majic-ansible-roles Changeset

Changeset - 36d96a3fc472

Parent rev.

Child rev.

[Not reviewed]

0 6 0

Branko Majic (branko) - 4 years ago 2021-01-13 00:07:32
branko@majic.rs

MAR-163: Ensure host.run is not suspectible to shell injection:

- Use host.run's built-in capability for handling parameter escaping
and insertion.

6 files changed with 9 insertions and 9 deletions:

roles/common/molecule/default/tests/test_default.py

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py

roles/web_server/molecule/default/tests/test_client.py

roles/wsgi_website/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_client.py

0 comments (0 inline, 0 general) First comment

roles/common/molecule/default/tests/test_default.py

➞

Show inline comments

     requirements checks..
     """
-    packages = host.run("sudo -u %s %s freeze --all" % ('pipreqcheck', pip_path))
+    packages = host.run("sudo -u pipreqcheck %s freeze --all", pip_path)
     # Normalise package names and order.
     expected_packages = sorted([p.lower() for p in expected_packages])

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py

➞

Show inline comments

@@ @@ -23,6 +23,6 @@ def test_connectivity_from_client(host, server): @@
     with host.sudo():
-        ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
+        ping = host.run('hping3 -S -p 25 -c 1 %s', server)
         assert ping.rc != 0
         assert "100% packet loss" in ping.stderr

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py

➞

Show inline comments

@@ @@ -21,7 +21,7 @@ def test_connectivity_from_authorised_relay(host, server): @@
     with host.sudo():
-        ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
+        ping = host.run('hping3 -S -p 25 -c 1 %s', server)
         assert ping.rc == 0
@@ @@ -37,7 +37,7 @@ def test_connectivity_from_unauthorised_relay(host, server): @@
     with host.sudo():
-        ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
+        ping = host.run('hping3 -S -p 25 -c 1 %s', server)
         assert ping.rc != 0
         assert "100% packet loss" in ping.stderr
@@ @@ -63,6 +63,6 @@ def test_open_relay(host, server): @@
     no_recipients_accepted_error_code = 24
-    send = host.run('swaks --suppress-data --to root@client1 --server %s' % server)
+    send = host.run('swaks --suppress-data --to root@client1 --server %s', server)
     assert send.rc == no_recipients_accepted_error_code
     assert "Relay access denied" in send.stdout

roles/web_server/molecule/default/tests/test_client.py

➞

Show inline comments

@@ @@ -19,5 +19,5 @@ def test_connectivity(host): @@
             # HTTP, HTTPS.
             for port in [80, 443]:
-                ping = host.run('hping3 -S -p %d -c 1 %s' % (port, server))
+                ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server)
                 assert ping.rc == 0

roles/wsgi_website/molecule/default/tests/test_default.py

➞

Show inline comments

         assert wrapper.group == expected_group
         assert wrapper.mode == 0o750
-        command = host.run("sudo -u %s %s python -c 'import gunicorn'" % (expected_owner, wrapper_script))
+        command = host.run("sudo -u %s %s python -c 'import gunicorn'", expected_owner, wrapper_script)
         assert command.rc == 0
     Tests if correct packages are installed in virtualenv.
     """
-    packages = host.run("sudo -u %s %s freeze" % (admin_user, pip_path))
+    packages = host.run("sudo -u %s %s freeze", admin_user, pip_path)
     # Normalise package names and order.
     expected_packages = sorted([p.lower() for p in expected_packages])

roles/xmpp_server/molecule/default/tests/test_client.py

➞

Show inline comments

@@ @@ -19,7 +19,7 @@ def test_connectivity(host): @@
             # c2s plaintext, c2s TLS, file proxy, s2s.
             for port in [5222, 5223, 5000, 5269]:
-                ping = host.run('hping3 -S -p %d -c 1 %s' % (port, server))
+                ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server)
                 assert ping.rc == 0

0 comments (0 inline, 0 general) First comment