1:46 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1107420
Add a new define/create flag VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID
to disallow new secrets to be defined/created using a usage id
comprised entirely of spaces.
Alter the secretxml2xmltest to add a parse failure scenario and
a test in order to prove the failure occurs.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/conf/secret_conf.c | 10 ++++++-
src/conf/secret_conf.h | 7 +++++
src/secret/secret_driver.c | 3 +-
.../usage-whitespace-invalid.xml | 7 +++++
tests/secretxml2xmltest.c | 30 +++++++++++++++----
5 files changed, 49 insertions(+), 8 deletions(-)
create mode 100644 tests/secretxml2xmlin/usage-whitespace-invalid.xml
diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index d98a4f2442..9a77327014 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -130,7 +130,7 @@ virSecretDefParseXML(xmlXPathContextPtr ctxt,
char *prop = NULL;
char *uuidstr = NULL;
- virCheckFlags(0, NULL);
+ virCheckFlags(VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID, NULL);
if (VIR_ALLOC(def) < 0)
goto cleanup;
@@ -183,6 +183,14 @@ virSecretDefParseXML(xmlXPathContextPtr ctxt,
if (virXPathNode("./usage", ctxt) != NULL
&& virSecretDefParseUsage(ctxt, def) < 0)
goto cleanup;
+
+ if (def->usage_id && (flags & VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID)
&&
+ virStringIsEmpty(def->usage_id)) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("usage name must contain at least one non blank
character"));
+ goto cleanup;
+ }
+
VIR_STEAL_PTR(ret, def);
cleanup:
diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h
index 2a19629f54..b7aa70d785 100644
--- a/src/conf/secret_conf.h
+++ b/src/conf/secret_conf.h
@@ -39,6 +39,13 @@ struct _virSecretDef {
void virSecretDefFree(virSecretDefPtr def);
+typedef enum {
+ /* Perform extra name validation on new secret usage ids which
+ * will cause failure to parse the XML. Initially just that a
+ * name cannot be all white space. */
+ VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID = 1 << 0,
+} virSecretDefParseFlags;
+
virSecretDefPtr virSecretDefParseString(const char *xml,
unsigned int flags);
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 5e1f82a314..2a66481d37 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -215,10 +215,11 @@ secretDefineXML(virConnectPtr conn,
virSecretDefPtr backup = NULL;
virSecretDefPtr def;
virObjectEventPtr event = NULL;
+ unsigned int parse_flags = VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID;
virCheckFlags(0, NULL);
- if (!(def = virSecretDefParseString(xml, 0)))
+ if (!(def = virSecretDefParseString(xml, parse_flags)))
return NULL;
if (virSecretDefineXMLEnsureACL(conn, def) < 0)
diff --git a/tests/secretxml2xmlin/usage-whitespace-invalid.xml
b/tests/secretxml2xmlin/usage-whitespace-invalid.xml
new file mode 100644
index 0000000000..7611bd53d1
--- /dev/null
+++ b/tests/secretxml2xmlin/usage-whitespace-invalid.xml
@@ -0,0 +1,7 @@
+<secret ephemeral='no' private='yes'>
+ <uuid>f52a81b2-424e-490c-823d-6bd4235bc572</uuid>
+ <description>Ceph secret</description>
+ <usage type='ceph'>
+ <name> </name>
+ </usage>
+</secret>
diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c
index 573edd6012..3c624d8319 100644
--- a/tests/secretxml2xmltest.c
+++ b/tests/secretxml2xmltest.c
@@ -9,14 +9,24 @@
#define VIR_FROM_THIS VIR_FROM_NONE
static int
-testCompareXMLToXMLFiles(const char *inxml, const char *outxml)
+testCompareXMLToXMLFiles(const char *inxml,
+ const char *outxml,
+ bool expect_parse_fail)
{
char *actual = NULL;
int ret = -1;
virSecretDefPtr secret = NULL;
-
- if (!(secret = virSecretDefParseFile(inxml, 0)))
+ unsigned int parse_flags = VIR_SECRET_DEF_PARSE_VALIDATE_USAGE_ID;
+
+ if (!(secret = virSecretDefParseFile(inxml, parse_flags))) {
+ if (expect_parse_fail) {
+ VIR_TEST_DEBUG("Got expected parse failure msg='%s'",
+ virGetLastErrorMessage());
+ virResetLastError();
+ ret = 0;
+ }
goto fail;
+ }
if (!(actual = virSecretDefFormat(secret)))
goto fail;
@@ -35,6 +45,7 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml)
struct testInfo {
const char *name;
bool different;
+ bool expect_fail;
};
static int
@@ -54,7 +65,7 @@ testCompareXMLToXMLHelper(const void *data)
goto cleanup;
}
- result = testCompareXMLToXMLFiles(inxml, outxml);
+ result = testCompareXMLToXMLFiles(inxml, outxml, info->expect_fail);
cleanup:
VIR_FREE(inxml);
@@ -68,19 +79,26 @@ mymain(void)
{
int ret = 0;
-#define DO_TEST(name) \
+#define DO_TEST_FULL(name, different, parse_fail) \
do { \
- const struct testInfo info = {name, false}; \
+ const struct testInfo info = {name, different, parse_fail}; \
if (virTestRun("Secret XML->XML " name, \
testCompareXMLToXMLHelper, &info) < 0) \
ret = -1; \
} while (0)
+#define DO_TEST(name) \
+ DO_TEST_FULL(name, false, false)
+
+#define DO_TEST_PARSE_FAIL(name) \
+ DO_TEST_FULL(name, false, true)
+
DO_TEST("ephemeral-usage-volume");
DO_TEST("usage-volume");
DO_TEST("usage-ceph");
DO_TEST("usage-iscsi");
DO_TEST("usage-tls");
+ DO_TEST_PARSE_FAIL("usage-whitespace-invalid");
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.17.1