Skip to content

Commit

Permalink
Merge pull request #2392 from GNS3/bugfix/2385
Browse files Browse the repository at this point in the history
Forbid unsafe Qemu additional options
  • Loading branch information
grossmj authored Jul 6, 2024
2 parents b48bd92 + b194e48 commit 90dce03
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 1 deletion.
2 changes: 2 additions & 0 deletions conf/gns3_server.conf
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ require_kvm = True
enable_hardware_acceleration = True
; Require hardware acceleration in order to start VMs (all platforms)
require_hardware_acceleration = False
; Allow unsafe additional command line options
allow_unsafe_options = False

[VMware]
; First vmnet interface of the range that can be managed by the GNS3 server
Expand Down
18 changes: 17 additions & 1 deletion gns3server/compute/qemu/qemu_vm.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,12 @@
import logging
log = logging.getLogger(__name__)

# forbidden additional options
FORBIDDEN_OPTIONS = {"-blockdev", "-drive", "-hda", "-hdb", "-hdc", "-hdd",
"-fsdev", "-virtfs"}
FORBIDDEN_OPTIONS |= {"-" + opt for opt in FORBIDDEN_OPTIONS
if opt.startswith("-") and not opt.startswith("--")}


class QemuVM(BaseNode):
module_name = 'qemu'
Expand Down Expand Up @@ -2424,9 +2430,19 @@ async def _build_command(self):
command.extend(self._tpm_options())
if additional_options:
try:
command.extend(shlex.split(additional_options))
additional_opt_list = shlex.split(additional_options)
except ValueError as e:
raise QemuError("Invalid additional options: {} error {}".format(additional_options, e))
allow_unsafe_options = self.manager.config.get_section_config("Qemu").getboolean(
"allow_unsafe_options",
False
)
if allow_unsafe_options is False:
for opt in additional_opt_list:
if opt in FORBIDDEN_OPTIONS:
raise QemuError("Forbidden additional option: {}".format(opt))
command.extend(additional_opt_list)

# avoiding mouse offset (see https://github.com/GNS3/gns3-server/issues/2335)
if self._console_type == "vnc":
command.extend(['-machine', 'usb=on', '-device', 'usb-tablet'])
Expand Down
8 changes: 8 additions & 0 deletions tests/compute/qemu/test_qemu_vm.py
Original file line number Diff line number Diff line change
Expand Up @@ -774,6 +774,14 @@ async def test_build_command_with_invalid_options(vm):
await vm._build_command()


@pytest.mark.skipif(sys.platform.startswith("win"), reason="Not supported on Windows")
async def test_build_command_with_forbidden_options(vm):

vm.options = "-blockdev"
with pytest.raises(QemuError):
await vm._build_command()


def test_hda_disk_image(vm, images_dir):

open(os.path.join(images_dir, "test1"), "w+").close()
Expand Down

0 comments on commit 90dce03

Please sign in to comment.