[patch][python] Various validation improvements

John (J5) Palmieri johnp at redhat.com
Mon Mar 5 10:49:49 PST 2007 

+1 good to commit.

On Fri, 2007-03-02 at 18:55 +0000, Simon McVittie wrote:
> For review:
> 
> * Don't let the user call methods on the reserved local path - we'll get
>   kicked off the bus if they do.
> * Don't try to introspect the reserved local path - same problem.
> * Do earlier validation of bus names etc. in client proxies.
> 
> * SignalMatch: check that interface, member and sender are either valid, or None
> 
> * ProxyObject: allow named_service to be None, in preparation for peer-to-peer
>   connections. If so, never attempt to follow name owner changes (doesn't make
>   sense when you're talking directly to the peer).
> * _ProxyMethod: allow interface to be None, for when a method call is made
>   on a ProxyObject without going via a dbus.Interface.
> 
> * dbus.service.Object: don't let the user try to export objects on the local
>   path reserved by libdbus/dbus-daemon, or on an invalid path.
> * BusName: don't even try to claim an invalid bus name either.
> 
> >From cf48b799ebdcaf7dca0b6f729516b413be21e989 Mon Sep 17 00:00:00 2001
> From: Simon McVittie <simon.mcvittie at collabora.co.uk>
> Date: Fri, 2 Mar 2007 18:12:47 +0000
> Subject: [PATCH] * Don't let the user call methods on the reserved local path - we'll get
>   kicked off the bus if they do.
> * Don't try to introspect the reserved local path - same problem.
> * Do earlier validation of bus names etc. in client proxies.
> ---
>  dbus/proxies.py |   19 ++++++++++++++++++-
>  1 files changed, 18 insertions(+), 1 deletions(-)
> 
> diff --git a/dbus/proxies.py b/dbus/proxies.py
> index 46382a5..8a11a2a 100644
> --- a/dbus/proxies.py
> +++ b/dbus/proxies.py
> @@ -41,6 +41,10 @@ BUS_DAEMON_NAME = 'org.freedesktop.DBus'
>  BUS_DAEMON_PATH = '/org/freedesktop/DBus'
>  BUS_DAEMON_IFACE = BUS_DAEMON_NAME
>  
> +# This is special in libdbus - the bus daemon will kick us off if we try to
> +# send any message to it :-/
> +LOCAL_PATH = '/org/freedesktop/DBus/Local'
> +
>  
>  class _ReplyHandler(object):
>      __slots__ = ('_on_error', '_on_reply', '_get_args_options')
> @@ -93,12 +97,21 @@ class _ProxyMethod:
>      to a specific named Service.
>      """
>      def __init__(self, proxy, connection, named_service, object_path, method_name, iface):
> +        if object_path == LOCAL_PATH:
> +            raise DBusException('Methods may not be called on the reserved '
> +                                'path %s' % LOCAL_PATH)
> +
> +        # trust that the proxy, and the properties it had, are OK
>          self._proxy          = proxy
>          self._connection     = connection
>          self._named_service  = named_service
>          self._object_path    = object_path
> +        # fail early if the method name is bad
> +        _dbus_bindings.validate_member_name(method_name)
>          # the test suite relies on the existence of this property
>          self._method_name    = method_name
> +        # fail early if the interface name is bad
> +        _dbus_bindings.validate_interface_name(iface)
>          self._dbus_interface = iface
>  
>      def __call__(self, *args, **keywords):
> @@ -212,7 +225,11 @@ class ProxyObject:
>              bus._require_main_loop()   # we don't get the signals otherwise
>  
>          self._bus           = bus
> +
> +        _dbus_bindings.validate_bus_name(named_service)
>          self._named_service = named_service
> +
> +        _dbus_bindings.validate_object_path(object_path)
>          self.__dbus_object_path__ = object_path
>  
>          if (named_service[:1] != ':' and named_service != BUS_DAEMON_NAME
> @@ -242,7 +259,7 @@ class ProxyObject:
>          # and calls the callback which re-takes the lock
>          self._introspect_lock = RLock()
>  
> -        if not introspect:
> +        if not introspect or self.__dbus_object_path__ == LOCAL_PATH:
>              self._introspect_state = self.INTROSPECT_STATE_DONT_INTROSPECT
>          else:
>              self._introspect_state = self.INTROSPECT_STATE_INTROSPECT_IN_PROGRESS
> -- 
> 1.5.0.1
> 
> >From f2fda30b23b0176dd314329050127f61b5e92255 Mon Sep 17 00:00:00 2001
> From: Simon McVittie <simon.mcvittie at collabora.co.uk>
> Date: Fri, 2 Mar 2007 18:38:00 +0000
> Subject: [PATCH] SignalMatch: check that interface, member and sender are either valid, or None
> 
> ---
>  dbus/_dbus.py |    9 +++++++++
>  1 files changed, 9 insertions(+), 0 deletions(-)
> 
> diff --git a/dbus/_dbus.py b/dbus/_dbus.py
> index 86ba2d8..353b2fd 100644
> --- a/dbus/_dbus.py
> +++ b/dbus/_dbus.py
> @@ -73,6 +73,15 @@ class SignalMatch(object):
>                   interface_keyword=None, member_keyword=None,
>                   message_keyword=None, destination_keyword=None,
>                   **kwargs):
> +        if member is not None:
> +            _dbus_bindings.validate_member_name(member)
> +        if dbus_interface is not None:
> +            _dbus_bindings.validate_interface_name(dbus_interface)
> +        if sender is not None:
> +            _dbus_bindings.validate_bus_name(sender)
> +        if object_path is not None:
> +            _dbus_bindings.validate_object_path(object_path)
> +
>          self._conn_weakref = weakref.ref(conn)
>          self._sender = sender
>          self._interface = dbus_interface
> -- 
> 1.5.0.1
> 
> >From 5ee2e05d5056584d589991f5d5fd0d22df598676 Mon Sep 17 00:00:00 2001
> From: Simon McVittie <simon.mcvittie at collabora.co.uk>
> Date: Fri, 2 Mar 2007 18:41:01 +0000
> Subject: [PATCH] * ProxyObject: allow named_service to be None, in preparation for peer-to-peer
>   connections. If so, never attempt to follow name owner changes (doesn't make
>   sense when you're talking directly to the peer).
> * _ProxyMethod: allow interface to be None, for when a method call is made
>   on a ProxyObject without going via a dbus.Interface.
> ---
>  dbus/proxies.py |    9 ++++++---
>  1 files changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/dbus/proxies.py b/dbus/proxies.py
> index 8a11a2a..3ade930 100644
> --- a/dbus/proxies.py
> +++ b/dbus/proxies.py
> @@ -111,7 +111,8 @@ class _ProxyMethod:
>          # the test suite relies on the existence of this property
>          self._method_name    = method_name
>          # fail early if the interface name is bad
> -        _dbus_bindings.validate_interface_name(iface)
> +        if iface is not None:
> +            _dbus_bindings.validate_interface_name(iface)
>          self._dbus_interface = iface
>  
>      def __call__(self, *args, **keywords):
> @@ -226,13 +227,15 @@ class ProxyObject:
>  
>          self._bus           = bus
>  
> -        _dbus_bindings.validate_bus_name(named_service)
> +        if named_service is not None:
> +            _dbus_bindings.validate_bus_name(named_service)
>          self._named_service = named_service
>  
>          _dbus_bindings.validate_object_path(object_path)
>          self.__dbus_object_path__ = object_path
>  
> -        if (named_service[:1] != ':' and named_service != BUS_DAEMON_NAME
> +        if (named_service is not None and named_service[:1] != ':'
> +            and named_service != BUS_DAEMON_NAME
>              and not follow_name_owner_changes):
>              bus_object = bus.get_object(BUS_DAEMON_NAME, BUS_DAEMON_PATH)
>              try:
> -- 
> 1.5.0.1
> 
> >From cfb1ea5f32a5ab77078ce184cb13602f2e28fec1 Mon Sep 17 00:00:00 2001
> From: Simon McVittie <simon.mcvittie at collabora.co.uk>
> Date: Fri, 2 Mar 2007 18:43:09 +0000
> Subject: [PATCH] * dbus.service.Object: don't let the user try to export objects on the local
>   path reserved by libdbus/dbus-daemon, or on an invalid path.
> * BusName: don't even try to claim an invalid bus name either.
> ---
>  dbus/service.py |    8 ++++++++
>  1 files changed, 8 insertions(+), 0 deletions(-)
> 
> diff --git a/dbus/service.py b/dbus/service.py
> index 306818e..64f0330 100644
> --- a/dbus/service.py
> +++ b/dbus/service.py
> @@ -33,6 +33,7 @@ from dbus.exceptions import NameExistsException
>  from dbus.exceptions import UnknownMethodException
>  from dbus.decorators import method
>  from dbus.decorators import signal
> +from dbus.proxies import LOCAL_PATH
>  
> 
>  _logger = logging.getLogger('dbus.service')
> @@ -89,6 +90,9 @@ class BusName(object):
>                  services waiting for the requested name if another service
>                  already holds it.
>          """
> +        _dbus_bindings.validate_bus_name(name, allow_well_known=True,
> +                                         allow_unique=False)
> +
>          # get default bus
>          if bus == None:
>              bus = _dbus.Bus()
> @@ -394,6 +398,10 @@ class Object(Interface):
>          """
>          if object_path is None:
>              raise TypeError('The object_path argument is required')
> +        _dbus_bindings.validate_object_path(object_path)
> +        if object_path == LOCAL_PATH:
> +            raise DBusException('Objects may not be exported on the reserved '
> +                                'path %s' % LOCAL_PATH)
>  
>          if isinstance(conn, BusName):
>              # someone's using the old API; don't gratuitously break them

More information about the dbus mailing list