caddy-frontend: Use validators to validate slave's custom_domain

Install validators dependency, which is a way to easily check if email is an email or domain is correct. As slave requester is able to enter any string in custom domain validate it against being correct domain name and in case if validation fails reject that slave.

caddy-frontend: Use validators to validate slave's custom_domain
Install validators dependency, which is a way to easily check if email is an email or domain is correct. As slave requester is able to enter any string in custom domain validate it against being correct domain name and in case if validation fails reject that slave.
c6c33fb2 · Łukasz Nowak · Łukasz Nowak · 8d868048 · c6c33fb2 · c6c33fb2
Commit c6c33fb2 authored Aug 08, 2018 by Łukasz Nowak Committed by Łukasz Nowak Sep 06, 2018
6 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 8bdb588d33bf5cd059495a5c3e6dd049
+md5sum = ae392fdf6e874ac12ee7e490f6fc1faa

 [template-common]
 filename = instance-common.cfg.in
@@ -26,7 +26,7 @@ md5sum = 750e2b1c922bf14511a3bc8a42468b1b

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 1cf98844e5daf75a74514dbb292d6506
+md5sum = 2f370174b18f27db5c0f9daf83df8104

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -106,7 +106,7 @@ md5sum = 455f8765a3afd39fb78562fb9e326c42

 [caddyprofiledeps-setup]
 filename = setup.py
-md5sum = a81c679f9ce3c9c905b10de9203aad61
+md5sum = d9b6476bb0b36cf463fddb00d41dfbaa

 [caddyprofiledeps-dummy]
 filename = caddyprofiledummy.py

--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -80,6 +80,11 @@ context =
 {%         set slave_ok = False %}
 {%       endif %}
 {%     endif %}
+{%     if slave.get('custom_domain') %}
+{%       if not validators.domain(slave['custom_domain']) %}
+{%         set slave_ok = False %}
+{%       endif %}
+{%     endif %}
 {%     if slave_ok %}
 {%       do authorized_slave_list.append(slave) %}
 {%     else %}

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -5,6 +5,9 @@ parts =
  dynamic-template-caddy-replicate
  switch-softwaretype

+[caddyprofiledeps]
+recipe = caddyprofiledeps
+
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 rendered = ${buildout:directory}/${:filename}
@@ -41,11 +44,13 @@ extra-context =

 [dynamic-template-caddy-replicate]
 < = jinja2-template-base
+depends = ${caddyprofiledeps:recipe}
 template = {{ template_caddy_replicate }}
 filename = instance-caddy-replicate.cfg
 extensions = jinja2.ext.do
 extra-context =
    import subprocess_module subprocess
+    import validators validators
    raw caddy_backend_url_validator {{ caddy_backend_url_validator }}
    raw template_publish_slave_information {{ template_replicate_publish_slave_information }}
 # Must match the key id in [switch-softwaretype] which uses this section.

--- a/software/caddy-frontend/setup.py
+++ b/software/caddy-frontend/setup.py
@@ -6,6 +6,7 @@ from setuptools import setup
 setup(
  name='caddyprofiledeps',
  install_requires=[
+    'validators',
  ],
  entry_points={
    'zc.buildout': [

--- a/software/caddy-frontend/software.cfg
+++ b/software/caddy-frontend/software.cfg
@@ -2,6 +2,7 @@
 extends = common.cfg

 [versions]
+validators = 0.12.2
 PyRSS2Gen = 1.1
 apache-libcloud = 0.19.0
 cns.recipe.symlink = 0.2.3

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -3036,8 +3036,28 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
        're6st-optimal-test':
        'new\nline;rm -fr ~;,new\line\n[s${esection:eoption}',
      },
+      'custom_domain-unsafe': {
+        'custom_domain': '${section:option} afterspace\nafternewline',
+      },
    }

+  def test_master_partition_state(self):
+    parameter_dict = self.computer_partition.getConnectionParameterDict()
+    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
+
+    expected_parameter_dict = {
+      'monitor-base-url': None,
+      'domain': 'example.com',
+      'accepted-slave-amount': '2',
+      'rejected-slave-amount': '1',
+      'slave-amount': '3',
+      'rejected-slave-list': '["_custom_domain-unsafe"]'}
+
+    self.assertEqual(
+      expected_parameter_dict,
+      parameter_dict
+    )
+
  def test_re6st_optimal_test_unsafe(self):
    parameter_dict = self.slave_connection_parameter_dict_dict[
      're6st-optimal-test-unsafe']
@@ -3117,3 +3137,11 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
      [],
      monitor_file_list
    )
+
+  def test_custom_domain_unsafe(self):
+    parameter_dict = self.slave_connection_parameter_dict_dict[
+      'custom_domain-unsafe']
+    self.assertEqual(
+      parameter_dict,
+      {}
+    )