MEDIUM: protect from deleting map files still in use

aiharos · aiharos · commit 66859fe93ddc · 2021-01-14T11:18:54.000+01:00
diff --git a/e2e/tests/storage_maps/haproxy.cfg b/e2e/tests/storage_maps/haproxy.cfg
@@ -0,0 +1,39 @@
+# _version=42
+
+global
+    log         127.0.0.1 local2
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    stats socket /var/lib/haproxy/stats level admin
+
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+frontend test_storage_maps
+  bind *:1337 crt
+  #use_backend %[str(active),map(/etc/haproxy/maps/mapfile_example2.map)]
+  use_backend %[str(active),map(/etc/haproxy/maps/mapfile_example.map)]
+
+  default_backend test_maps
+
+backend test_storage_maps
+  server appx 127.0.0.1:8080 check disabled
+
diff --git a/e2e/tests/storage_maps/test_with_conf.bats b/e2e/tests/storage_maps/test_with_conf.bats
@@ -0,0 +1,55 @@
+#!/usr/bin/env bats
+#
+# Copyright 2021 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load "../../libs/get_json_path"
+load '../../libs/version'
+load '../../libs/haproxy_config_setup'
+
+@test "Refuse to delete still used ssl certificate file" {
+    run docker cp "${BATS_TEST_DIRNAME}/mapfile_example.map" "${DOCKER_CONTAINER_NAME}:/etc/haproxy/maps/"
+    assert_success
+
+    run dpa_curl DELETE "/services/haproxy/storage/maps/mapfile_example.map"
+    assert_success
+
+    dpa_curl_status_body_safe '$output'
+    echo -e "$output"
+    assert_equal $SC 409
+
+    assert dpa_docker_exec 'ls /etc/haproxy/maps/mapfile_example.map'
+
+    # clean up this test
+    assert dpa_docker_exec 'rm /etc/haproxy/maps/mapfile_example.map'
+}
+
+@test "Allow to delete ssl certificate file referenced in comments" {
+    run docker cp "${BATS_TEST_DIRNAME}/mapfile_example2.map" "${DOCKER_CONTAINER_NAME}:/etc/haproxy/maps/"
+    assert_success
+
+    run dpa_curl DELETE "/services/haproxy/storage/maps/mapfile_example2.map"
+    assert_success
+
+    dpa_curl_status_body_safe '$output'
+    echo -e "$output"
+    assert_equal $SC 204
+
+    refute dpa_docker_exec 'ls /etc/haproxy/maps/mapfile_example2.map'
+
+    # clean up this test
+    run dpa_docker_exec 'rm /etc/haproxy/maps/mapfile_example2.map'
+}
diff --git a/handlers/map_storage.go b/handlers/map_storage.go
@@ -16,6 +16,8 @@
 package handlers
 
 import (
+	"bufio"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -134,7 +136,31 @@ type StorageDeleteStorageMapHandlerImpl struct {
 }
 
 func (h *StorageDeleteStorageMapHandlerImpl) Handle(params storage.DeleteStorageMapParams, principal interface{}) middleware.Responder {
-	err := h.Client.MapStorage.Delete(params.Name)
+	runningConf := strings.NewReader(h.Client.Configuration.Parser.String())
+
+	filename, err := h.Client.MapStorage.Get(params.Name)
+	if err != nil {
+		e := misc.HandleError(err)
+		return storage.NewDeleteStorageSSLCertificateDefault(int(*e.Code)).WithPayload(e)
+	}
+
+	// this is far from perfect but should provide a basic level of protection
+	scanner := bufio.NewScanner(runningConf)
+
+	lineNr := 0
+
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if strings.Contains(line, filename) && !strings.HasPrefix(line, "#") {
+			errCode := misc.ErrHTTPConflict
+			errMsg := fmt.Sprintf("rejecting attempt to delete file %s referenced in haproxy conf at line %d: %s", filename, lineNr-1, line)
+			e := &models.Error{Code: &errCode, Message: &errMsg}
+			return storage.NewDeleteStorageSSLCertificateDefault(int(*e.Code)).WithPayload(e)
+		}
+		lineNr++
+	}
+
+	err = h.Client.MapStorage.Delete(params.Name)
 	if err != nil {
 		e := misc.HandleError(err)
 		return storage.NewDeleteStorageMapDefault(int(*e.Code)).WithPayload(e)
