Story #5974
closed
As a user, I can restrict file:/// to one or more specific paths
100%
Description
At the system level, default to denying file import from file:/// unless a subpath of one or more declared approved paths. The list of approved paths will live in settings as it's a system-wide thing.
Example whitelisting importing from /mnt/ and /anotherdir/¶
ALLOWED_IMPORT_PATHS = ['/mnt/', '/anotherdir/']
Then any file:/// sync that starts with '/mnt/' or '/anotherdir/', e.g. file:///mnt/foo/ or file:///anotherdir/bar/PULP_MANIFEST would sync.
Each path listed in ALLOWED_IMPORT_PATHS must be absolute
Default¶
For safety reasons, this would be disabled by default and administrators need to opt-in to its use.
ALLOWED_IMPORT_PATHS = []
Validation checking at Remote save-time and runtime¶
The Remote serializer needs to validate at save time. Also that validation needs to be performed at runtime. It's this second check that will handle any existing Remote's with invalid paths already saved in the DB in a reasonable way.
.
Adds ALLOWED_IMPORT_PATHS for file:// urls
Remote.url now validate to only allow file:// paths that are a subpath of a configured ALLOWED_IMPORT_PATHS setting. This setting comes with docs. URLs starting with other protocol handlers, e.g. http:// or https:// are unaffected.
https://pulp.plan.io/issues/5974 closes #5974