Symlink support

- added some security checks so that symlinks can be supported
- also some code quality changes
This commit is contained in:
Peter Šurda 2022-04-12 14:30:33 +08:00
parent f2cb5fd8d3
commit 9d8b6f41b4
Signed by untrusted user: PeterSurda
GPG Key ID: 3E47497CF67ABB95

View File

@ -1,5 +1,5 @@
from os import listdir
from os.path import exists, isfile, join, islink
from os import getcwd, listdir
from os.path import exists, isfile, islink, join, realpath
import requests
import re
from subprocess import Popen, PIPE
@ -69,14 +69,23 @@ def list_jobs(directory=".buildbot"):
flag = False
for fname in files:
filepath = join(directory, item, fname)
# must exist
if not exists(filepath):
continue
if islink(filepath) or not isfile(filepath):
# must be a file
if not isfile(filepath):
flag = True
break
# symlink OK as long as it points to files within the repo
if islink(filepath) \
and not realpath(filepath).startswith(getcwd()):
flag = True
break
if flag:
continue
if (exists(join(directory, item, 'Dockerfile')) and exists(join(directory, item, 'build.sh'))) or exists(join(directory, item, 'test.sh')):
if (exists(join(directory, item, 'Dockerfile'))
and exists(join(directory, item, 'build.sh'))) \
or exists(join(directory, item, 'test.sh')):
results.append(item)
return results
@ -90,7 +99,8 @@ def get_revision(branch):
def _get_dockerfile_contents(dockerfile):
"""
Read contents of a Dockerfile and add extra contents for the given os_codename
Read contents of a Dockerfile and add buildbot worker bootstrap
for a given os_codename
"""
os_codename = 'bionic'
res = ""
@ -117,7 +127,8 @@ def _get_dockerfile_contents(dockerfile):
return res + dockerfile_extra_contents[os_codename]
def trigger_child_hooks(buildbotUrl: str, repository, branch, revision, directory=".buildbot"):
def trigger_child_hooks(buildbotUrl: str, repository, branch, revision,
directory=".buildbot"):
request_url = buildbotUrl + ty
# List all jobs in the directory
jobs = list_jobs(directory)
@ -126,7 +137,7 @@ def trigger_child_hooks(buildbotUrl: str, repository, branch, revision, director
"X-Multibuild-Trigger": get_secret(),
"Accept": "text/plain",
}
#revision = get_revision(branch)
# revision = get_revision(branch)
# Check if build.sh or test.sh exists in each of the jobs
for job in jobs:
@ -160,8 +171,10 @@ def trigger_child_hooks(buildbotUrl: str, repository, branch, revision, director
"project": "/".join(repository.split("/")[-2:]),
}
retval = requests.post(request_url, headers=request_headers, json=request_data)
print("Triggered job for {} on {}: {}".format(job, request_url, retval.text))
retval = requests.post(request_url, headers=request_headers,
json=request_data)
print("Triggered job for {} on {}: {}".format(job, request_url,
retval.text))
if __name__ == "__main__":