Prohibit invalid uri usages on localhost

The uri module could potentially be used to expose files within the
bubblewrap context either through its src or dest parameters or its url
parameter. In the case of src and dest we use zuuls utilility functions
to filter out invalid srcs and dests. In the case of url we have been
relying on an ansible bug that prevents request responses without a
status code from completing successfully due to an unchecked type
coercion.

This change adds our own check to url schemes and restricts it to http,
https, and ftp so that if ansible fixes their bugs zuul will continue to
do the right thing.

Then we add testing for all of the cases talked about above.

Change-Id: I527a4082c1ec5556e4c8347ff08b2e89ce0edaaa
Task: #40940

tests/remote/test_remote_action_modules.py

@@ -22,6 +22,7 @@ ERROR_LOCAL_CODE = "Executing local code is prohibited"
 ERROR_SYNC_TO_OUTSIDE = "Syncing files to outside the working dir"
 ERROR_SYNC_FROM_OUTSIDE = "Syncing files from outside the working dir"
 ERROR_SYNC_RSH = "Using custom synchronize rsh is prohibited"
+ERROR_SCHEME_INVALID = "file urls are not allowed from localhost."
 
 
 class FunctionalActionModulesMixIn:
@@ -221,6 +222,12 @@ class FunctionalActionModulesMixIn:
 
         self._run_job('known-hosts-bad', 'FAILURE', ERROR_ACCESS_OUTSIDE)
 
+    def test_uri_module(self):
+        self._run_job('uri-good', 'SUCCESS')
+        self._run_job('uri-bad-src', 'FAILURE', ERROR_ACCESS_OUTSIDE)
+        self._run_job('uri-bad-dest', 'FAILURE', ERROR_ACCESS_OUTSIDE)
+        self._run_job('uri-bad-url', 'FAILURE', ERROR_SCHEME_INVALID)
+
 
 class TestActionModules28(AnsibleZuulTestCase, FunctionalActionModulesMixIn):
     ansible_version = '2.8'