Revision d430f3fb
Added by Evgeni Golov 8 months ago
| test/unit/foreman/renderer/scope/macros/transpilers_test.rb | ||
|---|---|---|
|
|
||
|
describe '#transpile_coreos_linux_config' do
|
||
|
test 'should call the transpiler' do
|
||
|
Foreman::CommandRunner.any_instance.expects(:capture3).with(Setting[:ct_command], "IGNORE")
|
||
|
Foreman::CommandRunner.any_instance.expects(:capture3).with([Setting[:ct_location]] + Setting[:ct_arguments], "IGNORE")
|
||
|
.returns(["JSON", "", @success])
|
||
|
|
||
|
assert_equal "JSON", @scope.transpile_coreos_linux_config("IGNORE")
|
||
| ... | ... | |
|
|
||
|
describe '#transpile_fedora_coreos_config' do
|
||
|
test 'should call the transpiler' do
|
||
|
Foreman::CommandRunner.any_instance.expects(:capture3).with(Setting[:fcct_command], "IGNORE")
|
||
|
Foreman::CommandRunner.any_instance.expects(:capture3).with([Setting[:fcct_location]] + Setting[:fcct_arguments], "IGNORE")
|
||
|
.returns(["JSON", "", @success])
|
||
|
|
||
|
assert_equal "JSON", @scope.transpile_fedora_coreos_config("IGNORE")
|
||
Also available in: Unified diff
Fixes #36759 - only call allowed transpilers
CVE-2022-3874: OS command injection via ct_command and fcct_command
Instead of allowing to call any command by changing a setting, only
allow specific paths to ct/fcct. If the user needs a different path,
they can set it via settings.yaml.