diff options
| -rw-r--r-- | changes/bug_escape_domain | 2 | ||||
| -rw-r--r-- | src/leap/config/providerconfig.py | 20 | ||||
| -rw-r--r-- | src/leap/services/eip/providerbootstrapper.py | 2 |
3 files changed, 22 insertions, 2 deletions
diff --git a/changes/bug_escape_domain b/changes/bug_escape_domain new file mode 100644 index 00000000..6b1f2f9f --- /dev/null +++ b/changes/bug_escape_domain @@ -0,0 +1,2 @@ + o Make sure the domain field in provider.json is escaped to avoid + potential problems. Fixes #3244.
\ No newline at end of file diff --git a/src/leap/config/providerconfig.py b/src/leap/config/providerconfig.py index 8b72153a..744199f8 100644 --- a/src/leap/config/providerconfig.py +++ b/src/leap/config/providerconfig.py @@ -60,8 +60,26 @@ class ProviderConfig(BaseConfig): def get_description(self): return self._safe_get_value("description") + @classmethod + def sanitize_path_component(cls, component): + """ + If the provider tries to instrument the component of a path + that is controlled by them, this will take care of + removing/escaping all the necessary elements. + + :param component: Path component to process + :type component: unicode or str + + :returns: The path component properly escaped + :rtype: unicode or str + """ + # TODO: Fix for windows, names like "aux" or "con" aren't + # allowed. + return component.replace(os.path.sep, "") + def get_domain(self): - return self._safe_get_value("domain") + return ProviderConfig.sanitize_path_component( + self._safe_get_value("domain")) def get_enrollment_policy(self): """ diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py index 274fd3bd..15609620 100644 --- a/src/leap/services/eip/providerbootstrapper.py +++ b/src/leap/services/eip/providerbootstrapper.py @@ -179,7 +179,7 @@ class ProviderBootstrapper(AbstractBootstrapper): """ leap_assert(domain and len(domain) > 0, "We need a domain!") - self._domain = domain + self._domain = ProviderConfig.sanitize_path_component(domain) self._download_if_needed = download_if_needed cb_chain = [ |