From c56e30ad3165c49e322d7d9bafa4bc27de0ee855 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20R=C5=AF=C5=BEi=C4=8Dka?=
 <adamruzicka@users.noreply.github.com>
Date: Tue, 25 Aug 2020 12:03:04 +0200
Subject: [PATCH] BZ #1868971 - Escape passwords containing a percent sign
 (#23)

Python's ConfigParser[1] introduces some non-standard syntax for referencing
other parts of the ini file. Unless a % sign is escaped with another %, the
parser will crash, emitting the "unreadable" value into the logs.

This change escapes all user-provided inputs which end up in receptor's config,
except for URLs

[1] - https://docs.python.org/3/library/configparser.html#configparser.BasicInterpolation
---
 templates/receptor.conf.j2     | 10 +++++-----
 templates/receptor@.service.j2 |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/templates/receptor.conf.j2 b/templates/receptor.conf.j2
index f0978ee..0c379bc 100644
--- a/templates/receptor.conf.j2
+++ b/templates/receptor.conf.j2
@@ -2,14 +2,14 @@
 node_id={{ lookup('file', receptor_config_dir+'/rh_'+sat_account_id+'/uuid') }}
 
 [plugin_receptor_satellite]
-username={{ satellite_user }}
-password={{ satellite_password }}
+username={{ satellite_user | regex_replace('%', '%%') }}
+password={{ satellite_password | regex_replace('%', '%%') }}
 url={{ satellite_url }}
-ca_file={{ satellite_ca_file }}
+ca_file={{ satellite_ca_file | regex_replace('%', '%%') }}
 
 [auth]
-client_cert={{ receptor_config_dir }}/rh_{{ sat_account_id }}/cert.pem
-client_key={{ receptor_config_dir }}/rh_{{ sat_account_id }}/key.pem
+client_cert={{ receptor_config_dir | regex_replace('%', '%%') }}/rh_{{ sat_account_id }}/cert.pem
+client_key={{ receptor_config_dir | regex_replace('%', '%%') }}/rh_{{ sat_account_id }}/key.pem
 
 [node]
 peers=wss://{{ c_rh_c_host }}/wss/receptor-controller/gateway
diff --git a/templates/receptor@.service.j2 b/templates/receptor@.service.j2
index 9488d0d..6969327 100644
--- a/templates/receptor@.service.j2
+++ b/templates/receptor@.service.j2
@@ -3,8 +3,8 @@ Description=Receptor Node for %i
 After=network.target
 
 [Service]
-ExecStart=/usr/bin/receptor -c {{receptor_config_dir}}/%i/receptor.conf -d {{receptor_data_dir}}/%i node
-EnvironmentFile=-{{ receptor_config_dir }}/%i/receptor.env
+ExecStart=/usr/bin/receptor -c {{ receptor_config_dir | regex_replace('%', '%%') }}/%i/receptor.conf -d {{ receptor_data_dir | regex_replace('%', '%%') }}/%i node
+EnvironmentFile=-{{ receptor_config_dir | regex_replace('%', '%%') }}/%i/receptor.env
 
 [Install]
 WantedBy=multi-user.target