File CVE-2025-24049.patch of Package azure-cli-core.38733
From e74a503ec0ef51f730867007c187cede599287ae Mon Sep 17 00:00:00 2001
From: kai ru <kairu@microsoft.com>
Date: Thu, 23 Jan 2025 11:43:43 +0800
Subject: [PATCH] {core} --set: Minor fix
---
src/azure-cli-core/azure/cli/core/commands/arm.py | 12 ++++++------
src/azure-cli-core/azure/cli/core/util.py | 14 ++++++++++++++
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/src/azure-cli-core/azure/cli/core/commands/arm.py b/src/azure-cli-core/azure/cli/core/commands/arm.py
index 28d1e0f5c6..e953b26a54 100644
--- a/src/azure-cli-core/azure/cli/core/commands/arm.py
+++ b/src/azure-cli-core/azure/cli/core/commands/arm.py
@@ -15,7 +15,7 @@ from azure.cli.core.commands import LongRunningOperation
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.cli.core.commands.events import EVENT_INVOKER_PRE_LOAD_ARGUMENTS
from azure.cli.core.commands.validators import IterateValue
-from azure.cli.core.util import shell_safe_json_parse, get_command_type_kwarg
+from azure.cli.core.util import shell_safe_json_parse, get_command_type_kwarg, getprop
from azure.cli.core.profiles import ResourceType, get_sdk
from knack.arguments import CLICommandArgument, ignore_type
@@ -600,7 +600,7 @@ def remove_properties(instance, argument_values):
def throw_and_show_options(instance, part, path):
from msrest.serialization import Model
options = instance.__dict__ if hasattr(instance, '__dict__') else instance
- if isinstance(instance, Model) and isinstance(getattr(instance, 'additional_properties', None), dict):
+ if isinstance(instance, Model) and isinstance(getprop(instance, 'additional_properties', None), dict):
options.update(options.pop('additional_properties'))
parent = '.'.join(path[:-1]).replace('.[', '[')
error_message = "Couldn't find '{}' in '{}'.".format(part, parent)
@@ -673,7 +673,7 @@ def _update_instance(instance, part, path): # pylint: disable=too-many-return-s
matches.append(x)
elif not isinstance(x, dict):
snake_key = make_snake_case(key)
- if hasattr(x, snake_key) and getattr(x, snake_key, None) == value:
+ if hasattr(x, snake_key) and getprop(x, snake_key, None) == value:
matches.append(x)
if len(matches) == 1:
@@ -681,7 +681,7 @@ def _update_instance(instance, part, path): # pylint: disable=too-many-return-s
if len(matches) > 1:
raise CLIError("non-unique key '{}' found multiple matches on {}. Key must be unique."
.format(key, path[-2]))
- if key in getattr(instance, 'additional_properties', {}):
+ if key in getprop(instance, 'additional_properties', {}):
instance.enable_additional_properties_sending()
return instance.additional_properties[key]
raise CLIError("item with value '{}' doesn\'t exist for key '{}' on {}".format(value, key, path[-2]))
@@ -697,8 +697,8 @@ def _update_instance(instance, part, path): # pylint: disable=too-many-return-s
return instance[part]
if hasattr(instance, make_snake_case(part)):
- return getattr(instance, make_snake_case(part), None)
- if part in getattr(instance, 'additional_properties', {}):
+ return getprop(instance, make_snake_case(part), None)
+ if part in getprop(instance, 'additional_properties', {}):
instance.enable_additional_properties_sending()
return instance.additional_properties[part]
raise AttributeError()
diff --git a/src/azure-cli-core/azure/cli/core/util.py b/src/azure-cli-core/azure/cli/core/util.py
index 8abc77884a..8e6cf4b3c0 100644
--- a/src/azure-cli-core/azure/cli/core/util.py
+++ b/src/azure-cli-core/azure/cli/core/util.py
@@ -1392,3 +1392,17 @@ def run_az_cmd(args, out_file=None):
cli = get_default_cli()
cli.invoke(args, out_file=out_file)
return cli.result
+
+
+def getprop(o, name, *default):
+ """ This function is used to get the property of the object.
+ It will raise an error if the property is a private property or a method.
+ """
+ if name.startswith('_'):
+ # avoid to access the private properties or methods
+ raise KeyError(name)
+ v = getattr(o, name, *default)
+ if callable(v):
+ # avoid to access the methods
+ raise KeyError(name)
+ return v
--
2.49.0
