From c1b82d8163b8fc2e877be6cc62beedc9d7e331c1 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 31 Jan 2020 10:00:35 -0500
Subject: [PATCH] Protect confluent private data

This blocks use of private confluent data in commands like
nodelicense, nodefirmware, and nodemedia.
---
 confluent_server/confluent/messages.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py
index cf3d4707..3fc63b8e 100644
--- a/confluent_server/confluent/messages.py
+++ b/confluent_server/confluent/messages.py
@@ -545,9 +545,21 @@ class InputFirmwareUpdate(ConfluentMessage):
             raise Exception('User requested substitutions, but code is '
                             'written against old api, code must be fixed or '
                             'skip {} expansion')
+        if self.filebynode[node].startswith('/etc/confluent'):
+            raise Exception(
+                'File transfer with /etc/confluent is not supported')
+        if self.filebynode[node].startswith('/var/log/confluent'):
+            raise Exception(
+                'File transfer with /var/log/confluent is not supported')
         return self._filename
 
     def nodefile(self, node):
+        if self.filebynode[node].startswith('/etc/confluent'):
+            raise Exception(
+                'File transfer with /etc/confluent is not supported')
+        if self.filebynode[node].startswith('/var/log/confluent'):
+            raise Exception(
+                'File transfer with /var/log/confluent is not supported')
         return self.filebynode[node]
 
 class InputMedia(InputFirmwareUpdate):