mirror of
https://github.com/GNS3/gns3-server.git
synced 2024-12-24 06:56:42 +00:00
Forbid unsafe Qemu additional options
This commit is contained in:
parent
29f848d833
commit
b194e48649
@ -93,6 +93,8 @@ require_kvm = True
|
||||
enable_hardware_acceleration = True
|
||||
; Require hardware acceleration in order to start VMs (all platforms)
|
||||
require_hardware_acceleration = False
|
||||
; Allow unsafe additional command line options
|
||||
allow_unsafe_options = False
|
||||
|
||||
[VMware]
|
||||
; First vmnet interface of the range that can be managed by the GNS3 server
|
||||
|
@ -53,6 +53,12 @@ from ...utils import macaddress_to_int, int_to_macaddress, is_ipv6_enabled
|
||||
import logging
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
# forbidden additional options
|
||||
FORBIDDEN_OPTIONS = {"-blockdev", "-drive", "-hda", "-hdb", "-hdc", "-hdd",
|
||||
"-fsdev", "-virtfs"}
|
||||
FORBIDDEN_OPTIONS |= {"-" + opt for opt in FORBIDDEN_OPTIONS
|
||||
if opt.startswith("-") and not opt.startswith("--")}
|
||||
|
||||
|
||||
class QemuVM(BaseNode):
|
||||
module_name = 'qemu'
|
||||
@ -2424,9 +2430,19 @@ class QemuVM(BaseNode):
|
||||
command.extend(self._tpm_options())
|
||||
if additional_options:
|
||||
try:
|
||||
command.extend(shlex.split(additional_options))
|
||||
additional_opt_list = shlex.split(additional_options)
|
||||
except ValueError as e:
|
||||
raise QemuError("Invalid additional options: {} error {}".format(additional_options, e))
|
||||
allow_unsafe_options = self.manager.config.get_section_config("Qemu").getboolean(
|
||||
"allow_unsafe_options",
|
||||
False
|
||||
)
|
||||
if allow_unsafe_options is False:
|
||||
for opt in additional_opt_list:
|
||||
if opt in FORBIDDEN_OPTIONS:
|
||||
raise QemuError("Forbidden additional option: {}".format(opt))
|
||||
command.extend(additional_opt_list)
|
||||
|
||||
# avoiding mouse offset (see https://github.com/GNS3/gns3-server/issues/2335)
|
||||
if self._console_type == "vnc":
|
||||
command.extend(['-machine', 'usb=on', '-device', 'usb-tablet'])
|
||||
|
@ -774,6 +774,14 @@ async def test_build_command_with_invalid_options(vm):
|
||||
await vm._build_command()
|
||||
|
||||
|
||||
@pytest.mark.skipif(sys.platform.startswith("win"), reason="Not supported on Windows")
|
||||
async def test_build_command_with_forbidden_options(vm):
|
||||
|
||||
vm.options = "-blockdev"
|
||||
with pytest.raises(QemuError):
|
||||
await vm._build_command()
|
||||
|
||||
|
||||
def test_hda_disk_image(vm, images_dir):
|
||||
|
||||
open(os.path.join(images_dir, "test1"), "w+").close()
|
||||
|
Loading…
Reference in New Issue
Block a user