Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2024-8553 #17091

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
+122 −1
Open

CVE-2024-8553 #17091

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9660f25
CVE-2024-8553, CLI part
lhellebr Dec 5, 2024
34c2beb
CVE-2024-8553, UI part
lhellebr Dec 9, 2024
db94305
Minor simplification
lhellebr Dec 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions tests/foreman/cli/test_reporttemplates.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,56 @@ def test_positive_end_to_end_crud_and_list(target_sat):
target_sat.cli.ReportTemplate.info({'id': tmp_report_template['id']})


@pytest.mark.parametrize(
'content',
[
'''<% load_users(joins: "LEFT JOIN hosts ON 1=1", select: 'hosts.name AS login,hosts.id AS id', limit: 100_000).each_record do |h| %>
<%= h.id %> - <%= h.login %>
<% end %>
''',
'''<% load_users(joins: ["LEFT JOIN hosts ON 1=1"], select: ['hosts.name AS login,hosts.id AS id'],limit: 100_000).each_record do |h| %>
<%= h.id %> - <%= h.login %>
<% end %>''',
],
ids=['v1', 'v2'],
)
@pytest.mark.tier2
def test_positive_generate_report_check_for_injection(
module_target_sat, module_org, module_location, content
):
"""Generate a report and check for injection as per CVE-2024-8553

:id: 1126640e-2eee-4476-aa51-cb473096cbd8

:setup:
0. Create a report template containing an exploit

:steps:
0. hammer report-template generate --id ...

:expectedresults:
Failure with a correct error message

:CaseImportance: Critical
"""
name = gen_alpha()
module_target_sat.cli.ReportTemplate.create(
{
'name': name,
'organization-id': module_org.id,
'location-id': module_location.id,
'file': content,
ogajduse marked this conversation as resolved.
Show resolved Hide resolved
}
)

with pytest.raises(CLIReturnCodeError) as error:
module_target_sat.cli.ReportTemplate.generate({'name': name})
assert (
"Generating Report template failed for: Value of 'select' passed to load_users must be Symbol or Array of Symbols."
in error.value.stderr
)


@pytest.mark.tier1
def test_positive_generate_report_nofilter_and_with_filter(module_target_sat):
"""Generate Host Status report without filter and with filter
Expand Down
73 changes: 72 additions & 1 deletion tests/foreman/ui/test_jobtemplate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

"""

from fauxfactory import gen_string
from fauxfactory import gen_alpha, gen_string
import pytest


Expand Down Expand Up @@ -204,3 +204,74 @@ def test_positive_end_to_end(session, module_org, module_location, target_sat):
for name in (template_new_name, template_clone_name):
session.jobtemplate.delete(name)
assert not session.jobtemplate.search(name)


@pytest.mark.no_containers
@pytest.mark.rhel_ver_match('8')
@pytest.mark.parametrize(
'content',
[
'''<% load_users(joins: "LEFT JOIN hosts ON 1=1", select: 'hosts.name AS login,hosts.id AS id', limit: 100_000).each_record do |h| %>
<%= h.id %> - <%= h.login %>
<% end %>
''',
'''<% load_users(joins: ["LEFT JOIN hosts ON 1=1"], select: ['hosts.name AS login,hosts.id AS id'],limit: 100_000).each_record do |h| %>
<%= h.id %> - <%= h.login %>
<% end %>''',
],
ids=['v1', 'v2'],
)
@pytest.mark.tier2
def test_positive_preview_template_check_for_injection(
module_target_sat, module_org, module_location, rhel_contenthost, module_ak_with_cv, content
):
"""Preview a report and check for injection as per CVE-2024-8553

:id: df7e7913-630b-4235-9464-5a45f1db244b

:setup:
0. Create a report template containing an exploit

:steps:
0. In WebUI, preview a report

:expectedresults:
Failure with a correct error message

:CaseImportance: Critical
"""
name = gen_alpha()
filename = gen_alpha()
module_target_sat.execute(f'''cat << EOF > {filename}
{content}
EOF
''')
module_target_sat.cli.JobTemplate.create(
{
'name': name,
'organization-id': module_org.id,
'location-id': module_location.id,
'file': filename,
'job-category': 'Commands',
'provider-type': 'script',
}
)
rhel_contenthost.register(
module_org, module_location, module_ak_with_cv.name, module_target_sat
)
with module_target_sat.ui_session() as session:
session.organization.select(module_org.name)
session.location.select(module_location.name)
rendered = session.jobtemplate.read(
name,
editor_view_option='Preview',
widget_names=['template.template_editor.editor', 'template.template_editor.error'],
)
assert (
"Problem with previewing the template: error during rendering: Value of 'select' passed to load_users must be Symbol or Array of Symbols. Note that you must save template input changes before you try to preview it."
in rendered['template']['template_editor']['error']
)
assert (
"Error during rendering, Return to Editor tab."
in rendered['template']['template_editor']['editor']
)
Loading