Merge remote-tracking branch 'origin/pr/198' into pr-198-merge

marmarek · marmarek · commit 51d98808bf33 · 2025-05-20T03:57:05.000+02:00
* origin/pr/198:
  Remove internal qubes from being target of ask
diff --git a/qrexec/policy/parser.py b/qrexec/policy/parser.py
@@ -1899,6 +1899,14 @@ def collect_targets_for_ask(self, request):
         if source_uuid in targets:
             targets.remove(source_uuid)
 
+        for unwanted_target in targets.copy():
+            if unwanted_target.startswith("@dispvm:"):
+                unwanted_target_name = unwanted_target[len("@dispvm:") :]
+            else:
+                unwanted_target_name = unwanted_target
+            if info[unwanted_target_name].get("internal", False):
+                targets.remove(unwanted_target)
+
         return targets
 
 
diff --git a/qrexec/tests/policy_parser.py b/qrexec/tests/policy_parser.py
@@ -87,6 +87,24 @@
             "power_state": "Halted",
             "uuid": "f3e538bd-4427-4697-bed7-45ef3270df21",
         },
+        "default-mgmt-dvm": {
+            "internal": True,
+            "tags": [],
+            "type": "AppVM",
+            "default_dispvm": "default-dvm",
+            "template_for_dispvms": True,
+            "power_state": "Halted",
+            "uuid": "f3e538bd-4427-4697-bed7-45ef3270df22",
+        },
+        "internal-vm": {
+            "internal": True,
+            "tags": [],
+            "type": "AppVM",
+            "default_dispvm": "default-dvm",
+            "template_for_dispvms": False,
+            "power_state": "Halted",
+            "uuid": "f3e538bd-4427-4697-bed7-45ef3270df23",
+        },
         "test-invalid-dvm": {
             "tags": ["tag1", "tag2"],
             "type": "AppVM",
@@ -328,9 +346,12 @@ def test_021_Target_expand(self):
             [
                 "@dispvm",
                 "@dispvm:default-dvm",
+                "@dispvm:default-mgmt-dvm",
                 "@dispvm:test-vm3",
                 "@dispvm:test-vm4",
                 "default-dvm",
+                "default-mgmt-dvm",
+                "internal-vm",
                 "test-invalid-dvm",
                 "test-no-dvm",
                 "test-relayvm1",
@@ -356,10 +377,13 @@ def test_021_Target_expand(self):
             [
                 "@dispvm",
                 "@dispvm:default-dvm",
+                "@dispvm:default-mgmt-dvm",
                 "@dispvm:test-vm3",
                 "@dispvm:test-vm4",
                 "default-dvm",
                 "dom0",
+                "default-mgmt-dvm",
+                "internal-vm",
                 "test-invalid-dvm",
                 "test-no-dvm",
                 "test-relayvm1",
@@ -383,17 +407,19 @@ def test_021_Target_expand(self):
         self.assertCountEqual(
             parser.Target("@type:AppVM").expand(system_info=self.system_info),
             [
+                "default-dvm",
+                "default-mgmt-dvm",
+                "internal-vm",
+                "test-invalid-dvm",
+                "test-no-dvm",
+                "test-relayvm1",
                 "test-vm1",
                 "test-vm2",
                 "test-vm3",
                 "test-vm4",
-                "default-dvm",
-                "test2-vm1",
                 "test2-relayvm1",
                 "test2-relayvm2",
-                "test-invalid-dvm",
-                "test-no-dvm",
-                "test-relayvm1",
+                "test2-vm1",
             ],
         )
         self.assertCountEqual(
