regexp fixes and validation (#829)

2014-05-16 18:35:59 +02:00 · 2014-05-16 18:35:59 +02:00 · 45318ecb43
commit 45318ecb43
parent 39496bf65a
3 changed files with 10 additions and 8 deletions
--- a/qubes-rpc/qubes-notify-tools
+++ b/qubes-rpc/qubes-notify-tools
@ -60,9 +60,11 @@ def main():
        else:
            gui = int(untrusted_gui)

-        if untrusted_user is not None:
-            if re.match(r'^[a-zA-Z0-9-]+$', untrusted_user):
-                user = untrusted_user
+        if untrusted_user is not None and re.match(r'^[a-zA-Z0-9-]{1,255}$', untrusted_user):
+            assert '@' not in untrusted_user
+            assert '/' not in untrusted_user
+
+            user = untrusted_user
        else:
            user = None

@ -70,7 +72,7 @@ def main():
        source_vm.qrexec_installed = qrexec > 0
        source_vm.guiagent_installed = gui > 0

-        if user:
+        if user is not None:
            source_vm.default_user = user

        qvm_collection.save()
--- a/qvm-tools/qvm-prefs
+++ b/qvm-tools/qvm-prefs
@ -164,7 +164,7 @@ def set_mac(vms, vm, args):
        print >> sys.stderr, "Missing MAC argument!"
        return False

-    if not re.match("[0-9a-fA-F:]{17}|auto", args[0]):
+    if not re.match("[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}|auto", args[0]):
        print >> sys.stderr, "Invalid MAC argument!"
        print >> sys.stderr, "Possible values:"
        print >> sys.stderr, "1) auto"
--- a/qvm-tools/qvm-sync-clock
+++ b/qvm-tools/qvm-sync-clock
@ -72,10 +72,10 @@ def main():
        sys.exit(1)

    # Use the date format based on RFC2822 to avoid localisation issues
-    p = clock_vm.run('date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True)
+    p = clock_vm.run('date -u -Iseconds', verbose=verbose, passio_popen=True, ignore_stderr=True)
    date_out = p.stdout.read(100)
    date_out = date_out.strip()
-    if not re.match(r'^[A-Za-z]+[,] [0-9][0-9] [A-Za-z]+ [0-9][0-9][0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [+]0000$', date_out):
+    if not re.match(r'^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\+0000$', date_out):
        print >> sys.stderr, 'Invalid date output, aborting!'
        sys.exit(1)

@ -83,7 +83,7 @@ def main():
    if verbose:
        print >> sys.stderr, '--> Syncing dom0 clock.'

-    subprocess.check_call(['sudo', 'date', '-u', '-R', '-s', date_out])
+    subprocess.check_call(['sudo', 'date', '-u', '-Iseconds', '-s', date_out])
    subprocess.check_call(['sudo', 'hwclock', '--systohc'])

    # Sync other VMs clock