canonical-ubuntu-qa team mailing list archive

[Skia <mp+463919@xxxxxxxxxxxxxxxxxx>]

Skia has proposed merging ~hyask/autopkgtest-cloud:skia/fix_push_amqp into autopkgtest-cloud:master.

Requested reviews:
  Canonical's Ubuntu QA (canonical-ubuntu-qa)

For more details, see:
https://code.launchpad.net/~hyask/autopkgtest-cloud/+git/autopkgtest-cloud/+merge/463919

Fix pull/push-amqp workflow.
-- 
Your team Canonical's Ubuntu QA is requested to review the proposed merge of ~hyask/autopkgtest-cloud:skia/fix_push_amqp into autopkgtest-cloud:master.

diff --git a/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/push-amqp b/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/push-amqp
index ecc1355..7432ccf 100755
--- a/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/push-amqp
+++ b/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/push-amqp
@@ -1,6 +1,7 @@
 #!/usr/bin/python3
 
 import argparse
+import ast
 import configparser
 import sys
 
@@ -67,6 +68,15 @@ def main():
     else:
         while True:
             message = sys.stdin.readline()
+            if message.startswith("b'") and message.endswith("'"):
+                # this is most likely bytes that we need to interpret as a string
+                # `literal_eval` is far safer than a true `eval`: the warnings
+                # around it in the documentation mostly mention denial of
+                # service, and possible huge memory consumption with evil
+                # content, but that function should be safe from a code
+                # execution point of view.
+                # DoS is no big deal in a CLI tool
+                message = ast.literal_eval(message).decode("utf-8")
             if not message:
                 break
             try: