summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggleton <paul.eggleton@linux.intel.com>2015-04-17 15:26:59 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-04-19 13:37:31 +0100
commit72d88f29da1ece634028420317233a45ff8e015b (patch)
tree78cbedae538c7895ca33c7f7ba734a05d5bedabf
parentf9b160571f795dc9d9d42ad7e85969ec54b86430 (diff)
downloadpoky-72d88f29da1ece634028420317233a45ff8e015b.tar.gz
bitbake: lib/bb/utils: add safeguard against recursively deleting things we shouldn't
Add some very basic safeguard against recursively deleting paths such as / and /home in the event of bugs or user mistakes. Addresses [YOCTO #7620]. (Bitbake rev: 56cddeb9e1e4d249f84ccd6ef65db245636e38ea) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--bitbake/lib/bb/tests/utils.py17
-rw-r--r--bitbake/lib/bb/utils.py21
2 files changed, 38 insertions, 0 deletions
diff --git a/bitbake/lib/bb/tests/utils.py b/bitbake/lib/bb/tests/utils.py
index 507de2de3c..6e09858e51 100644
--- a/bitbake/lib/bb/tests/utils.py
+++ b/bitbake/lib/bb/tests/utils.py
@@ -21,6 +21,7 @@
21 21
22import unittest 22import unittest
23import bb 23import bb
24import os
24 25
25class VerCmpString(unittest.TestCase): 26class VerCmpString(unittest.TestCase):
26 27
@@ -88,3 +89,19 @@ class VerCmpString(unittest.TestCase):
88 89
89 # Check that clearly invalid operator raises an exception 90 # Check that clearly invalid operator raises an exception
90 self.assertRaises(bb.utils.VersionStringException, bb.utils.vercmp_string_op, '0', '0', '$') 91 self.assertRaises(bb.utils.VersionStringException, bb.utils.vercmp_string_op, '0', '0', '$')
92
93
94class Path(unittest.TestCase):
95 def test_unsafe_delete_path(self):
96 checkitems = [('/', True),
97 ('//', True),
98 ('///', True),
99 (os.getcwd().count(os.sep) * ('..' + os.sep), True),
100 (os.environ.get('HOME', '/home/test'), True),
101 ('/home/someone', True),
102 ('/home/other/', True),
103 ('/home/other/subdir', False),
104 ('', False)]
105 for arg1, correctresult in checkitems:
106 result = bb.utils._check_unsafe_delete_path(arg1)
107 self.assertEqual(result, correctresult, '_check_unsafe_delete_path("%s") != %s' % (arg1, correctresult))
diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
index 5ac9bcfbd4..c97f3ef81f 100644
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -601,11 +601,30 @@ def build_environment(d):
601 if export: 601 if export:
602 os.environ[var] = d.getVar(var, True) or "" 602 os.environ[var] = d.getVar(var, True) or ""
603 603
604def _check_unsafe_delete_path(path):
605 """
606 Basic safeguard against recursively deleting something we shouldn't. If it returns True,
607 the caller should raise an exception with an appropriate message.
608 NOTE: This is NOT meant to be a security mechanism - just a guard against silly mistakes
609 with potentially disastrous results.
610 """
611 extra = ''
612 # HOME might not be /home/something, so in case we can get it, check against it
613 homedir = os.environ.get('HOME', '')
614 if homedir:
615 extra = '|%s' % homedir
616 if re.match('(/|//|/home|/home/[^/]*%s)$' % extra, os.path.abspath(path)):
617 return True
618 return False
619
604def remove(path, recurse=False): 620def remove(path, recurse=False):
605 """Equivalent to rm -f or rm -rf""" 621 """Equivalent to rm -f or rm -rf"""
606 if not path: 622 if not path:
607 return 623 return
608 if recurse: 624 if recurse:
625 for name in glob.glob(path):
626 if _check_unsafe_delete_path(path):
627 raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % path)
609 # shutil.rmtree(name) would be ideal but its too slow 628 # shutil.rmtree(name) would be ideal but its too slow
610 subprocess.call(['rm', '-rf'] + glob.glob(path)) 629 subprocess.call(['rm', '-rf'] + glob.glob(path))
611 return 630 return
@@ -619,6 +638,8 @@ def remove(path, recurse=False):
619def prunedir(topdir): 638def prunedir(topdir):
620 # Delete everything reachable from the directory named in 'topdir'. 639 # Delete everything reachable from the directory named in 'topdir'.
621 # CAUTION: This is dangerous! 640 # CAUTION: This is dangerous!
641 if _check_unsafe_delete_path(topdir):
642 raise Exception('bb.utils.prunedir: called with dangerous path "%s", refusing to delete!' % topdir)
622 for root, dirs, files in os.walk(topdir, topdown = False): 643 for root, dirs, files in os.walk(topdir, topdown = False):
623 for name in files: 644 for name in files:
624 os.remove(os.path.join(root, name)) 645 os.remove(os.path.join(root, name))