Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate user input for cert-get-requestdata #590

Closed
wants to merge 1 commit into from
Closed

Validate user input for cert-get-requestdata #590

wants to merge 1 commit into from

Conversation

Akasurde
Copy link
Member

Fix adds validatation for Principal and CSR generation
tool values

Fixes https://pagure.io/freeipa/issue/6742

Signed-off-by: Abhijeet Kasurde akasurde@redhat.com

tiran
tiran requested changes Mar 15, 2017
View reviewed changes
ipaclient/plugins/csrgen.py Outdated
@@ -75,10 +75,19 @@ def execute(self, *args, **options):
util.check_writable_file(options['out'])

principal = options.get('principal')
if principal is None:
raise errors.InvocationError(message=u"Principal is required")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please include _() for i18n.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

ipaclient/plugins/csrgen.py Outdated
profile_id = options.get('profile_id')
if profile_id is None:
profile_id = dogtag.DEFAULT_PROFILE
helper = options.get('helper')
if helper is None:
raise errors.InvocationError(message=u"CSR generation tool is"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are missing a trailing space in this line. You can make the code more readable by indenting the class' arguments:

            raise errors.InvocationError(
                message=_(u"CSR generation tool is required")
            )

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK.

ipaclient/plugins/csrgen.py Outdated
raise errors.InvocationError(message=u"CSR generation tool is"
"required")
if helper.lower() not in ['openssl', 'certutil']:
raise errors.InvocationError(message=u"Allowed values for CSR "
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK.

@rcritten
Copy link
Contributor

You are duplicating the list of helpers. It would have been better to have helper defined as a StrEnum. If it isn't too late to change (e.g. no release has shipped with that in the API) then perhaps a separate patch, then you wouldn't need this enforcement at all.

@Akasurde
Copy link
Member Author

@rcritten I don't know about backward compatibility of changing helper to StrEnum. @MartinBasti @HonzaCholasta Can you please comment on this?

@MartinBasti
Copy link
Contributor

I have no context about how exactly certrequest is supposed to work, but IMO it was done in that way to allow dynamically adding more helpers as plugins, that's why it is Str and not SrEnum, but code doesn't look it may support that.

@LiptonB do you remember why Str param was used?

@Akasurde Right now there is no backward compatibility because 4.5 will be first release that contains this feature.

@LiptonB
Copy link
Contributor

LiptonB commented Mar 15, 2017
edited

I don't think one could really add a new helper without modifying the code, so there's probably no need to allow arbitrary strings. Given that, StrEnum seems appropriate.

For the record, #542 removes the helper parameter of cert-get-requestdata, and will be modified to remove the concept of different helpers entirely, though I haven't had a chance to make that change yet.

@MartinBasti
Copy link
Contributor

For the record, #542 removes the helper parameter of cert-get-requestdata, and will be modified to remove the concept of different helpers entirely, though I haven't had a chance to make that change yet.

today is 4.5 release so you have to keep some level of backward compatibility in that PR

@Akasurde
Copy link
Member Author

@MartinBasti Should I wait for #542 to get merged?

@LiptonB LiptonB mentioned this pull request Mar 15, 2017
Closed
@Akasurde
Validate user input for cert-get-requestdata
ad9815a 
Fix adds validatation for Principal and CSR generation
tool values

Fixes https://pagure.io/freeipa/issue/6742

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
@Akasurde
Copy link
Member Author

Bump for review.

@nicki-krizek
Copy link
Contributor

Closing for inactivity. If this PR is still relevant, please re-open it.

@nicki-krizek nicki-krizek added the rejected Pull Request has been rejected label Aug 29, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran tiran requested changes

Assignees
No one assigned
Labels
rejected Pull Request has been rejected
Projects
None yet
Milestone
No milestone
6 participants
@Akasurde @rcritten @MartinBasti @LiptonB @nicki-krizek @tiran