From 714ea7ca8d06e9ad9fbb74c459274a7f0923eb9d Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@google.com>
Date: Wed, 3 Mar 2010 10:38:18 +0100
Subject: [PATCH] Add an extra safety layer to _CleanDirectory

In order to protect from accidental use of _CleanDirectory on a random
directory, we add a list of allowed clean directories, somewhat similar
to _ALLOWED_UPLOAD_FILES (but statically computed).

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
---
 lib/backend.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/backend.py b/lib/backend.py
index b92be8628..d3307c220 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -23,6 +23,8 @@
 
 @var _ALLOWED_UPLOAD_FILES: denotes which files are accepted in
      the L{UploadFile} function
+@var _ALLOWED_CLEAN_DIRS: denotes which directories are accepted
+     in the L{_CleanDirectory} function
 
 """
 
@@ -57,6 +59,11 @@ from ganeti import ssconf
 
 
 _BOOT_ID_PATH = "/proc/sys/kernel/random/boot_id"
+_ALLOWED_CLEAN_DIRS = frozenset([
+  constants.DATA_DIR,
+  constants.JOB_QUEUE_ARCHIVE_DIR,
+  constants.QUEUE_DIR,
+  ])
 
 
 class RPCFail(Exception):
@@ -143,6 +150,10 @@ def _CleanDirectory(path, exclude=None):
       to the empty list
 
   """
+  if path not in _ALLOWED_CLEAN_DIRS:
+    _Fail("Path passed to _CleanDirectory not in allowed clean targets: '%s'",
+          path)
+
   if not os.path.isdir(path):
     return
   if exclude is None:
-- 
GitLab