frontend: allow dot and plus characters in chroot denylist

Fix #3012
fedora-copr · Dec 13, 2023 · 305136d · 305136d
1 parent 64b3202
commit 305136d
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/frontend/coprs_frontend/coprs/forms.py b/frontend/coprs_frontend/coprs/forms.py
@@ -27,6 +27,7 @@
 
 FALSE_VALUES = {False, "false", ""}
 REGEX_BOOTSTRAP_IMAGE = r"^[-\./\w]+(:\w+)?$"
+REGEX_CHROOT_DENYLIST = r"^[a-z0-9-_*.+]+$"
 
 
 class NoneFilter():
@@ -823,9 +824,10 @@ def validate_chroot_denylist(_form, field):
         string = field.data
         items = [x.lstrip().rstrip() for x in string.split(',')]
         for item in items:
-            pattern = r'^[a-z0-9-_*]+$'
-            if not re.match(pattern, item):
-                raise wtforms.ValidationError('Pattern "{0}" does not match "{1}"'.format(item, pattern))
+            if not re.match(REGEX_CHROOT_DENYLIST, item):
+                raise wtforms.ValidationError(
+                    'Pattern "{0}" does not match "{1}"'
+                    .format(item, REGEX_CHROOT_DENYLIST))
 
             matched = set()
             all_chroots = MockChrootsLogic.active_names()

diff --git a/frontend/coprs_frontend/tests/test_forms.py b/frontend/coprs_frontend/tests/test_forms.py
@@ -3,7 +3,13 @@
 import flask
 from tests.coprs_test_case import CoprsTestCase
 from coprs import app
-from coprs.forms import PinnedCoprsForm, CoprFormFactory, CreateModuleForm, REGEX_BOOTSTRAP_IMAGE
+from coprs.forms import (
+    PinnedCoprsForm,
+    CoprFormFactory,
+    CreateModuleForm,
+    REGEX_BOOTSTRAP_IMAGE,
+    REGEX_CHROOT_DENYLIST,
+)
 
 
 class TestCoprsFormFactory(CoprsTestCase):
@@ -103,3 +109,21 @@ def test_form_regexes():
     assert re.match(REGEX_BOOTSTRAP_IMAGE, "registry.fedoraproject.org/fedora:rawhide")
     assert re.match(REGEX_BOOTSTRAP_IMAGE, "registry.fedoraproject.org/fedora")
     assert not re.match(REGEX_BOOTSTRAP_IMAGE, "docker://example.com/test:30")
+
+    items = [
+        "fedora",
+        "fedora-*-x86_64",
+        "fedora-*-*",
+        "fedora-39-x86_64",
+        "fedora-rawhide-aarch64",
+        "amazonlinux-2023-aarch64",
+        "centos-stream+epel-next-9-x86_64",
+        "openeuler-22.03-x86_64",
+        "opensuse-leap-15.4-x86_64",
+        "opensuse-leap-15.4-x86_64",
+    ]
+    for item in items:
+        assert re.match(REGEX_CHROOT_DENYLIST, item)
+
+    for item in ["fe|ora", "#fedora", "fedora/39", "fedora:39"]:
+        assert not re.match(REGEX_CHROOT_DENYLIST, item)