valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 01:18:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #37869 from isbm/isbm-input-sanitation-16.11

Browse Source 
Input sanitation (16.11)
This commit is contained in:
Thomas S Hatch 2016-11-29 09:17:16 -07:00 committed by GitHub
commit e2b9e58d30
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
salt/utils/sanitizers.py Normal file
View File

@ -0,0 +1,62 @@
# -*- coding: utf-8 -*-
#
# Copyright 2016 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import re
import os.path
from salt.ext.six import text_type as text
from salt.exceptions import CommandExecutionError
class InputSanitizer(object):
@staticmethod
def trim(value):
'''
Raise an exception if value is empty. Otherwise strip it down.
:param value:
:return:
'''
value = (value or '').strip()
if not value:
raise CommandExecutionError("Empty value during sanitation")
return text(value)
@staticmethod
def filename(value):
'''
Remove everything that would affect paths in the filename
:param value:
:return:
'''
return re.sub('[^a-zA-Z0-9.-_ ]', '', os.path.basename(InputSanitizer.trim(value)))
@staticmethod
def hostname(value):
'''
Clean value for RFC1123.
:param value:
:return:
'''
return re.sub(r'[^a-zA-Z0-9.-]', '', InputSanitizer.trim(value))
id = hostname
clean = InputSanitizer()

5
salt/wheel/key.py
View File

@ -37,6 +37,8 @@ import logging
from salt.key import get_key from salt.key import get_key
import salt.crypt import salt.crypt
import salt.utils import salt.utils
from salt.utils.sanitizers import clean
__func_alias__ = { __func_alias__ = {
'list_': 'list', 'list_': 'list',
@ -318,6 +320,8 @@ def gen(id_=None, keysize=2048):
''' '''
if id_ is None: if id_ is None:
id_ = hashlib.sha512(os.urandom(32)).hexdigest() id_ = hashlib.sha512(os.urandom(32)).hexdigest()
else:
id_ = clean.filename(id_)
ret = {'priv': '', ret = {'priv': '',
'pub': ''} 'pub': ''}
priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize) priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize)
@ -371,6 +375,7 @@ def gen_accept(id_, keysize=2048, force=False):
>>> wheel.cmd('key.list', ['accepted']) >>> wheel.cmd('key.list', ['accepted'])
{'minions': ['foo', 'minion1', 'minion2', 'minion3']} {'minions': ['foo', 'minion1', 'minion2', 'minion3']}
''' '''
id_ = clean.id(id_)
ret = gen(id_, keysize) ret = gen(id_, keysize)
acc_path = os.path.join(__opts__['pki_dir'], 'minions', id_) acc_path = os.path.join(__opts__['pki_dir'], 'minions', id_)
if os.path.isfile(acc_path) and not force: if os.path.isfile(acc_path) and not force: