From 4da285c7b898645f8ffd0d0797df60ba107747e3 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov Date: Fri, 28 Jan 2022 16:40:09 +0300 Subject: [PATCH] Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - 3004 (#473) * Remove NOTIFY_SOCKET env variable from cmd.run calls * Add test for NOTIFY_SOCKET env variable wiping --- salt/modules/cmdmod.py | 3 ++ tests/pytests/unit/modules/test_cmdmod.py | 41 +++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/salt/modules/cmdmod.py b/salt/modules/cmdmod.py index 70889da07c..61b328b13b 100644 --- a/salt/modules/cmdmod.py +++ b/salt/modules/cmdmod.py @@ -612,6 +612,9 @@ def _run( if prepend_path: run_env["PATH"] = ":".join((prepend_path, run_env["PATH"])) + if "NOTIFY_SOCKET" not in env: + run_env.pop("NOTIFY_SOCKET", None) + if python_shell is None: python_shell = False diff --git a/tests/pytests/unit/modules/test_cmdmod.py b/tests/pytests/unit/modules/test_cmdmod.py index bc1d2818aa..691b89271e 100644 --- a/tests/pytests/unit/modules/test_cmdmod.py +++ b/tests/pytests/unit/modules/test_cmdmod.py @@ -368,6 +368,47 @@ def test_os_environment_remains_intact(): getpwnam_mock.assert_called_with("foobar") +@pytest.mark.skip_on_windows +def test_os_environment_do_not_pass_notify_socket(): + """ + Make sure NOTIFY_SOCKET environment variable is not passed + to the command if not explicitly set with env parameter. + """ + with patch("pwd.getpwnam") as getpwnam_mock: + new_env = os.environ.copy() + new_env.update({"NOTIFY_SOCKET": "/run/systemd/notify"}) + with patch("subprocess.Popen") as popen_mock, patch( + "os.environ.copy", return_value=new_env + ): + popen_mock.return_value = Mock( + communicate=lambda *args, **kwags: [b"", None], + pid=lambda: 1, + retcode=0, + ) + + with patch.dict(cmdmod.__grains__, {"os": "SUSE", "os_family": "Suse"}): + if sys.platform.startswith(("freebsd", "openbsd")): + shell = "/bin/sh" + else: + shell = "/bin/bash" + + cmdmod._run("ls", cwd=tempfile.gettempdir(), shell=shell) + + assert "NOTIFY_SOCKET" not in popen_mock.call_args_list[0][1]["env"] + + cmdmod._run( + "ls", + cwd=tempfile.gettempdir(), + shell=shell, + env={"NOTIFY_SOCKET": "/run/systemd/notify.new"}, + ) + + assert ( + popen_mock.call_args_list[1][1]["env"]["NOTIFY_SOCKET"] + == "/run/systemd/notify.new" + ) + + @pytest.mark.skip_unless_on_darwin def test_shell_properly_handled_on_macOS(): """ -- 2.34.1