.path.basename(InputSanitizer.trim(value)))
+
+    @staticmethod
+    def hostname(value):
+        '''
+        Clean value for RFC1123.
+
+        :param value:
+        :return:
+        '''
+        return re.sub(r'[^a-zA-Z0-9.-]', '', InputSanitizer.trim(value)).strip('.')
+
+    id = hostname
+
+
+clean = InputSanitizer()
diff --git a/salt/wheel/key.py b/salt/wheel/key.py
index 6b69e150ad..8730ca783d 100644
--- a/salt/wheel/key.py
+++ b/salt/wheel/key.py
@@ -11,6 +11,8 @@ import hashlib
 # Import salt libs
 import salt.key
 import salt.crypt
+from salt.utils.sanitizers import clean
+
 
 __func_alias__ = {
     'list_': 'list'
@@ -117,6 +119,8 @@ def gen(id_=None, keysize=2048):
     '''
     if id_ is None:
         id_ = hashlib.sha512(os.urandom(32)).hexdigest()
+    else:
+        id_ = clean.id(id_)
     ret = {'priv': '',
            'pub': ''}
     priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize)
@@ -135,6 +139,7 @@ def gen_accept(id_, keysize=2048, force=False):
     Generate a key pair then accept the public key. This function returns the
     key pair in a dict, only the public key is preserved on the master.
     '''
+    id_ = clean.id(id_)
     ret = gen(id_, keysize)
     acc_path = os.path.join(__opts__['pki_dir'], 'minions', id_)
     if os.path.isfile(acc_path) and not force:
diff --git a/tests/unit/utils/sanitizers_test.py b/tests/unit/utils/sanitizers_test.py
new file mode 100644
index 0000000000..a80d80d4cf
--- /dev/null
+++ b/tests/unit/utils/sanitizers_test.py
@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+
+# Import python libs
+from __future__ import absolute_import
+from salt.ext.six import text_type as text
+
+# Import Salt Libs
+from salt.utils.sanitizers import clean
+
+# Import Salt Testing Libs
+from salttesting import TestCase, skipIf
+from salttesting.mock import NO_MOCK, NO_MOCK_REASON
+from salttesting.helpers import ensure_in_syspath
+
+ensure_in_syspath('../../')
+
+
+@skipIf(NO_MOCK, NO_MOCK_REASON)
+class SanitizersTestCase(TestCase):
+    '''
+    TestCase for sanitizers
+    '''
+    def test_sanitized_trim(self):
+        '''
+        Test sanitized input for trimming
+        '''
+        value = u' sample '
+        response = clean.trim(value)
+        assert response == 'sample'
+        assert type(response) == text
+
+    def test_sanitized_filename(self):
+        '''
+        Test sanitized input for filename
+        '''
+        value = '/absolute/path/to/the/file.txt'
+        response = clean.filename(value)
+        assert response == 'file.txt'
+
+        value = '../relative/path/to/the/file.txt'
+        response = clean.filename(value)
+        assert response == 'file.txt'
+
+    def test_sanitized_hostname(self):
+        '''
+        Test sanitized input for hostname (id)
+        '''
+        value = '   ../ ../some/dubious/hostname      '
+        response = clean.hostname(value)
+        assert response == 'somedubioushostname'
+
+    test_sanitized_id = test_sanitized_hostname
+
+
+if __name__ == '__main__':
+    from integration import run_tests
+    run_tests(ArgsTestCase, needs_daemon=False)
-- 
2.11.0

Places

File 0044-Add-general-sanitisers.patch of Package salt.4663

Places