diff options
author | Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> | 2020-04-19 08:35:37 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-04-26 13:58:59 +0100 |
commit | ebd12b10d17db0b4176b0188407d7e9b8420eab1 (patch) | |
tree | 2516a68785806ee5d54a78b9c7f96c4e50cf3ab9 /scripts/lib | |
parent | e8c21c6ebaebde88151697381bdb2452f1171090 (diff) | |
download | openembedded-core-contrib-ebd12b10d17db0b4176b0188407d7e9b8420eab1.tar.gz |
wic: rootfs: Combine path_validation in one function
Combine all the common path validation in a function to avoid code
duplication.
Cc: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib')
-rw-r--r-- | scripts/lib/wic/plugins/source/rootfs.py | 41 |
1 files changed, 19 insertions, 22 deletions
diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py index 544e868b5e..f1db83f8a1 100644 --- a/scripts/lib/wic/plugins/source/rootfs.py +++ b/scripts/lib/wic/plugins/source/rootfs.py @@ -33,6 +33,22 @@ class RootfsPlugin(SourcePlugin): name = 'rootfs' @staticmethod + def __validate_path(cmd, rootfs_dir, path): + if os.path.isabs(path): + logger.error("%s: Must be relative: %s" % (cmd, orig_path)) + sys.exit(1) + + # Disallow climbing outside of parent directory using '..', + # because doing so could be quite disastrous (we will delete the + # directory, or modify a directory outside OpenEmbedded). + full_path = os.path.realpath(os.path.join(rootfs_dir, path)) + if not full_path.startswith(os.path.realpath(rootfs_dir)): + logger.error("%s: Must point inside the rootfs:" % (cmd, path)) + sys.exit(1) + + return full_path + + @staticmethod def __get_rootfs_dir(rootfs_dir): if os.path.isdir(rootfs_dir): return os.path.realpath(rootfs_dir) @@ -99,14 +115,7 @@ class RootfsPlugin(SourcePlugin): cd = part.change_directory if cd[-1] == '/': cd = cd[:-1] - if os.path.isabs(cd): - logger.error("Must be relative: --change-directory=%s" % cd) - sys.exit(1) - orig_dir = os.path.realpath(os.path.join(part.rootfs_dir, cd)) - if not orig_dir.startswith(part.rootfs_dir): - logger.error("'%s' points to a path outside the rootfs" % orig_dir) - sys.exit(1) - + orig_dir = cls.__validate_path("--change-directory", part.rootfs_dir, cd) else: orig_dir = part.rootfs_dir copyhardlinktree(orig_dir, new_rootfs) @@ -168,10 +177,7 @@ class RootfsPlugin(SourcePlugin): #create destination if path: - destination = os.path.realpath(os.path.join(new_rootfs, path)) - if not destination.startswith(new_rootfs): - logger.error("%s %s" % (destination, new_rootfs)) - sys.exit(1) + destination = cls.__validate_path("--include-path", new_rootfs, path) Path(destination).mkdir(parents=True, exist_ok=True) else: destination = new_rootfs @@ -187,17 +193,8 @@ class RootfsPlugin(SourcePlugin): for orig_path in part.exclude_path or []: path = orig_path - if os.path.isabs(path): - logger.error("Must be relative: --exclude-path=%s" % orig_path) - sys.exit(1) - full_path = os.path.realpath(os.path.join(new_rootfs, path)) - # Disallow climbing outside of parent directory using '..', - # because doing so could be quite disastrous (we will delete the - # directory). - if not full_path.startswith(new_rootfs): - logger.error("'%s' points to a path outside the rootfs" % orig_path) - sys.exit(1) + full_path = cls.__validate_path("--exclude-path", new_rootfs, path) if not os.path.lexists(full_path): continue |