Merge pull request #5351 from laurazard/backport-27.x-disable-pseudoterminal-ssh

[27.x backport] disable pseudoterminal creation
This commit is contained in:
Paweł Gronowski 2024-08-16 18:12:10 +02:00 committed by GitHub
commit 7227402d94
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 46 additions and 0 deletions

View File

@ -52,6 +52,7 @@ func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper
args = append(args, "--host", "unix://"+sp.Path)
}
sshFlags = addSSHTimeout(sshFlags)
sshFlags = disablePseudoTerminalAllocation(sshFlags)
args = append(args, "system", "dial-stdio")
return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args(args...)...)...)
},
@ -79,3 +80,14 @@ func addSSHTimeout(sshFlags []string) []string {
}
return sshFlags
}
// disablePseudoTerminalAllocation disables pseudo-terminal allocation to
// prevent SSH from executing as a login shell
func disablePseudoTerminalAllocation(sshFlags []string) []string {
for _, flag := range sshFlags {
if flag == "-T" {
return sshFlags
}
}
return append(sshFlags, "-T")
}

View File

@ -1,6 +1,7 @@
package connhelper
import (
"reflect"
"testing"
"gotest.tools/v3/assert"
@ -29,3 +30,36 @@ func TestSSHFlags(t *testing.T) {
assert.DeepEqual(t, addSSHTimeout(tc.in), tc.out)
}
}
func TestDisablePseudoTerminalAllocation(t *testing.T) {
testCases := []struct {
name string
sshFlags []string
expected []string
}{
{
name: "No -T flag present",
sshFlags: []string{"-v", "-oStrictHostKeyChecking=no"},
expected: []string{"-v", "-oStrictHostKeyChecking=no", "-T"},
},
{
name: "Already contains -T flag",
sshFlags: []string{"-v", "-T", "-oStrictHostKeyChecking=no"},
expected: []string{"-v", "-T", "-oStrictHostKeyChecking=no"},
},
{
name: "Empty sshFlags",
sshFlags: []string{},
expected: []string{"-T"},
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result := disablePseudoTerminalAllocation(tc.sshFlags)
if !reflect.DeepEqual(result, tc.expected) {
t.Errorf("expected %v, got %v", tc.expected, result)
}
})
}
}