From 158cf8d670654a569e793802a7e026f07efef715 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Thu, 21 Apr 2016 11:00:14 -0700 Subject: [PATCH] Ensure ssh key is sanitized when read from disk We currently pass the ssh key read from disk straight into cloud-init. If it contains newlines before or after, it can break the yaml formatting of the cloud-init causing the appliance to fail to successfull boot. Change-Id: I26ef83dc7b02afc5e30f09447363ee27c9dca07c Closes-bug: #1573167 --- astara/api/nova.py | 2 +- astara/test/unit/api/test_nova_wrapper.py | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/astara/api/nova.py b/astara/api/nova.py index b035f193..b98c64fc 100644 --- a/astara/api/nova.py +++ b/astara/api/nova.py @@ -433,7 +433,7 @@ def _ssh_key(): return '' try: with open(key) as out: - return out.read() + return out.read().strip() except IOError: LOG.warning(_LW('Could not load router ssh public key from %s'), key) return '' diff --git a/astara/test/unit/api/test_nova_wrapper.py b/astara/test/unit/api/test_nova_wrapper.py index 2646b620..d63df2da 100644 --- a/astara/test/unit/api/test_nova_wrapper.py +++ b/astara/test/unit/api/test_nova_wrapper.py @@ -211,6 +211,19 @@ class TestNovaWrapper(base.RugTestBase): result = nova._ssh_key() self.assertEqual(result, 'fake-key') + @mock.patch.object(__builtins__, 'open', autospec=True) + def test_ssh_key_sanitize(self, fake_open): + mock_key_file = mock.MagicMock(spec=file) + mock_key_file.read.return_value = (''' + + fake-key with some newlines + + ''') + mock_key_file.__enter__.return_value = mock_key_file + fake_open.return_value = mock_key_file + result = nova._ssh_key() + self.assertEqual(result, 'fake-key with some newlines') + @mock.patch.object(nova, 'LOG', autospec=True) @mock.patch.object(__builtins__, 'open', autospec=True) def test_ssh_key_not_found(self, fake_open, fake_log):