mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-28 03:08:14 +00:00
Merge pull request #2392 from GNS3/bugfix/2385
Forbid unsafe Qemu additional options
This commit is contained in:
commit
90dce03da2
@ -93,6 +93,8 @@ require_kvm = True
|
|||||||
enable_hardware_acceleration = True
|
enable_hardware_acceleration = True
|
||||||
; Require hardware acceleration in order to start VMs (all platforms)
|
; Require hardware acceleration in order to start VMs (all platforms)
|
||||||
require_hardware_acceleration = False
|
require_hardware_acceleration = False
|
||||||
|
; Allow unsafe additional command line options
|
||||||
|
allow_unsafe_options = False
|
||||||
|
|
||||||
[VMware]
|
[VMware]
|
||||||
; First vmnet interface of the range that can be managed by the GNS3 server
|
; First vmnet interface of the range that can be managed by the GNS3 server
|
||||||
|
@ -53,6 +53,12 @@ from ...utils import macaddress_to_int, int_to_macaddress, is_ipv6_enabled
|
|||||||
import logging
|
import logging
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
# forbidden additional options
|
||||||
|
FORBIDDEN_OPTIONS = {"-blockdev", "-drive", "-hda", "-hdb", "-hdc", "-hdd",
|
||||||
|
"-fsdev", "-virtfs"}
|
||||||
|
FORBIDDEN_OPTIONS |= {"-" + opt for opt in FORBIDDEN_OPTIONS
|
||||||
|
if opt.startswith("-") and not opt.startswith("--")}
|
||||||
|
|
||||||
|
|
||||||
class QemuVM(BaseNode):
|
class QemuVM(BaseNode):
|
||||||
module_name = 'qemu'
|
module_name = 'qemu'
|
||||||
@ -2424,9 +2430,19 @@ class QemuVM(BaseNode):
|
|||||||
command.extend(self._tpm_options())
|
command.extend(self._tpm_options())
|
||||||
if additional_options:
|
if additional_options:
|
||||||
try:
|
try:
|
||||||
command.extend(shlex.split(additional_options))
|
additional_opt_list = shlex.split(additional_options)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
raise QemuError("Invalid additional options: {} error {}".format(additional_options, e))
|
raise QemuError("Invalid additional options: {} error {}".format(additional_options, e))
|
||||||
|
allow_unsafe_options = self.manager.config.get_section_config("Qemu").getboolean(
|
||||||
|
"allow_unsafe_options",
|
||||||
|
False
|
||||||
|
)
|
||||||
|
if allow_unsafe_options is False:
|
||||||
|
for opt in additional_opt_list:
|
||||||
|
if opt in FORBIDDEN_OPTIONS:
|
||||||
|
raise QemuError("Forbidden additional option: {}".format(opt))
|
||||||
|
command.extend(additional_opt_list)
|
||||||
|
|
||||||
# avoiding mouse offset (see https://github.com/GNS3/gns3-server/issues/2335)
|
# avoiding mouse offset (see https://github.com/GNS3/gns3-server/issues/2335)
|
||||||
if self._console_type == "vnc":
|
if self._console_type == "vnc":
|
||||||
command.extend(['-machine', 'usb=on', '-device', 'usb-tablet'])
|
command.extend(['-machine', 'usb=on', '-device', 'usb-tablet'])
|
||||||
|
@ -774,6 +774,14 @@ async def test_build_command_with_invalid_options(vm):
|
|||||||
await vm._build_command()
|
await vm._build_command()
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.skipif(sys.platform.startswith("win"), reason="Not supported on Windows")
|
||||||
|
async def test_build_command_with_forbidden_options(vm):
|
||||||
|
|
||||||
|
vm.options = "-blockdev"
|
||||||
|
with pytest.raises(QemuError):
|
||||||
|
await vm._build_command()
|
||||||
|
|
||||||
|
|
||||||
def test_hda_disk_image(vm, images_dir):
|
def test_hda_disk_image(vm, images_dir):
|
||||||
|
|
||||||
open(os.path.join(images_dir, "test1"), "w+").close()
|
open(os.path.join(images_dir, "test1"), "w+").close()
|
||||||
|
Loading…
Reference in New Issue
Block a user