|
|
1ae9b3 |
From 4b2fecb2288fdd345f98890f9c801b1e4e2a5474 Mon Sep 17 00:00:00 2001
|
|
|
1ae9b3 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
1ae9b3 |
Date: Thu, 25 Jun 2020 16:42:36 +0200
|
|
|
1ae9b3 |
Subject: [PATCH 34/45] fix: core: rich: Catch ValueError on non-numeric
|
|
|
1ae9b3 |
priority values
|
|
|
1ae9b3 |
|
|
|
1ae9b3 |
Be a bit more user-friendly by printing:
|
|
|
1ae9b3 |
|
|
|
1ae9b3 |
| Error: INVALID_RULE: invalid 'priority' attribute value 'ab'.
|
|
|
1ae9b3 |
|
|
|
1ae9b3 |
instead of Python's default, which is:
|
|
|
1ae9b3 |
|
|
|
1ae9b3 |
| Error: invalid literal for int() with base 10: 'ab'
|
|
|
1ae9b3 |
|
|
|
1ae9b3 |
Fixes: rhbz 1689429
|
|
|
1ae9b3 |
(cherry picked from commit 3a0e79b1cfe4344d21d30eb47c038252d728cc44)
|
|
|
1ae9b3 |
(cherry picked from commit fa21382cc513cc0dba56ba085782a3e23c863afc)
|
|
|
1ae9b3 |
---
|
|
|
1ae9b3 |
src/firewall/core/rich.py | 5 ++++-
|
|
|
1ae9b3 |
src/tests/regression/regression.at | 1 +
|
|
|
1ae9b3 |
src/tests/regression/rhbz1689429.at | 12 ++++++++++++
|
|
|
1ae9b3 |
3 files changed, 17 insertions(+), 1 deletion(-)
|
|
|
1ae9b3 |
create mode 100644 src/tests/regression/rhbz1689429.at
|
|
|
1ae9b3 |
|
|
|
1ae9b3 |
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
|
|
|
1ae9b3 |
index dacaeb9c0b70..eb4a2d2d9669 100644
|
|
|
1ae9b3 |
--- a/src/firewall/core/rich.py
|
|
|
1ae9b3 |
+++ b/src/firewall/core/rich.py
|
|
|
1ae9b3 |
@@ -379,7 +379,10 @@ class Rich_Rule(object):
|
|
|
1ae9b3 |
raise FirewallError(errors.INVALID_RULE, "'family' attribute cannot have '%s' value. Use 'ipv4' or 'ipv6' instead." % attr_value)
|
|
|
1ae9b3 |
self.family = attr_value
|
|
|
1ae9b3 |
elif attr_name == 'priority':
|
|
|
1ae9b3 |
- self.priority = int(attr_value)
|
|
|
1ae9b3 |
+ try:
|
|
|
1ae9b3 |
+ self.priority = int(attr_value)
|
|
|
1ae9b3 |
+ except ValueError:
|
|
|
1ae9b3 |
+ raise FirewallError(errors.INVALID_RULE, "invalid 'priority' attribute value '%s'." % attr_value)
|
|
|
1ae9b3 |
elif attr_name:
|
|
|
1ae9b3 |
if attr_name == 'protocol':
|
|
|
1ae9b3 |
err_msg = "wrong 'protocol' usage. Use either 'rule protocol value=...' or 'rule [forward-]port protocol=...'."
|
|
|
1ae9b3 |
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
|
|
|
1ae9b3 |
index 984d299bfd4e..1c8f76afa87a 100644
|
|
|
1ae9b3 |
--- a/src/tests/regression/regression.at
|
|
|
1ae9b3 |
+++ b/src/tests/regression/regression.at
|
|
|
1ae9b3 |
@@ -30,3 +30,4 @@ m4_include([regression/gh330.at])
|
|
|
1ae9b3 |
m4_include([regression/gh599.at])
|
|
|
1ae9b3 |
m4_include([regression/rhbz1829104.at])
|
|
|
1ae9b3 |
m4_include([regression/rhbz1843398.at])
|
|
|
1ae9b3 |
+m4_include([regression/rhbz1689429.at])
|
|
|
1ae9b3 |
diff --git a/src/tests/regression/rhbz1689429.at b/src/tests/regression/rhbz1689429.at
|
|
|
1ae9b3 |
new file mode 100644
|
|
|
1ae9b3 |
index 000000000000..5701607d660f
|
|
|
1ae9b3 |
--- /dev/null
|
|
|
1ae9b3 |
+++ b/src/tests/regression/rhbz1689429.at
|
|
|
1ae9b3 |
@@ -0,0 +1,12 @@
|
|
|
1ae9b3 |
+FWD_START_TEST([rich rule invalid priority])
|
|
|
1ae9b3 |
+AT_KEYWORDS(rich rhbz1689429)
|
|
|
1ae9b3 |
+
|
|
|
1ae9b3 |
+FWD_CHECK([--add-rich-rule='rule priority=foo accept'], 122, [],
|
|
|
1ae9b3 |
+ [Error: INVALID_RULE: invalid 'priority' attribute value 'foo'.
|
|
|
1ae9b3 |
+])
|
|
|
1ae9b3 |
+FWD_CHECK([--permanent --add-rich-rule='rule priority=foo accept'], 122, [],
|
|
|
1ae9b3 |
+ [Error: INVALID_RULE: invalid 'priority' attribute value 'foo'.
|
|
|
1ae9b3 |
+])
|
|
|
1ae9b3 |
+FWD_RELOAD
|
|
|
1ae9b3 |
+
|
|
|
1ae9b3 |
+FWD_END_TEST([ignore])
|
|
|
1ae9b3 |
--
|
|
|
1ae9b3 |
2.27.0
|
|
|
1ae9b3 |
|