Fix setting passwords with special characters

Password strings with special characters were not being correctly escaped. If --insecure is used the argument should be wrapped in single quotes or escaped per character and there is nothing that can be done about that since the shell messes with the arguments before even passed to the command. Change-Id: Ida14fa62faad4b5793f9736ce079fcfd4af6523e
2018-04-27 16:21:48 -07:00 · 2018-04-27 16:21:48 -07:00 · a0441f7455
parent 8b2f52e2c6
commit a0441f7455
3 changed files with 35 additions and 12 deletions
--- a/kolla_cli/api/password.py
+++ b/kolla_cli/api/password.py
@ -19,6 +19,7 @@ from kolla_cli.common.passwords import init_passwords
 from kolla_cli.common.passwords import set_password
 from kolla_cli.common.passwords import set_password_sshkey
 from kolla_cli.common.utils import check_arg
+from kolla_cli.common.utils import disallow_chars


 class PasswordApi(object):
@ -32,9 +33,13 @@ class PasswordApi(object):
        :param value: value of the password
        :type value: string
        """
-        check_arg(name, u._('Password name'), str)
-        check_arg(value, u._('Password value'), str, display_param=False,
+        password_name_string = u._('Password name')
+        password_value_string = u._('Password value')
+        check_arg(name, password_name_string, str)
+        disallow_chars(name, password_name_string, '\'')
+        check_arg(value, password_value_string, str, display_param=False,
                  empty_ok=True, none_ok=True)
+        disallow_chars(value, password_value_string, '\'')
        set_password(name, value)

    def password_set_sshkey(self, name, private_key, public_key):
@ -48,9 +53,15 @@ class PasswordApi(object):
        :param public_key: ssh public key
        :type value: string
        """
-        check_arg(name, u._('Password name'), str)
-        check_arg(private_key, u._('Private key'), str, display_param=False)
-        check_arg(public_key, u._('Public key'), str, display_param=False)
+        password_name_string = u._('Password name')
+        private_key_string = u._('Private key')
+        public_key_string = u._('Public key')
+        check_arg(name, password_name_string, str)
+        disallow_chars(name, password_name_string, '\'')
+        check_arg(private_key, private_key_string, str, display_param=False)
+        disallow_chars(private_key, private_key_string, '\'')
+        check_arg(public_key, public_key_string, str, display_param=False)
+        disallow_chars(public_key, public_key_string, '\'')
        set_password_sshkey(name, private_key, public_key)

    def password_clear(self, name):
@ -60,7 +71,9 @@ class PasswordApi(object):
        :param name: name of the password
        :type name: string
        """
-        check_arg(name, u._('Password name'), str)
+        password_name_string = u._('Password name')
+        check_arg(name, password_name_string, str)
+        disallow_chars(name, password_name_string, '\'')
        clear_password(name)

    def password_get_names(self):
--- a/kolla_cli/common/passwords.py
+++ b/kolla_cli/common/passwords.py
@ -31,8 +31,8 @@ def set_password(pwd_key, pwd_value):
    if not pwd_value:
        pwd_value = ''
        value_switch = ''
-    cmd = '%s -k %s %s %s' % (_get_cmd_prefix(), pwd_key, value_switch,
-                              pwd_value)
+    cmd = '%s -k \'%s\' %s \'%s\'' % (_get_cmd_prefix(), pwd_key, value_switch,
+                                      pwd_value)
    err_msg, output = utils.run_cmd(cmd, print_output=False)
    if err_msg:
        raise FailedOperation(
@ -41,8 +41,8 @@ def set_password(pwd_key, pwd_value):


 def set_password_sshkey(pwd_key, private_key, public_key):
-    cmd = '%s -k %s -r "%s" -u "%s"' % (_get_cmd_prefix(), pwd_key,
-                                        private_key, public_key)
+    cmd = '%s -k \'%s\' -r \'%s\' -u \'%s\'' % (_get_cmd_prefix(), pwd_key,
+                                                private_key, public_key)
    err_msg, output = utils.run_cmd(cmd, print_output=False)
    if err_msg:
        raise FailedOperation(
@ -55,7 +55,7 @@ def clear_password(pwd_key):

    if the password exists, it will be removed from the passwords file
    """
-    cmd = '%s -k %s -c' % (_get_cmd_prefix(), pwd_key)
+    cmd = '%s -k \'%s\' -c' % (_get_cmd_prefix(), pwd_key)
    err_msg, output = utils.run_cmd(cmd, print_output=False)
    if err_msg:
        raise FailedOperation('%s %s' % (err_msg, output))
--- a/kolla_cli/common/utils.py
+++ b/kolla_cli/common/utils.py
@ -163,7 +163,6 @@ def run_cmd(cmd, print_output=True):
                not None=command failed
    - output:   string: all the output of the run command
    """
-    err = None
    output = None
    try:
        process = subprocess.Popen(cmd, shell=True,  # nosec
@ -464,6 +463,17 @@ def check_arg(param, param_name, expected_type, none_ok=False, empty_ok=False,
                                          type=expected_type))


+def disallow_chars(param, param_name, chars):
+    if param is None:
+        return
+
+    for char in chars:
+        if char in param:
+            raise InvalidArgument(
+                u._('{name} contains invalid character {chars}')
+                .format(name=param_name, chars=chars))
+
+
 class Lock(object):
    """Object which represents an exclusive resource lock