1
0
mirror of https://github.com/openSUSE/osc.git synced 2024-12-27 10:16:14 +01:00

Merge pull request #1313 from dmach/trusted_prj-globs

Add glob support to the 'trusted_prj' config option
This commit is contained in:
Daniel Mach 2023-05-04 10:02:49 +02:00 committed by GitHub
commit 3f9b9a2fb8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 3 deletions

View File

@ -3,6 +3,7 @@
# and distributed under the terms of the GNU General Public Licence, # and distributed under the terms of the GNU General Public Licence,
# either version 2, or (at your option) any later version. # either version 2, or (at your option) any later version.
import fnmatch
import glob import glob
import os import os
import re import re
@ -548,14 +549,24 @@ trustprompt = """Would you like to ...
? """ ? """
def check_trusted_projects(apiurl, projects): def check_trusted_projects(apiurl, projects, interactive=True):
trusted = conf.config['api_host_options'][apiurl]['trusted_prj'] trusted = conf.config['api_host_options'][apiurl]['trusted_prj']
tlen = len(trusted) tlen = len(trusted)
for prj in projects: for prj in projects:
if prj not in trusted: is_trusted = False
for pattern in trusted:
if fnmatch.fnmatch(prj, pattern):
is_trusted = True
break
if not is_trusted:
print("\nThe build root needs packages from project '%s'." % prj) print("\nThe build root needs packages from project '%s'." % prj)
print("Note that malicious packages can compromise the build result or even your system.") print("Note that malicious packages can compromise the build result or even your system.")
r = raw_input(trustprompt % {'project': prj})
if interactive:
r = raw_input(trustprompt % {'project': prj})
else:
r = "0"
if r == '1': if r == '1':
print("adding '%s' to oscrc: ['%s']['trusted_prj']" % (prj, apiurl)) print("adding '%s' to oscrc: ['%s']['trusted_prj']" % (prj, apiurl))
trusted.append(prj) trusted.append(prj)

39
tests/test_build.py Normal file
View File

@ -0,0 +1,39 @@
import importlib
import unittest
import osc.conf
from osc.build import check_trusted_projects
from osc.oscerr import UserAbort
class TestTrustedProjects(unittest.TestCase):
def setUp(self):
# reset the global `config` in preparation for running the tests
importlib.reload(osc.conf)
def tearDown(self):
# reset the global `config` to avoid impacting tests from other classes
importlib.reload(osc.conf)
def test_name(self):
apiurl = "https://example.com"
osc.conf.config["apiurl"] = apiurl
osc.conf.config.setdefault("api_host_options", {}).setdefault(apiurl, {}).setdefault("trusted_prj", None)
osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = []
self.assertRaises(UserAbort, check_trusted_projects, apiurl, ["foo"], interactive=False)
osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = ["qwerty", "foo", "asdfg"]
check_trusted_projects(apiurl, ["foo"], interactive=False)
def test_glob(self):
apiurl = "https://example.com"
osc.conf.config["apiurl"] = apiurl
osc.conf.config.setdefault("api_host_options", {}).setdefault(apiurl, {}).setdefault("trusted_prj", None)
osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = ["f*"]
check_trusted_projects(apiurl, ["foo"], interactive=False)
if __name__ == "__main__":
unittest.main()