cloud-init/SOURCES/ci-Add-r-n-check-for-SSH-keys-in-Azure-889.patch

From f73d2460e5ad205a1cd2d74a73c2d1308265d9f9 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Wed, 18 May 2022 05:23:48 -0400
Subject: [PATCH] Add \r\n check for SSH keys in Azure (#889)

RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 64: Properly handle \r\n in SSH keys in Azure
RH-Commit: [1/1] c0868258fd63f6c531acd8da81e0494a8412d5ea (mrezanin/src_rhel_cloud-init)
RH-Bugzilla: 2088028
RH-Acked-by: xiachen <xiachen@redhat.com>
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>

See https://bugs.launchpad.net/cloud-init/+bug/1910835

(cherry picked from commit f17f78fa9d28e62793a5f2c7109fc29eeffb0c89)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 cloudinit/sources/DataSourceAzure.py          |  3 +++
 tests/unittests/test_datasource/test_azure.py | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index a66f023d..247284ad 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -1551,6 +1551,9 @@ def _key_is_openssh_formatted(key):
     """
     Validate whether or not the key is OpenSSH-formatted.
     """
+    # See https://bugs.launchpad.net/cloud-init/+bug/1910835
+    if '\r\n' in key.strip():
+        return False
 
     parser = ssh_util.AuthKeyLineParser()
     try:
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index f8433690..742d1faa 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -1764,6 +1764,18 @@ scbus-1 on xpt0 bus 0
         self.assertEqual(ssh_keys, ["ssh-rsa key1"])
         self.assertEqual(m_parse_certificates.call_count, 0)
 
+    def test_key_without_crlf_valid(self):
+        test_key = 'ssh-rsa somerandomkeystuff some comment'
+        assert True is dsaz._key_is_openssh_formatted(test_key)
+
+    def test_key_with_crlf_invalid(self):
+        test_key = 'ssh-rsa someran\r\ndomkeystuff some comment'
+        assert False is dsaz._key_is_openssh_formatted(test_key)
+
+    def test_key_endswith_crlf_valid(self):
+        test_key = 'ssh-rsa somerandomkeystuff some comment\r\n'
+        assert True is dsaz._key_is_openssh_formatted(test_key)
+
     @mock.patch(
         'cloudinit.sources.helpers.azure.OpenSSLManager.parse_certificates')
     @mock.patch(MOCKPATH + 'get_metadata_from_imds')
-- 
2.31.1
import cloud-init-21.1-15.el8_6.1 2022-05-23 09:17:33 +00:00			`From f73d2460e5ad205a1cd2d74a73c2d1308265d9f9 Mon Sep 17 00:00:00 2001`
			`From: Miroslav Rezanina <mrezanin@redhat.com>`
			`Date: Wed, 18 May 2022 05:23:48 -0400`
			`Subject: [PATCH] Add \r\n check for SSH keys in Azure (#889)`

			`RH-Author: Miroslav Rezanina <mrezanin@redhat.com>`
			`RH-MergeRequest: 64: Properly handle \r\n in SSH keys in Azure`
			`RH-Commit: [1/1] c0868258fd63f6c531acd8da81e0494a8412d5ea (mrezanin/src_rhel_cloud-init)`
			`RH-Bugzilla: 2088028`
			`RH-Acked-by: xiachen <xiachen@redhat.com>`
			`RH-Acked-by: Eduardo Otubo <otubo@redhat.com>`
			`RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>`

			`See https://bugs.launchpad.net/cloud-init/+bug/1910835`

			`(cherry picked from commit f17f78fa9d28e62793a5f2c7109fc29eeffb0c89)`
			`Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>`
			`---`
			`cloudinit/sources/DataSourceAzure.py \| 3 +++`
			`tests/unittests/test_datasource/test_azure.py \| 12 ++++++++++++`
			`2 files changed, 15 insertions(+)`

			`diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py`
			`index a66f023d..247284ad 100755`
			`--- a/cloudinit/sources/DataSourceAzure.py`
			`+++ b/cloudinit/sources/DataSourceAzure.py`
			`@@ -1551,6 +1551,9 @@ def _key_is_openssh_formatted(key):`
			`"""`
			`Validate whether or not the key is OpenSSH-formatted.`
			`"""`
			`+ # See https://bugs.launchpad.net/cloud-init/+bug/1910835`
			`+ if '\r\n' in key.strip():`
			`+ return False`

			`parser = ssh_util.AuthKeyLineParser()`
			`try:`
			`diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py`
			`index f8433690..742d1faa 100644`
			`--- a/tests/unittests/test_datasource/test_azure.py`
			`+++ b/tests/unittests/test_datasource/test_azure.py`
			`@@ -1764,6 +1764,18 @@ scbus-1 on xpt0 bus 0`
			`self.assertEqual(ssh_keys, ["ssh-rsa key1"])`
			`self.assertEqual(m_parse_certificates.call_count, 0)`

			`+ def test_key_without_crlf_valid(self):`
			`+ test_key = 'ssh-rsa somerandomkeystuff some comment'`
			`+ assert True is dsaz._key_is_openssh_formatted(test_key)`
			`+`
			`+ def test_key_with_crlf_invalid(self):`
			`+ test_key = 'ssh-rsa someran\r\ndomkeystuff some comment'`
			`+ assert False is dsaz._key_is_openssh_formatted(test_key)`
			`+`
			`+ def test_key_endswith_crlf_valid(self):`
			`+ test_key = 'ssh-rsa somerandomkeystuff some comment\r\n'`
			`+ assert True is dsaz._key_is_openssh_formatted(test_key)`
			`+`
			`@mock.patch(`
			`'cloudinit.sources.helpers.azure.OpenSSLManager.parse_certificates')`
			`@mock.patch(MOCKPATH + 'get_metadata_from_imds')`
			`--`
			`2.31.1`