Merge pull request #1313 from dmach/trusted_prj-globs

Add glob support to the 'trusted_prj' config option
2024-12-26 01:46:13 +01:00 · 2023-05-04 10:02:49 +02:00 · 2023-05-04 10:02:49 +02:00 · 3f9b9a2fb8
commit 3f9b9a2fb8
parent 32a3078d67 2502f7a57f
2 changed files with 53 additions and 3 deletions
--- a/osc/build.py
+++ b/osc/build.py
@ -3,6 +3,7 @@
 # and distributed under the terms of the GNU General Public Licence,
 # either version 2, or (at your option) any later version.

+import fnmatch
 import glob
 import os
 import re
@ -548,14 +549,24 @@ trustprompt = """Would you like to ...
 ? """


-def check_trusted_projects(apiurl, projects):
+def check_trusted_projects(apiurl, projects, interactive=True):
    trusted = conf.config['api_host_options'][apiurl]['trusted_prj']
    tlen = len(trusted)
    for prj in projects:
-        if prj not in trusted:
+        is_trusted = False
+        for pattern in trusted:
+            if fnmatch.fnmatch(prj, pattern):
+                is_trusted = True
+                break
+        if not is_trusted:
            print("\nThe build root needs packages from project '%s'." % prj)
            print("Note that malicious packages can compromise the build result or even your system.")
+
+            if interactive:
                r = raw_input(trustprompt % {'project': prj})
+            else:
+                r = "0"
+
            if r == '1':
                print("adding '%s' to oscrc: ['%s']['trusted_prj']" % (prj, apiurl))
                trusted.append(prj)
--- a/tests/test_build.py
+++ b/tests/test_build.py
@ -0,0 +1,39 @@
+import importlib
+import unittest
+
+import osc.conf
+from osc.build import check_trusted_projects
+from osc.oscerr import UserAbort
+
+
+class TestTrustedProjects(unittest.TestCase):
+    def setUp(self):
+        # reset the global `config` in preparation for running the tests
+        importlib.reload(osc.conf)
+
+    def tearDown(self):
+        # reset the global `config` to avoid impacting tests from other classes
+        importlib.reload(osc.conf)
+
+    def test_name(self):
+        apiurl = "https://example.com"
+        osc.conf.config["apiurl"] = apiurl
+        osc.conf.config.setdefault("api_host_options", {}).setdefault(apiurl, {}).setdefault("trusted_prj", None)
+
+        osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = []
+        self.assertRaises(UserAbort, check_trusted_projects, apiurl, ["foo"], interactive=False)
+
+        osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = ["qwerty", "foo", "asdfg"]
+        check_trusted_projects(apiurl, ["foo"], interactive=False)
+
+    def test_glob(self):
+        apiurl = "https://example.com"
+        osc.conf.config["apiurl"] = apiurl
+        osc.conf.config.setdefault("api_host_options", {}).setdefault(apiurl, {}).setdefault("trusted_prj", None)
+
+        osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = ["f*"]
+        check_trusted_projects(apiurl, ["foo"], interactive=False)
+
+
+if __name__ == "__main__":
+    unittest.main()