From 86eab5d2226cd26028ebc0d4cedbd4515d112b26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= Date: Fri, 28 Mar 2025 14:19:54 +0100 Subject: [PATCH] Ensure that only podman and docker container runtimes can be used --- dangerzone/container_utils.py | 5 +++++ dangerzone/errors.py | 4 ++++ tests/test_container_utils.py | 20 ++++++++++++++++---- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/dangerzone/container_utils.py b/dangerzone/container_utils.py index c645358..6101cdd 100644 --- a/dangerzone/container_utils.py +++ b/dangerzone/container_utils.py @@ -21,6 +21,8 @@ class Runtime(object): if settings.custom_runtime_specified(): self.path = Path(settings.get("container_runtime")) + if not self.path.exists(): + raise errors.UnsupportedContainerRuntime(self.path) self.name = self.path.stem else: self.name = self.get_default_runtime_name() @@ -29,6 +31,9 @@ class Runtime(object): raise errors.NoContainerTechException(self.name) self.path = Path(binary_path) + if self.name not in ("podman", "docker"): + raise errors.UnsupportedContainerRuntime(self.name) + @staticmethod def get_default_runtime_name() -> str: return "podman" if platform.system() == "Linux" else "docker" diff --git a/dangerzone/errors.py b/dangerzone/errors.py index d8e1759..c1c2849 100644 --- a/dangerzone/errors.py +++ b/dangerzone/errors.py @@ -140,3 +140,7 @@ class NotAvailableContainerTechException(Exception): self.error = error self.container_tech = container_tech super().__init__(f"{container_tech} is not available") + + +class UnsupportedContainerRuntime(Exception): + pass diff --git a/tests/test_container_utils.py b/tests/test_container_utils.py index 570bae1..e7ee07e 100644 --- a/tests/test_container_utils.py +++ b/tests/test_container_utils.py @@ -1,20 +1,21 @@ from pathlib import Path +import pytest from pytest_mock import MockerFixture +from dangerzone import errors from dangerzone.container_utils import Runtime from dangerzone.settings import Settings def test_get_runtime_name_from_settings(mocker: MockerFixture, tmp_path: Path) -> None: mocker.patch("dangerzone.settings.get_config_dir", return_value=tmp_path) + mocker.patch("dangerzone.container_utils.Path.exists", return_value=True) settings = Settings() - settings.set( - "container_runtime", "/opt/somewhere/new-kid-on-the-block", autosave=True - ) + settings.set("container_runtime", "/opt/somewhere/docker", autosave=True) - assert Runtime().name == "new-kid-on-the-block" + assert Runtime().name == "docker" def test_get_runtime_name_linux(mocker: MockerFixture, tmp_path: Path) -> None: @@ -46,3 +47,14 @@ def test_get_runtime_name_non_linux(mocker: MockerFixture, tmp_path: Path) -> No assert runtime.name == "docker" assert runtime.path == Path("/usr/bin/docker") assert Runtime().name == "docker" + + +def test_get_unsupported_runtime_name(mocker: MockerFixture, tmp_path: Path): + mocker.patch("dangerzone.settings.get_config_dir", return_value=tmp_path) + settings = Settings() + settings.set( + "container_runtime", "/opt/somewhere/new-kid-on-the-block", autosave=True + ) + + with pytest.raises(errors.UnsupportedContainerRuntime): + assert Runtime().name == "new-kid-on-the-block"