Additional checks on master and integration test

2025-04-17 10:10:20 +00:00 · 2016-08-12 20:06:20 +09:00 · 2016-08-12 20:06:20 +09:00 · 3646cf1afa
commit 3646cf1afa
parent 09efde7634
2 changed files with 22 additions and 0 deletions
--- a/salt/master.py
+++ b/salt/master.py
@ -1116,6 +1116,11 @@ class AESFuncs(object):
            load['id'],
            'files',
            normpath)
+        # One last safety check here
+        if not os.path.normpath(cpath).startswith(self.opts['cachedir']):
+            log.warning('Attempt to write received file outside of master cache '
+                        'directory! Requested file write: {0}. Access denied.'.format(cpath))
+            return False
        cdir = os.path.dirname(cpath)
        if not os.path.isdir(cdir):
            try:
--- a/tests/integration/modules/cp.py
+++ b/tests/integration/modules/cp.py
@ -4,6 +4,7 @@
 from __future__ import absolute_import
 import os
 import hashlib
+import tempfile

 # Import Salt Testing libs
 from salttesting.helpers import ensure_in_syspath
@ -322,6 +323,22 @@ class CPModuleTest(integration.ModuleCase):
        finally:
            os.unlink(tgt)

+    def test_push(self):
+        log_to_xfer = os.path.join(tempfile.gettempdir(), 'salt-runtests.log')
+        try:
+            self.run_function('cp.push', log_to_xfer)
+            tgt_cache_file = os.path.join(
+                 integration.TMP,
+                'master-minion-root',
+                'cache',
+                'minions',
+                'minion',
+                'files',
+                tempfile.gettempdir(),
+                'salt-runtests.log')
+            self.assertTrue(os.path.isfile(tgt_cache_file), 'File was not cached on the master')
+        finally:
+            os.unlink(tgt_cache_file)

 if __name__ == '__main__':
    from integration import run_tests