Asserts that only loopback connections are allowed.
This commit is contained in:
parent
858241956f
commit
4c9a99e9ce
|
@ -245,11 +245,32 @@ if [ "${RELEASE%.*}" -ge 20 ]; then
|
||||||
echo "Timeout reached before Subiquity TCP socket started listening"
|
echo "Timeout reached before Subiquity TCP socket started listening"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
curl "http://localhost:$port/meta/status"
|
loopback_failed=0
|
||||||
curl_ec=$?
|
unallowed_failed=0
|
||||||
|
# Assert that only loopback interface is accepted.
|
||||||
|
interfaces=($(ip --json link show up | jq -r '.[]["ifname"] | select ( . != null )'))
|
||||||
|
for if in ${interfaces[@]}; do
|
||||||
|
curl_ec=0
|
||||||
|
timeout 10s curl "http://localhost:$port/meta/status" --interface $if || curl_ec=$?
|
||||||
|
# Loopback should exit 0
|
||||||
|
if [ $if = "lo" ]; then
|
||||||
|
if [ $curl_ec -ne 0 ]; then
|
||||||
|
loopback_failed=1
|
||||||
|
fi
|
||||||
|
# Other interfaces shoud not
|
||||||
|
else
|
||||||
|
if [ $curl_ec -eq 0 ]; then
|
||||||
|
unallowed_failed=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
kill $subiquity_pid
|
kill $subiquity_pid
|
||||||
if [ $curl_ec != 0 ]; then
|
if [ $loopback_failed -ne 0 ]; then
|
||||||
echo "GET Request to meta/status failed with code: $curl_ec"
|
echo "Loopback was expected to connect"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ $unallowed_failed -ne 0 ]; then
|
||||||
|
echo "Only the loopback interface should be allowed."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue