mirror of
https://github.com/GNS3/gns3-server
synced 2025-01-26 07:51:13 +00:00
Fix tests about images paths security
This commit is contained in:
parent
390c88d7cd
commit
caade47e16
@ -417,9 +417,9 @@ class BaseManager:
|
||||
else:
|
||||
# For non local server we disallow using absolute path outside image directory
|
||||
if Config.instance().get_section_config("Server").get("local", False) is False:
|
||||
img_directory = self.config.get_section_config("Server").get("images_path", "~/GNS3/images")
|
||||
img_directory = self.config.get_section_config("Server").get("images_path", os.path.expanduser("~/GNS3/images"))
|
||||
if len(os.path.commonprefix([img_directory, path])) < len(img_directory):
|
||||
raise VMError("%s is not allowed on this remote server. Please use only the image filename.".format(path))
|
||||
raise VMError("{} is not allowed on this remote server. Please use only a filename in {}.".format(path, img_directory))
|
||||
|
||||
return force_unix_path(path)
|
||||
|
||||
|
@ -42,7 +42,7 @@ def fake_iou_bin(tmpdir):
|
||||
@pytest.fixture
|
||||
def base_params(tmpdir, fake_iou_bin):
|
||||
"""Return standard parameters"""
|
||||
return {"name": "PC TEST 1", "path": fake_iou_bin}
|
||||
return {"name": "PC TEST 1", "path": "iou.bin"}
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
|
@ -82,7 +82,7 @@ def test_qemu_create_platform(server, project, base_params, fake_qemu_bin):
|
||||
def test_qemu_create_with_params(server, project, base_params, fake_qemu_vm):
|
||||
params = base_params
|
||||
params["ram"] = 1024
|
||||
params["hda_disk_image"] = fake_qemu_vm
|
||||
params["hda_disk_image"] = "linux.img"
|
||||
|
||||
response = server.post("/projects/{project_id}/qemu/vms".format(project_id=project.id), params, example=True)
|
||||
assert response.status == 201
|
||||
@ -90,7 +90,7 @@ def test_qemu_create_with_params(server, project, base_params, fake_qemu_vm):
|
||||
assert response.json["name"] == "PC TEST 1"
|
||||
assert response.json["project_id"] == project.id
|
||||
assert response.json["ram"] == 1024
|
||||
assert response.json["hda_disk_image"] == fake_qemu_vm
|
||||
assert response.json["hda_disk_image"] == "linux.img"
|
||||
|
||||
|
||||
def test_qemu_get(server, project, vm):
|
||||
@ -149,13 +149,13 @@ def test_qemu_update(server, vm, tmpdir, free_console_port, project, fake_qemu_v
|
||||
"name": "test",
|
||||
"console": free_console_port,
|
||||
"ram": 1024,
|
||||
"hdb_disk_image": fake_qemu_vm
|
||||
"hdb_disk_image": "linux.img"
|
||||
}
|
||||
response = server.put("/projects/{project_id}/qemu/vms/{vm_id}".format(project_id=vm["project_id"], vm_id=vm["vm_id"]), params, example=True)
|
||||
assert response.status == 200
|
||||
assert response.json["name"] == "test"
|
||||
assert response.json["console"] == free_console_port
|
||||
assert response.json["hdb_disk_image"] == fake_qemu_vm
|
||||
assert response.json["hdb_disk_image"] == "linux.img"
|
||||
assert response.json["ram"] == 1024
|
||||
|
||||
|
||||
|
@ -58,7 +58,7 @@ def vm(project, manager, tmpdir, fake_iou_bin, iourc_file):
|
||||
config["iourc_path"] = iourc_file
|
||||
manager.config.set_section_config("IOU", config)
|
||||
|
||||
vm.path = fake_iou_bin
|
||||
vm.path = "iou.bin"
|
||||
return vm
|
||||
|
||||
|
||||
@ -101,7 +101,7 @@ def test_vm_startup_config_content(project, manager):
|
||||
def test_vm_invalid_iouyap_path(project, manager, loop, fake_iou_bin):
|
||||
with pytest.raises(IOUError):
|
||||
vm = IOUVM("test", "00010203-0405-0607-0809-0a0b0c0d0e0e", project, manager)
|
||||
vm.path = fake_iou_bin
|
||||
vm.path = "iou.bin"
|
||||
loop.run_until_complete(asyncio.async(vm.start()))
|
||||
|
||||
|
||||
@ -207,9 +207,9 @@ def test_close(vm, port_manager, loop):
|
||||
|
||||
|
||||
def test_path(vm, fake_iou_bin):
|
||||
|
||||
vm.path = fake_iou_bin
|
||||
assert vm.path == fake_iou_bin
|
||||
with patch("gns3server.config.Config.get_section_config", return_value={"local": True}):
|
||||
vm.path = fake_iou_bin
|
||||
assert vm.path == fake_iou_bin
|
||||
|
||||
|
||||
def test_path_12_location(vm, fake_iou_bin):
|
||||
@ -217,8 +217,9 @@ def test_path_12_location(vm, fake_iou_bin):
|
||||
# In 1.2 users uploaded images to the images roots
|
||||
# after the migration their images are inside images/IOU
|
||||
# but old topologies use old path
|
||||
vm.path = fake_iou_bin.replace("/IOU", "")
|
||||
assert vm.path == fake_iou_bin
|
||||
with patch("gns3server.config.Config.get_section_config", return_value={"local": True}):
|
||||
vm.path = fake_iou_bin.replace("/IOU", "")
|
||||
assert vm.path == fake_iou_bin
|
||||
|
||||
|
||||
def test_path_relative(vm, fake_iou_bin, tmpdir):
|
||||
@ -231,17 +232,18 @@ def test_path_relative(vm, fake_iou_bin, tmpdir):
|
||||
|
||||
def test_path_invalid_bin(vm, tmpdir):
|
||||
|
||||
path = str(tmpdir / "test.bin")
|
||||
with pytest.raises(IOUError):
|
||||
vm.path = path
|
||||
vm._check_requirements()
|
||||
with patch("gns3server.config.Config.get_section_config", return_value={"local": True}):
|
||||
path = str(tmpdir / "test.bin")
|
||||
with pytest.raises(IOUError):
|
||||
vm.path = path
|
||||
vm._check_requirements()
|
||||
|
||||
with open(path, "w+") as f:
|
||||
f.write("BUG")
|
||||
with open(path, "w+") as f:
|
||||
f.write("BUG")
|
||||
|
||||
with pytest.raises(IOUError):
|
||||
vm.path = path
|
||||
vm._check_requirements()
|
||||
with pytest.raises(IOUError):
|
||||
vm.path = path
|
||||
vm._check_requirements()
|
||||
|
||||
|
||||
def test_create_netmap_config(vm):
|
||||
|
@ -387,8 +387,8 @@ def test_hda_disk_image(vm, tmpdir):
|
||||
|
||||
vm.manager.config.set("Server", "images_path", str(tmpdir))
|
||||
|
||||
vm.hda_disk_image = "/tmp/test"
|
||||
assert vm.hda_disk_image == "/tmp/test"
|
||||
vm.hda_disk_image = str(tmpdir / "test")
|
||||
assert vm.hda_disk_image == str(tmpdir / "test")
|
||||
vm.hda_disk_image = "test"
|
||||
assert vm.hda_disk_image == str(tmpdir / "QEMU" / "test")
|
||||
|
||||
@ -405,8 +405,8 @@ def test_hdb_disk_image(vm, tmpdir):
|
||||
|
||||
vm.manager.config.set("Server", "images_path", str(tmpdir))
|
||||
|
||||
vm.hdb_disk_image = "/tmp/test"
|
||||
assert vm.hdb_disk_image == "/tmp/test"
|
||||
vm.hdb_disk_image = str(tmpdir / "test")
|
||||
assert vm.hdb_disk_image == str(tmpdir / "test")
|
||||
vm.hdb_disk_image = "test"
|
||||
assert vm.hdb_disk_image == str(tmpdir / "QEMU" / "test")
|
||||
|
||||
@ -415,8 +415,8 @@ def test_hdc_disk_image(vm, tmpdir):
|
||||
|
||||
vm.manager.config.set("Server", "images_path", str(tmpdir))
|
||||
|
||||
vm.hdc_disk_image = "/tmp/test"
|
||||
assert vm.hdc_disk_image == "/tmp/test"
|
||||
vm.hdc_disk_image = str(tmpdir / "test")
|
||||
assert vm.hdc_disk_image == str(tmpdir / "test")
|
||||
vm.hdc_disk_image = "test"
|
||||
assert vm.hdc_disk_image == str(tmpdir / "QEMU" / "test")
|
||||
|
||||
@ -425,8 +425,8 @@ def test_hdd_disk_image(vm, tmpdir):
|
||||
|
||||
vm.manager.config.set("Server", "images_path", str(tmpdir))
|
||||
|
||||
vm.hdd_disk_image = "/tmp/test"
|
||||
assert vm.hdd_disk_image == "/tmp/test"
|
||||
vm.hdd_disk_image = str(tmpdir / "test")
|
||||
assert vm.hdd_disk_image == str(tmpdir / "test")
|
||||
vm.hdd_disk_image = "test"
|
||||
assert vm.hdd_disk_image == str(tmpdir / "QEMU" / "test")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user