[PATCH 0/2] Fix formatting of http cookies into XML
See 2/2. Peter Krempa (2): virstoragetest: testBackingParse: Use VIR_DOMAIN_DEF_FORMAT_SECURE when formatting xml conf: Don't format http cookies unless VIR_DOMAIN_DEF_FORMAT_SECURE is used src/conf/domain_conf.c | 8 ++++++-- tests/virstoragetest.c | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) -- 2.26.0
We want to format even the secure information in tests. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/virstoragetest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 6e8ebeba13..6d2b21c25f 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -594,6 +594,7 @@ testBackingParse(const void *args) g_autoptr(virStorageSource) src = NULL; int rc; int erc = data->rv; + unsigned int xmlformatflags = VIR_DOMAIN_DEF_FORMAT_SECURE; /* expect failure return code with NULL expected data */ if (!data->expect) @@ -613,7 +614,7 @@ testBackingParse(const void *args) return -1; } - if (virDomainDiskSourceFormat(&buf, src, "source", 0, false, 0, true, NULL) < 0 || + if (virDomainDiskSourceFormat(&buf, src, "source", 0, false, xmlformatflags, true, NULL) < 0 || !(xml = virBufferContentAndReset(&buf))) { fprintf(stderr, "failed to format disk source xml\n"); return -1; -- 2.26.0
Starting from 3b076391befc3fe72deb0c244ac6c2b4c100b410 (v6.1.0-122-g3b076391be) we support http cookies. Since they may contain somewhat sensitive information we should not format into the XML unless VIR_DOMAIN_DEF_FORMAT_SECURE is asserted. Reported-by: Han Han <hhan@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/conf/domain_conf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 8e8146374c..8700d56761 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -24636,11 +24636,15 @@ virDomainSourceDefFormatSeclabel(virBufferPtr buf, static void virDomainDiskSourceFormatNetworkCookies(virBufferPtr buf, - virStorageSourcePtr src) + virStorageSourcePtr src, + unsigned int flags) { g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); size_t i; + if (!(flags & VIR_DOMAIN_DEF_FORMAT_SECURE)) + return; + for (i = 0; i < src->ncookies; i++) { virBufferEscapeString(&childBuf, "<cookie name='%s'>", src->cookies[i]->name); virBufferEscapeString(&childBuf, "%s</cookie>\n", src->cookies[i]->value); @@ -24701,7 +24705,7 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virTristateBoolTypeToString(src->sslverify)); } - virDomainDiskSourceFormatNetworkCookies(childBuf, src); + virDomainDiskSourceFormatNetworkCookies(childBuf, src, flags); if (src->readahead) virBufferAsprintf(childBuf, "<readahead size='%llu'/>\n", src->readahead); -- 2.26.0
On Tue, Apr 14, 2020 at 10:38:48AM +0200, Peter Krempa wrote:
Starting from 3b076391befc3fe72deb0c244ac6c2b4c100b410
s/from/with
(v6.1.0-122-g3b076391be) we support http cookies. Since they may contain somewhat sensitive information we should not format into the XML unless
s/format/format them/ -- Erik Skultety
On Tue, Apr 14, 2020 at 10:38:46AM +0200, Peter Krempa wrote:
See 2/2.
Peter Krempa (2): virstoragetest: testBackingParse: Use VIR_DOMAIN_DEF_FORMAT_SECURE when formatting xml conf: Don't format http cookies unless VIR_DOMAIN_DEF_FORMAT_SECURE is used
src/conf/domain_conf.c | 8 ++++++-- tests/virstoragetest.c | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-)
-- 2.26.0
Reviewed-by: Erik Skultety <eskultet@redhat.com>
participants (2)
-
Erik Skultety -
Peter Krempa