Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tempest] Fix special chars in TEMPESTCONF_OVERRIDES #212

Merged
merged 1 commit into from
Sep 19, 2024
Merged

[tempest] Fix special chars in TEMPESTCONF_OVERRIDES #212

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions container-images/tcib/base/os/tempest/run_tempest.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,16 @@ function upload_extra_images {
done
}


# This function ensures all arguments are handled properly:
# - Embedded quotes are preserved, e.g. "Some string"
# - Special bash characters don't need to be escaped, e.g. cubswin:)
function discover_tempest_config {
cat <<EOF | xargs discover-tempest-config
$*
EOF
}

Copy link
Contributor

@SeanMooney SeanMooney Sep 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seam to work as indended

~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:41:46]❯ ln -s /bin/echo .local/bin/discover-tempest-config
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
00:41:58]➜ function discover_tempest_config {
    cat <<EOF | xargs discover-tempest-config
$*
EOF
 }
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:42:04]➜ discover_tempest_config test
test
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:42:07]➜ discover_tempest_config test:)
bash: syntax error near unexpected token `)'
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:42:10]❯ data="test:)"
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:42:30]➜ discover_tempest_config ${data}
test:)
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:42:39]➜ data="test :)"
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:42:57]➜ discover_tempest_config ${data}
test :)
~ via 🐹 v1.20.12 via 🐍 v3.11.9

at least if the charters that need to be escapes are in a variable
or they are quoted when being passed to the function directly.

[00:42:58]➜ discover_tempest_config '${data}'
${data}
~ via 🐹 v1.20.12 via 🐍 v3.11.9
[00:42:58]➜ discover_tempest_config '${data}'
${data}
~ via 🐹 v1.20.12 via 🐍 v3.11.9

interpolation or not of variable in string also works

[00:45:31]❯ data="test; echo do bad thing :("
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
00:47:04]➜ discover_tempest_config "${data}"
test; echo do bad thing :(
~ via 🐹 v1.20.12 via 🐍 v3.11.9 
[00:47:08]➜ discover_tempest_config ${data}
test; echo do bad thing :(

it also prevent basic exploites like adding ; shell injection goes here

not that it nessicaly safe but i think this is safer then eval too.

function run_git_tempest {
mkdir -p $TEMPEST_EXTERNAL_PLUGIN_DIR
pushd $TEMPEST_EXTERNAL_PLUGIN_DIR
Expand Down Expand Up @@ -318,7 +328,7 @@ function run_git_tempest {
tempest init openshift
pushd $TEMPEST_DIR

eval discover-tempest-config ${TEMPESTCONF_ARGS} ${TEMPESTCONF_OVERRIDES} \
discover_tempest_config ${TEMPESTCONF_ARGS} ${TEMPESTCONF_OVERRIDES} \
&& tempest run ${TEMPEST_ARGS}
RETURN_VALUE=$?

Expand All @@ -340,7 +350,7 @@ function run_rpm_tempest {
# List Tempest packages
rpm -qa | grep tempest

eval discover-tempest-config ${TEMPESTCONF_ARGS} ${TEMPESTCONF_OVERRIDES} \
discover_tempest_config ${TEMPESTCONF_ARGS} ${TEMPESTCONF_OVERRIDES} \
&& tempest run ${TEMPEST_ARGS}
RETURN_VALUE=$?

Expand Down
Loading