Added a safeguard for invalid firewall rules
Firewall rule cannot be missing value in declaration (e.g. 'dsthost=' is not a valid rule). fixes QubesOS/qubes-issues#5772
This commit is contained in:
Marta Marczykowska-Górecka
parent
83b1fc6c58
commit
d2f4a4533a
@ -96,6 +96,17 @@ class TC_00_RuleAction(qubesadmin.tests.QubesTestCase):
|
|||||||
qubesadmin.firewall.Rule(
|
qubesadmin.firewall.Rule(
|
||||||
None, action='accept', dsthost='127.0.0.1/32'))
|
None, action='accept', dsthost='127.0.0.1/32'))
|
||||||
|
|
||||||
|
def test_007_none_errors(self):
|
||||||
|
ns = argparse.Namespace()
|
||||||
|
with self.assertRaises(argparse.ArgumentError):
|
||||||
|
self.action(None, ns, ['dsthost=', 'action=accept'])
|
||||||
|
with self.assertRaises(argparse.ArgumentError):
|
||||||
|
self.action(None, ns, ['dsthost=127.0.0.1', 'dstports=',
|
||||||
|
'action=accept'])
|
||||||
|
with self.assertRaises(argparse.ArgumentError):
|
||||||
|
self.action(None, ns, ['dsthost=127.0.0.1', 'icmptype=',
|
||||||
|
'action=accept'])
|
||||||
|
|
||||||
|
|
||||||
class TC_10_qvm_firewall(qubesadmin.tests.QubesTestCase):
|
class TC_10_qvm_firewall(qubesadmin.tests.QubesTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
|||||||
@ -48,6 +48,9 @@ class RuleAction(argparse.Action):
|
|||||||
allowed_opts = assumed_order + ['specialtarget', 'comment', 'expire']
|
allowed_opts = assumed_order + ['specialtarget', 'comment', 'expire']
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
for opt in values:
|
for opt in values:
|
||||||
|
if opt[-1] == '=':
|
||||||
|
raise argparse.ArgumentError(
|
||||||
|
None, 'invalid rule description: {}'.format(opt))
|
||||||
opt_elements = opt.split('=')
|
opt_elements = opt.split('=')
|
||||||
if len(opt_elements) == 2:
|
if len(opt_elements) == 2:
|
||||||
key, value = opt_elements
|
key, value = opt_elements
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user