api: validate arg in AbstractQubesAPI.__init__()

Validate arg against qrexec allowed characters, consistent with
sanitize_name() in qrexec-daemon.c. This ensures consistent behavior
between dom0 and management qube.

Related: #751

Author: Tab-Tarek3600

qubes/api/__init__.py

@@ -166,6 +166,10 @@ def __init__(
 
         #: argument
         self.arg = arg.decode("ascii")
+        # Validate arg against qrexec allowed characters
+        # Consistent with sanitize_name() in qrexec-daemon.c
+        if self.arg and not re.match(r"\A[a-zA-Z0-9_.+:*?@-]+\Z", self.arg):
+            raise ProtocolError(f"arg not allowed in qrexec: {self.arg!r}")
         #: name of the method
         self.method = method_name.decode("ascii")
 

qubes/tests/api_admin.py

@@ -1333,11 +1333,11 @@ def test_200_label_create_invalid_name(self):
             self.call_mgmt_func(
                 b"admin.label.Create", b"dom0", b"01", b"0xff0000"
             )
-        with self.assertRaises(qubes.exc.PermissionDenied):
+        with self.assertRaises(qubes.exc.ProtocolError):
             self.call_mgmt_func(
                 b"admin.label.Create", b"dom0", b"../xxx", b"0xff0000"
             )
-        with self.assertRaises(qubes.exc.PermissionDenied):
+        with self.assertRaises(qubes.exc.ProtocolError):
             self.call_mgmt_func(
                 b"admin.label.Create",
                 b"dom0",