[PATCH] parser: Change warning of invalid path to error
3 views
Skip to first unread message
Demi Marie Obenour
May 26, 2023, 12:50:53 PM5/26/23
to qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
FYI, Google Groups mangles the message, invalidating the signature. I
recommend sending the patch inline and using cleartext signatures.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmRw42UACgkQsoi1X/+c
IsGHBhAAkR7SYIjmtlxs1qNtZn+sO1QadpSdb+iL1slYaA4SihH9pzdUeHV8vpGZ
UOJBYXxDeaHOFLrPSCV5FE9vz23YuNneefJInUoPa8H1U6+f18DS0M6ji5XL7E9Z
huQ7XKfJL0ius5/Rwe37evSTiphlLssSxYd7D+lbiRPlmoDkDTBOQK/LTKXyFTeZ
7ZVFiaLED7lVcCQR4SL+6l8MOBeHaFn93FNpj+RZang2w0oNfvTQblDEe8sPFXx1
SVDgMuaEI8toeIriiWoYPVk9EfyszVYZtLh5O+F6vBPRxh9dxBRFFcvmw5nN7/C/
IPwdBbGdBecFhQcr9MQkT6EE3BaOUhqqP8j2EgczScReQ0sYsfKNZRJU1mKZNTBv
2kMa4C/LjTLSvN0ft0RVesb7OcFmns40N0JzyGxdgHxKflSCkCAimIplD/Vtkb3j
PDz+6299n4wDASMWHxZwErNCU0kk+jJUstDx2p/eiT5kbSbojt8FRJRzoywFWYFT
yw4FzEd2sjEIt2XqWqj32x69vsJZcqxFUlV3OAX+RTDiF+cc1fFiUZ0Xxf8LH11A
B9Ope4A4VQJ5BTSvA/LRJLONNG4AKC9omaQf0BxTJg7jpT3X266XyJAthspmCkoA
fNPJeyEXIHgUeasBPCmIv4+MTdCb8klaZi8xNb/Lgl5WpD7GTIs=
=kOdC
-----END PGP SIGNATURE-----
Hash: SHA512
recommend sending the patch inline and using cleartext signatures.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmRw42UACgkQsoi1X/+c
IsGHBhAAkR7SYIjmtlxs1qNtZn+sO1QadpSdb+iL1slYaA4SihH9pzdUeHV8vpGZ
UOJBYXxDeaHOFLrPSCV5FE9vz23YuNneefJInUoPa8H1U6+f18DS0M6ji5XL7E9Z
huQ7XKfJL0ius5/Rwe37evSTiphlLssSxYd7D+lbiRPlmoDkDTBOQK/LTKXyFTeZ
7ZVFiaLED7lVcCQR4SL+6l8MOBeHaFn93FNpj+RZang2w0oNfvTQblDEe8sPFXx1
SVDgMuaEI8toeIriiWoYPVk9EfyszVYZtLh5O+F6vBPRxh9dxBRFFcvmw5nN7/C/
IPwdBbGdBecFhQcr9MQkT6EE3BaOUhqqP8j2EgczScReQ0sYsfKNZRJU1mKZNTBv
2kMa4C/LjTLSvN0ft0RVesb7OcFmns40N0JzyGxdgHxKflSCkCAimIplD/Vtkb3j
PDz+6299n4wDASMWHxZwErNCU0kk+jJUstDx2p/eiT5kbSbojt8FRJRzoywFWYFT
yw4FzEd2sjEIt2XqWqj32x69vsJZcqxFUlV3OAX+RTDiF+cc1fFiUZ0Xxf8LH11A
B9Ope4A4VQJ5BTSvA/LRJLONNG4AKC9omaQf0BxTJg7jpT3X266XyJAthspmCkoA
fNPJeyEXIHgUeasBPCmIv4+MTdCb8klaZi8xNb/Lgl5WpD7GTIs=
=kOdC
-----END PGP SIGNATURE-----
Ben Grande
May 26, 2023, 12:59:12 PM5/26/23
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Signed-off-by: Ben Grande <ben.gr...@gmail.com>
Hash: SHA512
- ---
qrexec/policy/parser.py | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/qrexec/policy/parser.py b/qrexec/policy/parser.py
index ab50f9e..143f77f 100644
- --- a/qrexec/policy/parser.py
+++ b/qrexec/policy/parser.py
@@ -1956,15 +1956,14 @@ class ToposortMixIn:
if "/" in key and (
not key.startswith("include/") or key.count("/") > 1
):
- - # TODO make this an error, since we shouldn't accept this anyway
- - logging.warning(
- - "ignoring path %r included in %s on line %d; "
- - "expect problems with import order",
- - included_path,
+ raise PolicySyntaxError(
filepath,
lineno,
+ "invalid path {}, only paths inside the directories {} and "
+ "{}/include are considered".format(
+ included_path, POLICYPATH, POLICYPATH
+ ),
)
- - return
self.included_paths[key].add(included_path)
- --
Benjamin Grande <ben.gr...@gmail.com>
-----BEGIN PGP SIGNATURE-----
iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHDlWV8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5
NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW
h/cRAP907orcsOXIb/oKiGsFw9Yi/S8y7dqNHYTJQqyDtqJliAD/bh55grJlnhxL
rrvakIdwHf9SOmgXyt+56pS7XOH6Kgs=
=FjoJ
-----END PGP SIGNATURE-----
Ben Grande
Aug 11, 2023, 10:14:03 AM8/11/23
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 23-05-26 16:59:07, Ben Grande wrote:
Hash: SHA512
> Signed-off-by: Ben Grande <ben.gr...@gmail.com>
> ---
> qrexec/policy/parser.py | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/qrexec/policy/parser.py b/qrexec/policy/parser.py
> index ab50f9e..143f77f 100644
> qrexec/policy/parser.py | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/qrexec/policy/parser.py b/qrexec/policy/parser.py
> index ab50f9e..143f77f 100644
> --- a/qrexec/policy/parser.py
> +++ b/qrexec/policy/parser.py
> @@ -1956,15 +1956,14 @@ class ToposortMixIn:
> if "/" in key and (
> not key.startswith("include/") or key.count("/") > 1
> ):
> - # TODO make this an error, since we shouldn't accept this anyway
> - logging.warning(
> +++ b/qrexec/policy/parser.py
> @@ -1956,15 +1956,14 @@ class ToposortMixIn:
> if "/" in key and (
> not key.startswith("include/") or key.count("/") > 1
> ):
> - # TODO make this an error, since we shouldn't accept this anyway
> - "ignoring path %r included in %s on line %d; "
> - "expect problems with import order",
> - included_path,
> + raise PolicySyntaxError(
> filepath,
> lineno,
> + "invalid path {}, only paths inside the directories {} and "
> + "{}/include are considered".format(
> + included_path, POLICYPATH, POLICYPATH
> + ),
> )
> - return
> - "expect problems with import order",
> - included_path,
> + raise PolicySyntaxError(
> filepath,
> lineno,
> + "invalid path {}, only paths inside the directories {} and "
> + "{}/include are considered".format(
> + included_path, POLICYPATH, POLICYPATH
> + ),
> )
>
> self.included_paths[key].add(included_path)
>
> --
> Benjamin Grande <ben.gr...@gmail.com>
Reminding of unreviewed patch.
- --
Benjamin Grande
-----BEGIN PGP SIGNATURE-----
iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZNZCJF8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5
NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW
hzfmAQDHXmmbDn7eE5ugN7lvDNo+Tce71D4etADXe1mj1nUy6QD/UGba23710UWi
5VxwLegw2Glvq7xBKNDGsAo38RCzkws=
=enld
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Aug 20, 2023, 7:59:06 AM8/20/23
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Pylint complained about duplicated POLICYPATH, so I adjusted it to use
named arguments. Otherwise, applied, thanks!
- --
Best Regards,
Marek Marczykowski-Górecki
1yz4PQf+JidHMMTgRgpSF6hzNoQG6J9QUxmKsdAil1ZpbGlwkS7OCRxAupBsDkwc
5rYX52bPzq4UWnK1Bq8urHB0EyxaAt8y2XVtMbaTS4UMpHTEzRj34g0jrsRUkRHl
tmpAQsDbloqRA6N6IzyYOo7J8E8LldyyiueesuFBi7H/fGJZq74MQ9M1nZdC/ibn
mgHT4OsbuI2i1xapZ6sxxUFsywJHf9ojUFq7Yn+MJFcFhrB0wZ+x2fdRg5XdoJuP
UJOlRGytrznDTxvvCVermyAOo/RHAF2tIUQPkHKEak5wgywbYzPv/QTO0voO/784
ZVdvuAbJ4cjYPAfzkae2q1KZDY0hXw==
=6ED7
-----END PGP SIGNATURE-----
Hash: SHA256
named arguments. Otherwise, applied, thanks!
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmTh//8ACgkQ24/THMrX
-----BEGIN PGP SIGNATURE-----
1yz4PQf+JidHMMTgRgpSF6hzNoQG6J9QUxmKsdAil1ZpbGlwkS7OCRxAupBsDkwc
5rYX52bPzq4UWnK1Bq8urHB0EyxaAt8y2XVtMbaTS4UMpHTEzRj34g0jrsRUkRHl
tmpAQsDbloqRA6N6IzyYOo7J8E8LldyyiueesuFBi7H/fGJZq74MQ9M1nZdC/ibn
mgHT4OsbuI2i1xapZ6sxxUFsywJHf9ojUFq7Yn+MJFcFhrB0wZ+x2fdRg5XdoJuP
UJOlRGytrznDTxvvCVermyAOo/RHAF2tIUQPkHKEak5wgywbYzPv/QTO0voO/784
ZVdvuAbJ4cjYPAfzkae2q1KZDY0hXw==
=6ED7
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages