almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 09:52:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Ensure that only podman and docker container runtimes can be used

Browse source
This commit is contained in:
Alexis Métaireau 2025-03-28 14:19:54 +01:00
parent ed39c056bb
commit 86eab5d222
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
3 changed files with 25 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
dangerzone/container_utils.py
View file

@ -21,6 +21,8 @@ class Runtime(object):
if settings.custom_runtime_specified(): if settings.custom_runtime_specified():
self.path = Path(settings.get("container_runtime")) self.path = Path(settings.get("container_runtime"))
if not self.path.exists():
raise errors.UnsupportedContainerRuntime(self.path)
self.name = self.path.stem self.name = self.path.stem
else: else:
self.name = self.get_default_runtime_name() self.name = self.get_default_runtime_name()
@ -29,6 +31,9 @@ class Runtime(object):
raise errors.NoContainerTechException(self.name) raise errors.NoContainerTechException(self.name)
self.path = Path(binary_path) self.path = Path(binary_path)
if self.name not in ("podman", "docker"):
raise errors.UnsupportedContainerRuntime(self.name)
@staticmethod @staticmethod
def get_default_runtime_name() -> str: def get_default_runtime_name() -> str:
return "podman" if platform.system() == "Linux" else "docker" return "podman" if platform.system() == "Linux" else "docker"

4
dangerzone/errors.py
View file

@ -140,3 +140,7 @@ class NotAvailableContainerTechException(Exception):
self.error = error self.error = error
self.container_tech = container_tech self.container_tech = container_tech
super().__init__(f"{container_tech} is not available") super().__init__(f"{container_tech} is not available")
class UnsupportedContainerRuntime(Exception):
pass

20
tests/test_container_utils.py
View file

@ -1,20 +1,21 @@
from pathlib import Path from pathlib import Path
import pytest
from pytest_mock import MockerFixture from pytest_mock import MockerFixture
from dangerzone import errors
from dangerzone.container_utils import Runtime from dangerzone.container_utils import Runtime
from dangerzone.settings import Settings from dangerzone.settings import Settings
def test_get_runtime_name_from_settings(mocker: MockerFixture, tmp_path: Path) -> None: def test_get_runtime_name_from_settings(mocker: MockerFixture, tmp_path: Path) -> None:
mocker.patch("dangerzone.settings.get_config_dir", return_value=tmp_path) mocker.patch("dangerzone.settings.get_config_dir", return_value=tmp_path)
mocker.patch("dangerzone.container_utils.Path.exists", return_value=True)
settings = Settings() settings = Settings()
settings.set( settings.set("container_runtime", "/opt/somewhere/docker", autosave=True)
"container_runtime", "/opt/somewhere/new-kid-on-the-block", autosave=True
)
assert Runtime().name == "new-kid-on-the-block" assert Runtime().name == "docker"
def test_get_runtime_name_linux(mocker: MockerFixture, tmp_path: Path) -> None: def test_get_runtime_name_linux(mocker: MockerFixture, tmp_path: Path) -> None:
@ -46,3 +47,14 @@ def test_get_runtime_name_non_linux(mocker: MockerFixture, tmp_path: Path) -> No
assert runtime.name == "docker" assert runtime.name == "docker"
assert runtime.path == Path("/usr/bin/docker") assert runtime.path == Path("/usr/bin/docker")
assert Runtime().name == "docker" assert Runtime().name == "docker"
def test_get_unsupported_runtime_name(mocker: MockerFixture, tmp_path: Path):
mocker.patch("dangerzone.settings.get_config_dir", return_value=tmp_path)
settings = Settings()
settings.set(
"container_runtime", "/opt/somewhere/new-kid-on-the-block", autosave=True
)
with pytest.raises(errors.UnsupportedContainerRuntime):
assert Runtime().name == "new-kid-on-the-block"