Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Commit

Permalink
improve keyfile path validation. Closes #350.
Browse files Browse the repository at this point in the history
  • Loading branch information
@chambridge
chambridge committed Oct 16, 2017
1 parent 60877ba commit a1c5ac1
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 10 deletions.
12 changes: 12 additions & 0 deletions rho/authaddcommand.py
View file
Expand Up @@ -141,6 +141,18 @@ def _validate_options(self):
self.parser.print_help()
sys.exit(1)

if self.options.filename:
keyfile_path = os.path.abspath(os.path.normpath(
os.path.expanduser(os.path.expandvars(self.options.filename))))
if os.path.isfile(keyfile_path) is False:
print(_('You must provide a valid file path for'
' "--sshkeyfile", "%s" could not be found.'
% keyfile_path))
self.parser.print_help()
sys.exit(1)
else:
self.options.filename = keyfile_path

def _do_command(self):
vault = get_vault(self.options.vaultfile)
auth_name = self.options.name
Expand Down
12 changes: 12 additions & 0 deletions rho/autheditcommand.py
View file
Expand Up @@ -108,6 +108,18 @@ def _validate_options(self):
self.parser.print_help()
sys.exit(1)

if self.options.filename:
keyfile_path = os.path.abspath(os.path.normpath(
os.path.expanduser(os.path.expandvars(self.options.filename))))
if os.path.isfile(keyfile_path) is False:
print(_('You must provide a valid file path for'
' "--sshkeyfile", "%s" could not be found.'
% keyfile_path))
self.parser.print_help()
sys.exit(1)
else:
self.options.filename = keyfile_path

def _do_command(self):
vault = get_vault(self.options.vaultfile)
auth_found = False
Expand Down
58 changes: 48 additions & 10 deletions test/test_clicommand.py
View file
Expand Up @@ -39,7 +39,7 @@
from rho.scancommand import ScanCommand

TEST_VAULT_PASSWORD = 'password'

TMP_KEY = "/tmp/privatekey"
TMP_VAULT_PASS = "/tmp/vault_pass"
TMP_FACTS = "/tmp/facts.txt"
TMP_HOSTS = "/tmp/hosts.txt"
Expand Down Expand Up @@ -151,6 +151,11 @@ def setUp(self):
with open(TMP_VAULT_PASS, 'w') as vault_pass_file:
vault_pass_file.write(TEST_VAULT_PASSWORD)

if os.path.isfile(TMP_KEY):
os.remove(TMP_KEY)
with open(TMP_KEY, 'w') as privatekey_file:
privatekey_file.write(TEST_VAULT_PASSWORD)

if os.path.isfile(TMP_FACTS):
os.remove(TMP_FACTS)
with open(TMP_FACTS, 'w') as facts_file:
Expand Down Expand Up @@ -227,6 +232,9 @@ def tearDown(self):
if os.path.isfile(TMP_VAULT_PASS):
os.remove(TMP_VAULT_PASS)

if os.path.isfile(TMP_KEY):
os.remove(TMP_KEY)

if os.path.isfile(TMP_FACTS):
os.remove(TMP_FACTS)

Expand All @@ -243,7 +251,7 @@ def test_auth_add(self, uuid4):

sys.argv = ['/bin/rho', "auth", "add", "--name", "auth_1",
"--username", "user", "--sshkeyfile",
"./privatekey", "--vault",
TMP_KEY, "--vault",
TMP_VAULT_PASS]

creds = list()
Expand All @@ -255,7 +263,22 @@ def test_auth_add(self, uuid4):
u'username': u'user',
u'password': None,
u'sudo_password': None,
u'ssh_key_file': u'./privatekey'}])
u'ssh_key_file': u'/tmp/privatekey'}])

# pylint: disable=unused-argument
@mock.patch('uuid.uuid4', return_value=1)
def test_auth_add_bad_key(self, uuid4):
"""Testing the auth add command execution"""
sys.argv = ['/bin/rho', "auth", "add", "--name", "auth_1",
"--username", "user", "--sshkeyfile",
"/not/a/valid/path", "--vault",
TMP_VAULT_PASS]

auth_add_out = six.StringIO()
with self.assertRaises(SystemExit):
with redirect_stdout(auth_add_out):
AuthAddCommand().main()
self.assertIn("/not/a/valid/path", auth_add_out)

# pylint: disable=unused-argument
@mock.patch('uuid.uuid4', return_value=2)
Expand All @@ -264,12 +287,12 @@ def test_auth_add_again(self, uuid4):

sys.argv = ['/bin/rho', "auth", "add", "--name", "auth_2",
"--username", "user", "--sshkeyfile",
"./privatekey", "--vault",
TMP_KEY, "--vault",
TMP_VAULT_PASS]

creds = [{u'id': u'1', u'name': u'auth_1', u'username': u'user',
u'password': u'', u'sudo_password': None,
u'ssh_key_file': u'./privatekey'}]
u'ssh_key_file': u'/tmp/privatekey'}]

with redirect_credentials(creds):
AuthAddCommand().main()
Expand All @@ -280,13 +303,13 @@ def test_auth_add_again(self, uuid4):
u'username': u'user',
u'password': u'',
u'sudo_password': None,
u'ssh_key_file': u'./privatekey'},
u'ssh_key_file': u'/tmp/privatekey'},
{u'id': u'2',
u'name': u'auth_2',
u'username': u'user',
u'password': None,
u'sudo_password': None,
u'ssh_key_file': u'./privatekey'}])
u'ssh_key_file': u'/tmp/privatekey'}])

def test_auth_list(self):
"""Testing the auth list command execution"""
Expand All @@ -312,10 +335,10 @@ def test_auth_edit(self):

sys.argv = ['/bin/rho', "auth", "edit", "--name", "auth_1",
"--username", "user_2",
"--sshkeyfile", "file_2",
"--sshkeyfile", TMP_KEY,
"--vault", TMP_VAULT_PASS]
creds = [{'id': '1', 'name': 'auth_1', 'username': 'user_1',
'password': 'password', 'ssh_key_file': 'file_1'}]
'password': 'password', 'ssh_key_file': TMP_KEY}]
with redirect_credentials(creds):
AuthEditCommand().main()

Expand All @@ -324,7 +347,22 @@ def test_auth_edit(self):
'name': 'auth_1',
'username': 'user_2',
'password': 'password',
'ssh_key_file': 'file_2'}])
'ssh_key_file': TMP_KEY}])

# pylint: disable=unused-argument
@mock.patch('uuid.uuid4', return_value=1)
def test_auth_edit_bad_key(self, uuid4):
"""Testing the auth add command execution"""
sys.argv = ['/bin/rho', "auth", "edit", "--name", "auth_1",
"--username", "user", "--sshkeyfile",
"/not/a/valid/path", "--vault",
TMP_VAULT_PASS]

auth_edit_out = six.StringIO()
with self.assertRaises(SystemExit):
with redirect_stdout(auth_edit_out):
AuthEditCommand().main()
self.assertIn("/not/a/valid/path", auth_edit_out)

def test_auth_show(self):
"""Testing the auth show command execution"""
Expand Down

0 comments on commit a1c5ac1

Please sign in to comment.