diff options
| author | Xabier de Zuazo <xabier@zuazo.org> | 2012-11-20 17:38:58 +0100 |
|---|---|---|
| committer | Xabier de Zuazo <xabier@zuazo.org> | 2012-11-20 18:05:02 +0100 |
| commit | bfe127183c0e6eeb32ce6600455b9fc2d69c0b15 (patch) | |
| tree | 00bd5a821af55029ec292e5a6ec9e214a6a4c38c | |
| parent | 3ba8c034e28eabe353207d114635177fee5daf4e (diff) | |
| download | ohai-bfe127183c0e6eeb32ce6600455b9fc2d69c0b15.tar.gz | |
ec2_metadata#expand_path private method rewritten to be more Windows friendly
| -rw-r--r-- | lib/ohai/mixin/ec2_metadata.rb | 10 | ||||
| -rw-r--r-- | spec/ohai/plugins/ec2_spec.rb | 34 |
2 files changed, 40 insertions, 4 deletions
diff --git a/lib/ohai/mixin/ec2_metadata.rb b/lib/ohai/mixin/ec2_metadata.rb index 375b54fb..cf4bdb89 100644 --- a/lib/ohai/mixin/ec2_metadata.rb +++ b/lib/ohai/mixin/ec2_metadata.rb @@ -124,10 +124,12 @@ module Ohai private def expand_path(file_name) - path = File.expand_path(file_name.gsub(/\=.*$/, '/'), '/') - path[0] = '' # remove the initial "/" - path << '/' if file_name[-1..-1].eql?('/') # it was a directory - path + uri = URI.parse(file_name.gsub(/\=.*$/, '/')) + path = uri.normalize.to_s + # ignore "./" and "../" + path.gsub(%r{/\.\.?(?:/|$)}, '/'). + sub(%r{^\.\.?(?:/|$)}, ''). + sub(%r{^$}, '/') end def metadata_key(key) diff --git a/spec/ohai/plugins/ec2_spec.rb b/spec/ohai/plugins/ec2_spec.rb index e46dd12f..94ab8193 100644 --- a/spec/ohai/plugins/ec2_spec.rb +++ b/spec/ohai/plugins/ec2_spec.rb @@ -112,6 +112,40 @@ describe Ohai::System, "plugin ec2" do @ohai[:ec2]['iam']['security-credentials']['MyRole']['Code'].should eql 'Success' @ohai[:ec2]['iam']['security-credentials']['MyRole']['Token'].should eql '12345678' end + + it "should ignore \"./\" and \"../\" on ec2 metadata paths to avoid infinity loops" do + @http_client.should_receive(:get). + with("/2012-01-12/meta-data/"). + and_return(mock("Net::HTTP Response", :body => ".\n./\n..\n../\npath1/.\npath2/./\npath3/..\npath4/../")) + + @http_client.should_not_receive(:get). + with("/2012-01-12/meta-data/.") + @http_client.should_not_receive(:get). + with("/2012-01-12/meta-data/./") + @http_client.should_not_receive(:get). + with("/2012-01-12/meta-data/..") + @http_client.should_not_receive(:get). + with("/2012-01-12/meta-data/../") + @http_client.should_not_receive(:get). + with("/2012-01-12/meta-data/path1/..") + + @http_client.should_receive(:get). + with("/2012-01-12/meta-data/path1/"). + and_return(mock("Net::HTTP Response", :body => "")) + @http_client.should_receive(:get). + with("/2012-01-12/meta-data/path2/"). + and_return(mock("Net::HTTP Response", :body => "")) + @http_client.should_receive(:get). + with("/2012-01-12/meta-data/path3/"). + and_return(mock("Net::HTTP Response", :body => "")) + @http_client.should_receive(:get). + with("/2012-01-12/meta-data/path4/"). + and_return(mock("Net::HTTP Response", :body => "")) + + @ohai._require_plugin("ec2") + + @ohai[:ec2].should_not be_nil + end end describe "with ec2 mac and metadata address connected" do |