def test_quotes_runas(self):
'''
cmd.run with quoted command
'''
cmd = '''echo 'SELECT * FROM foo WHERE bar="baz"' '''
expected_result = 'SELECT * FROM foo WHERE bar="baz"'
runas = this_user()
result = self.run_function('cmd.run_stdout', [cmd],
runas=runas).strip()
self.assertEqual(result, expected_result)
def test_avoid_injecting_shell_code_as_root(self):
'''
cmd.run should execute the whole command as the "runas" user, not
running substitutions as root.
'''
cmd = 'echo $(id -u)'
root_id = self.run_function('cmd.run_stdout', [cmd])
runas_root_id = self.run_function('cmd.run_stdout', [cmd], runas=this_user())
with self._ensure_user_exists(self.runas_usr):
user_id = self.run_function('cmd.run_stdout', [cmd], runas=self.runas_usr)
self.assertNotEqual(user_id, root_id)
self.assertNotEqual(user_id, runas_root_id)
self.assertEqual(root_id, runas_root_id)
def setUp(self):
'''
We don't want to check in another .git dir into GH because that just gets messy.
Instead, we'll create a temporary repo on the fly for the tests to examine.
'''
if not gitfs.__virtual__():
self.skipTest("GitFS could not be loaded. Skipping GitFS tests!")
self.integration_base_files = os.path.join(FILES, 'file', 'base')
# Create the dir if it doesn't already exist
try:
shutil.copytree(self.integration_base_files,
self.tmp_repo_dir + '/')
except OSError:
# We probably caught an error because files already exist. Ignore
pass
try:
repo = git.Repo(self.tmp_repo_dir)
except git.exc.InvalidGitRepositoryError:
repo = git.Repo.init(self.tmp_repo_dir)
if 'USERNAME' not in os.environ:
try:
import salt.utils
os.environ['USERNAME'] = this_user()
except AttributeError:
log.error('Unable to get effective username, falling back to '
'\'root\'.')
os.environ['USERNAME'] = '******'
repo.index.add(
[x for x in os.listdir(self.tmp_repo_dir) if x != '.git'])
repo.index.commit('Test')
if hasattr(repo, 'close'):
repo.close()
gitfs.update()