diff options
author | Paul Eggleton <paul.eggleton@linux.intel.com> | 2015-04-17 15:26:59 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-04-19 13:37:31 +0100 |
commit | 72d88f29da1ece634028420317233a45ff8e015b (patch) | |
tree | 78cbedae538c7895ca33c7f7ba734a05d5bedabf | |
parent | f9b160571f795dc9d9d42ad7e85969ec54b86430 (diff) | |
download | poky-72d88f29da1ece634028420317233a45ff8e015b.tar.gz |
bitbake: lib/bb/utils: add safeguard against recursively deleting things we shouldn't
Add some very basic safeguard against recursively deleting paths such
as / and /home in the event of bugs or user mistakes.
Addresses [YOCTO #7620].
(Bitbake rev: 56cddeb9e1e4d249f84ccd6ef65db245636e38ea)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | bitbake/lib/bb/tests/utils.py | 17 | ||||
-rw-r--r-- | bitbake/lib/bb/utils.py | 21 |
2 files changed, 38 insertions, 0 deletions
diff --git a/bitbake/lib/bb/tests/utils.py b/bitbake/lib/bb/tests/utils.py index 507de2de3c..6e09858e51 100644 --- a/bitbake/lib/bb/tests/utils.py +++ b/bitbake/lib/bb/tests/utils.py | |||
@@ -21,6 +21,7 @@ | |||
21 | 21 | ||
22 | import unittest | 22 | import unittest |
23 | import bb | 23 | import bb |
24 | import os | ||
24 | 25 | ||
25 | class VerCmpString(unittest.TestCase): | 26 | class VerCmpString(unittest.TestCase): |
26 | 27 | ||
@@ -88,3 +89,19 @@ class VerCmpString(unittest.TestCase): | |||
88 | 89 | ||
89 | # Check that clearly invalid operator raises an exception | 90 | # Check that clearly invalid operator raises an exception |
90 | self.assertRaises(bb.utils.VersionStringException, bb.utils.vercmp_string_op, '0', '0', '$') | 91 | self.assertRaises(bb.utils.VersionStringException, bb.utils.vercmp_string_op, '0', '0', '$') |
92 | |||
93 | |||
94 | class Path(unittest.TestCase): | ||
95 | def test_unsafe_delete_path(self): | ||
96 | checkitems = [('/', True), | ||
97 | ('//', True), | ||
98 | ('///', True), | ||
99 | (os.getcwd().count(os.sep) * ('..' + os.sep), True), | ||
100 | (os.environ.get('HOME', '/home/test'), True), | ||
101 | ('/home/someone', True), | ||
102 | ('/home/other/', True), | ||
103 | ('/home/other/subdir', False), | ||
104 | ('', False)] | ||
105 | for arg1, correctresult in checkitems: | ||
106 | result = bb.utils._check_unsafe_delete_path(arg1) | ||
107 | self.assertEqual(result, correctresult, '_check_unsafe_delete_path("%s") != %s' % (arg1, correctresult)) | ||
diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py index 5ac9bcfbd4..c97f3ef81f 100644 --- a/bitbake/lib/bb/utils.py +++ b/bitbake/lib/bb/utils.py | |||
@@ -601,11 +601,30 @@ def build_environment(d): | |||
601 | if export: | 601 | if export: |
602 | os.environ[var] = d.getVar(var, True) or "" | 602 | os.environ[var] = d.getVar(var, True) or "" |
603 | 603 | ||
604 | def _check_unsafe_delete_path(path): | ||
605 | """ | ||
606 | Basic safeguard against recursively deleting something we shouldn't. If it returns True, | ||
607 | the caller should raise an exception with an appropriate message. | ||
608 | NOTE: This is NOT meant to be a security mechanism - just a guard against silly mistakes | ||
609 | with potentially disastrous results. | ||
610 | """ | ||
611 | extra = '' | ||
612 | # HOME might not be /home/something, so in case we can get it, check against it | ||
613 | homedir = os.environ.get('HOME', '') | ||
614 | if homedir: | ||
615 | extra = '|%s' % homedir | ||
616 | if re.match('(/|//|/home|/home/[^/]*%s)$' % extra, os.path.abspath(path)): | ||
617 | return True | ||
618 | return False | ||
619 | |||
604 | def remove(path, recurse=False): | 620 | def remove(path, recurse=False): |
605 | """Equivalent to rm -f or rm -rf""" | 621 | """Equivalent to rm -f or rm -rf""" |
606 | if not path: | 622 | if not path: |
607 | return | 623 | return |
608 | if recurse: | 624 | if recurse: |
625 | for name in glob.glob(path): | ||
626 | if _check_unsafe_delete_path(path): | ||
627 | raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % path) | ||
609 | # shutil.rmtree(name) would be ideal but its too slow | 628 | # shutil.rmtree(name) would be ideal but its too slow |
610 | subprocess.call(['rm', '-rf'] + glob.glob(path)) | 629 | subprocess.call(['rm', '-rf'] + glob.glob(path)) |
611 | return | 630 | return |
@@ -619,6 +638,8 @@ def remove(path, recurse=False): | |||
619 | def prunedir(topdir): | 638 | def prunedir(topdir): |
620 | # Delete everything reachable from the directory named in 'topdir'. | 639 | # Delete everything reachable from the directory named in 'topdir'. |
621 | # CAUTION: This is dangerous! | 640 | # CAUTION: This is dangerous! |
641 | if _check_unsafe_delete_path(topdir): | ||
642 | raise Exception('bb.utils.prunedir: called with dangerous path "%s", refusing to delete!' % topdir) | ||
622 | for root, dirs, files in os.walk(topdir, topdown = False): | 643 | for root, dirs, files in os.walk(topdir, topdown = False): |
623 | for name in files: | 644 | for name in files: |
624 | os.remove(os.path.join(root, name)) | 645 | os.remove(os.path.join(root, name)) |