ssh commands: send a generic error for unexpected failures
and log the real error, it could leak a filesystem path
This commit is contained in:
Nicola Murino
parent
4814786556
commit
dd593b1035
2 changed files with 31 additions and 3 deletions
|
|
@ -2163,3 +2163,28 @@ func TestRecursiveCopyErrors(t *testing.T) {
|
|||
err = sshCmd.checkRecursiveCopyPermissions("adir", "another", "/another")
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
||||
func TestSSHMappedError(t *testing.T) {
|
||||
user := dataprovider.User{
|
||||
HomeDir: os.TempDir(),
|
||||
}
|
||||
fs, err := user.GetFilesystem("123")
|
||||
assert.NoError(t, err)
|
||||
conn := Connection{
|
||||
User: user,
|
||||
fs: fs,
|
||||
}
|
||||
sshCommand := sshCommand{
|
||||
command: "test",
|
||||
connection: conn,
|
||||
args: []string{},
|
||||
}
|
||||
err = sshCommand.getMappedError(os.ErrNotExist)
|
||||
assert.EqualError(t, err, errNotExist.Error())
|
||||
err = sshCommand.getMappedError(os.ErrPermission)
|
||||
assert.EqualError(t, err, errPermissionDenied.Error())
|
||||
err = sshCommand.getMappedError(os.ErrInvalid)
|
||||
assert.EqualError(t, err, errGenericFailure.Error())
|
||||
err = sshCommand.getMappedError(os.ErrNoDeadline)
|
||||
assert.EqualError(t, err, errGenericFailure.Error())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ const scpCmdName = "scp"
|
|||
var (
|
||||
errQuotaExceeded = errors.New("denying write due to space limit")
|
||||
errPermissionDenied = errors.New("Permission denied. You don't have the permissions to execute this command")
|
||||
errNotExist = errors.New("no such file or directory")
|
||||
errGenericFailure = errors.New("failure, this command cannot be executed")
|
||||
errUnsupportedConfig = errors.New("command unsupported for this configuration")
|
||||
errSkipPermissionsCheck = errors.New("permission check skipped")
|
||||
)
|
||||
|
|
@ -576,12 +578,13 @@ func cleanCommandPath(name string) string {
|
|||
// we try to avoid to leak the real filesystem path here
|
||||
func (c *sshCommand) getMappedError(err error) error {
|
||||
if c.connection.fs.IsNotExist(err) {
|
||||
return errors.New("no such file or directory")
|
||||
return errNotExist
|
||||
}
|
||||
if c.connection.fs.IsPermission(err) {
|
||||
return errors.New("permission denied")
|
||||
return errPermissionDenied
|
||||
}
|
||||
return err
|
||||
c.connection.Log(logger.LevelDebug, logSenderSSH, "unhandled error for SSH command, a generic failure will be sent: %v", err)
|
||||
return errGenericFailure
|
||||
}
|
||||
|
||||
func (c *sshCommand) getCopyPaths() (string, string, error) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue