Check that size is a number

Size could potentially be something thats not a number possibly causing a shell injection. Change-Id: Id3766366a8a703b684af5a9ade36334d0abd6039 Closes-Bug: 1590780
2016-06-27 16:57:55 +00:00 · 2016-06-27 16:57:55 +00:00 · 4b6818dc62
parent 4a65e9d3d6
commit 4b6818dc62
2 changed files with 15 additions and 0 deletions
--- a/glance_store/_drivers/sheepdog.py
+++ b/glance_store/_drivers/sheepdog.py
@ -18,6 +18,7 @@

 import hashlib
 import logging
+import six

 from oslo_concurrency import processutils
 from oslo_config import cfg
@ -109,6 +110,8 @@ class SheepdogImage(object):

        Sheepdog Usage: collie vdi create -a address -p port image size
        """
+        if not isinstance(size, (six.integer_types, float)):
+            raise exceptions.Forbidden("Size is not a number")
        self._run_command("create", None, str(size))

    def resize(self, size):
--- a/glance_store/tests/unit/test_sheepdog_store.py
+++ b/glance_store/tests/unit/test_sheepdog_store.py
@ -104,6 +104,18 @@ class TestSheepdogStore(base.StoreBaseTest,
        mock_create.assert_called_once_with(2)
        mock_write.assert_called_once_with(b'xx', 0, 2)

+    @mock.patch.object(sheepdog.SheepdogImage, 'write')
+    @mock.patch.object(sheepdog.SheepdogImage, 'exist')
+    def test_add_bad_size_with_image(self, mock_exist, mock_write):
+        data = six.BytesIO(b'xx')
+        mock_exist.return_value = False
+
+        self.assertRaises(exceptions.Forbidden, self.store.add,
+                          'fake_image_id', data, 'test')
+
+        mock_exist.assert_called_once_with()
+        self.assertEqual(mock_write.call_count, 0)
+
    @mock.patch.object(sheepdog.SheepdogImage, 'delete')
    @mock.patch.object(sheepdog.SheepdogImage, 'write')
    @mock.patch.object(sheepdog.SheepdogImage, 'create')