Checkmk git commits January 2018

checkmk-commits@lists.checkmk.com

10 participants
255 discussions

Windows agent: fix make target 'setversion'

by Jukka Aro

Module: check_mk Branch: master Commit: 1e74b062ad331e4f075c1d664b0522dbd1c33bcb URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1e74b062ad331e… Author: Jukka Aro <ja(a)mathias-kettner.de> Date: Thu Jan 11 15:03:59 2018 +0100 Windows agent: fix make target 'setversion' Due to the peculiarities in the way we set the version number and the mixture of manual make + autotools projects, the version number of the Windows agent must be set in the manual Makefile in the agents directory. Change-Id: Ib97c503a0d8760a2b66fc4b13f88b939f1264f6b --- agents/Makefile | 4 ++++ agents/windows/Makefile.am | 6 ------ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/agents/Makefile b/agents/Makefile index 5a5aac3..d8f75a7 100644 --- a/agents/Makefile +++ b/agents/Makefile @@ -61,6 +61,10 @@ setversion: sed -i 's/echo Version: [0-9.a-z-]*/'"echo Version: $(NEW_VERSION)/g" $$agent; \ fi ; \ done + package="Check_MK Windows Agent" ; \ + mail=feedback(a)check-mk.org ; \ + sed -i "s/^AC_INIT.*/AC_INIT([$$package], [$(NEW_VERSION)], [$$mail])/" \ + windows/configure.ac build: $(MAKE) packages diff --git a/agents/windows/Makefile.am b/agents/windows/Makefile.am index 19386e4..c3b27ab 100644 --- a/agents/windows/Makefile.am +++ b/agents/windows/Makefile.am @@ -116,9 +116,3 @@ CLEANFILES = \ $(addprefix $(bindir)/,$(bin_PROGRAMS)) \ $(patsubst %$(EXEEXT),%-64$(EXEEXT),$(addprefix $(bindir)/,$(bin_PROGRAMS))) \ $(patsubst %$(EXEEXT),%.msi,$(addprefix $(bindir)/,$(bin_PROGRAMS))) - -setversion: - package="Check_MK Windows Agent" ; \ - mail=feedback(a)check-mk.org ; \ - sed -i "s/^AC_INIT.*/AC_INIT([$$package], [$(NEW_VERSION)], [$$mail])/" \ - $(VPATH)/configure.ac

6 years, 8 months

Windows agent: wrap HeapAlloc'd memory with RAII

by Jukka Aro

Module: check_mk Branch: master Commit: 51d2749774c16463ffe5f3d393e2e60f0246b314 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=51d2749774c164… Author: Jukka Aro <ja(a)mathias-kettner.de> Date: Thu Jan 11 14:38:30 2018 +0100 Windows agent: wrap HeapAlloc'd memory with RAII Change-Id: Ic9cb3256b01b4ac8285c1171e262cd249ca1b893 --- agents/windows/build_version | 2 +- agents/windows/sections/SectionPluginGroup.cc | 133 ++++++++++++-------------- agents/windows/sections/SectionPluginGroup.h | 15 ++- 3 files changed, 76 insertions(+), 74 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=51d2749774…

6 years, 8 months

Fixed regression from c1627896a.

by Sven Panne

Module: check_mk Branch: master Commit: b6f14cfaa220d39ee9a59806b9aec4a47d479473 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b6f14cfaa220d3… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Thu Jan 11 14:11:22 2018 +0100 Fixed regression from c1627896a. Change-Id: Ie202150520bb8a03b5297ec38502b9eb310a8bd9 --- bin/mkeventd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/mkeventd b/bin/mkeventd index 5fb6582..16907fc 100755 --- a/bin/mkeventd +++ b/bin/mkeventd @@ -5379,7 +5379,7 @@ if __name__ == "__main__": logger.info("Successfully shut down.") sys.exit(0) - except: + except Exception: if opt_debug: raise bail_out(traceback.format_exc())

6 years, 8 months

Windows agent: RAII handles for safearray and BSTR

by Jukka Aro

Module: check_mk Branch: master Commit: 492cab99c25b23df2f1e8dbca6459ae4a058e931 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=492cab99c25b23… Author: Jukka Aro <ja(a)mathias-kettner.de> Date: Thu Jan 11 10:02:29 2018 +0100 Windows agent: RAII handles for safearray and BSTR Change-Id: I1486ed2e5fd398b9c3e4fe6189d2d29e2abe13ee --- agents/windows/build_version | 2 +- agents/windows/wmiHelper.cc | 41 ++++++++++++++++++++++++++++++++++------- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/agents/windows/build_version b/agents/windows/build_version index 398a74e..627b39e 100644 --- a/agents/windows/build_version +++ b/agents/windows/build_version @@ -1 +1 @@ -3060 +3062 diff --git a/agents/windows/wmiHelper.cc b/agents/windows/wmiHelper.cc index cb33a3f..e425ffe 100644 --- a/agents/windows/wmiHelper.cc +++ b/agents/windows/wmiHelper.cc @@ -33,6 +33,7 @@ #include "Logger.h" #include "stringutil.h" +#include "types.h" using namespace wmi; using namespace std; @@ -168,6 +169,31 @@ Result &Result::operator=(const Result &reference) { bool Result::valid() const { return _current.get() != nullptr; } +namespace { + +struct SafeArrayHandleTraits { + using HandleT = SAFEARRAY *; + static HandleT invalidValue() { return nullptr; } + + static void closeHandle(HandleT value, const WinApiAdaptor &winapi) { + winapi.SafeArrayDestroy(value); + } +}; + +struct BStringHandleTraits { + using HandleT = BSTR; + static HandleT invalidValue() { return nullptr; } + + static void closeHandle(HandleT value, const WinApiAdaptor &winapi) { + winapi.SysFreeString(value); + } +}; + +using SafeArrayHandle = WrappedHandle<SafeArrayHandleTraits>; +using BStringHandle = WrappedHandle<BStringHandleTraits>; + +} // namespace + vector<wstring> Result::names() const { Debug(_logger) << "Result::names"; vector<wstring> result; @@ -179,18 +205,19 @@ vector<wstring> Result::names() const { throw ComException("Failed to retrieve field names", res, _winapi); } - long lLower, lUpper; - BSTR propName = nullptr; - _winapi.SafeArrayGetLBound(names, 1, &lLower); - _winapi.SafeArrayGetUBound(names, 1, &lUpper); + SafeArrayHandle namesHandle{names, _winapi}; + long lLower = 0, lUpper = 0; + _winapi.SafeArrayGetLBound(namesHandle.get(), 1, &lLower); + _winapi.SafeArrayGetUBound(namesHandle.get(), 1, &lUpper); + result.reserve(static_cast<size_t>(lUpper - lLower + 1)); for (long i = lLower; i <= lUpper; ++i) { - res = _winapi.SafeArrayGetElement(names, &i, &propName); + BSTR propName = nullptr; + res = _winapi.SafeArrayGetElement(namesHandle.get(), &i, &propName); + BStringHandle propHandle{propName, _winapi}; result.push_back(wstring(propName)); - _winapi.SysFreeString(propName); } - _winapi.SafeArrayDestroy(names); return result; }

6 years, 8 months

Windows agent: remove unused SysAllocString

by Jukka Aro

Module: check_mk Branch: master Commit: 1e06de2dd024c0e6ea85d6796db3509dccba06fa URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1e06de2dd024c0… Author: Jukka Aro <ja(a)mathias-kettner.de> Date: Thu Jan 11 09:39:12 2018 +0100 Windows agent: remove unused SysAllocString Change-Id: Iec99568db80d768ce5389e6c42279bc5edf5a974 --- agents/windows/WinApi.cc | 4 ---- agents/windows/WinApi.h | 1 - agents/windows/WinApiAdaptor.h | 1 - agents/windows/build_version | 2 +- agents/windows/test/MockWinApi.h | 1 - agents/windows/wmiHelper.cc | 25 ------------------------- agents/windows/wmiHelper.h | 2 -- 7 files changed, 1 insertion(+), 35 deletions(-) diff --git a/agents/windows/WinApi.cc b/agents/windows/WinApi.cc index eb3f477..88cc47e 100644 --- a/agents/windows/WinApi.cc +++ b/agents/windows/WinApi.cc @@ -713,10 +713,6 @@ HRESULT WinApi::SafeArrayGetUBound(SAFEARRAY *psa, UINT nDim, return ::SafeArrayGetUBound(psa, nDim, plUbound); } -BSTR WinApi::SysAllocString(const OLECHAR *ptr) const { - return ::SysAllocString(ptr); -} - void WinApi::SysFreeString(BSTR str) const { return ::SysFreeString(str); } HRESULT WinApi::VariantClear(VARIANTARG *pvarg) const { diff --git a/agents/windows/WinApi.h b/agents/windows/WinApi.h index 3678aee..2df151e 100644 --- a/agents/windows/WinApi.h +++ b/agents/windows/WinApi.h @@ -346,7 +346,6 @@ public: LONG *plLbound) const override; virtual HRESULT SafeArrayGetUBound(SAFEARRAY *psa, UINT nDim, LONG *plUbound) const override; - virtual BSTR SysAllocString(const OLECHAR *) const override; virtual void SysFreeString(BSTR) const override; virtual HRESULT VariantClear(VARIANTARG *pvarg) const override; diff --git a/agents/windows/WinApiAdaptor.h b/agents/windows/WinApiAdaptor.h index 77a1154..11407cd 100644 --- a/agents/windows/WinApiAdaptor.h +++ b/agents/windows/WinApiAdaptor.h @@ -382,7 +382,6 @@ public: LONG *plLbound) const = 0; virtual HRESULT SafeArrayGetUBound(SAFEARRAY *psa, UINT nDim, LONG *plUbound) const = 0; - virtual BSTR SysAllocString(const OLECHAR *) const = 0; virtual void SysFreeString(BSTR) const = 0; virtual HRESULT VariantClear(VARIANTARG *pvarg) const = 0; diff --git a/agents/windows/build_version b/agents/windows/build_version index 9bcc9f4..398a74e 100644 --- a/agents/windows/build_version +++ b/agents/windows/build_version @@ -1 +1 @@ -3058 +3060 diff --git a/agents/windows/test/MockWinApi.h b/agents/windows/test/MockWinApi.h index e19a164..82f165b 100644 --- a/agents/windows/test/MockWinApi.h +++ b/agents/windows/test/MockWinApi.h @@ -379,7 +379,6 @@ public: HRESULT(SAFEARRAY *psa, UINT nDim, LONG *plLbound)); MOCK_CONST_METHOD3(SafeArrayGetUBound, HRESULT(SAFEARRAY *psa, UINT nDim, LONG *plUbound)); - MOCK_CONST_METHOD1(SysAllocString, BSTR(const OLECHAR *)); MOCK_CONST_METHOD1(SysFreeString, void(BSTR)); MOCK_CONST_METHOD1(VariantClear, HRESULT(VARIANTARG *pvarg)); diff --git a/agents/windows/wmiHelper.cc b/agents/windows/wmiHelper.cc index ececad6..cb33a3f 100644 --- a/agents/windows/wmiHelper.cc +++ b/agents/windows/wmiHelper.cc @@ -496,28 +496,3 @@ Result Helper::getClass(LPCWSTR className) { } return Result(enumerator, _logger, _winapi); } - -ObjectWrapper Helper::call(ObjectWrapper &result, LPCWSTR method) { - // NOTE: currently broken and unused, only here as a starting point for - // future implementation - IWbemClassObject *outParams = nullptr; - - BSTR className; - HRESULT res = result._current->GetMethodOrigin(method, &className); - if (FAILED(res)) { - throw ComException( - string("Failed to determine method origin: ") + to_utf8(method), - res, _winapi); - } - - // please don't ask me why ExecMethod needs the method name in a writable - // buffer... - BSTR methodName = _winapi.SysAllocString(method); - - res = _services->ExecMethod(className, methodName, 0, nullptr, - result._current.get(), &outParams, nullptr); - - _winapi.SysFreeString(methodName); - - return ObjectWrapper(outParams, _logger, _winapi); -} diff --git a/agents/windows/wmiHelper.h b/agents/windows/wmiHelper.h index ca6aa2f..76c53d4 100644 --- a/agents/windows/wmiHelper.h +++ b/agents/windows/wmiHelper.h @@ -185,8 +185,6 @@ public: Result query(LPCWSTR query); Result getClass(LPCWSTR className); - ObjectWrapper call(ObjectWrapper &result, LPCWSTR method); - private: // get a locator that is used to look up WMI namespaces IWbemLocator *getWBEMLocator();

6 years, 8 months

Windows agent: avoid LocalAlloc when possible

by Jukka Aro

Module: check_mk Branch: master Commit: 9d15042c3a5e2bfa83a1e26a6dbfd878f5566fab URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9d15042c3a5e2b… Author: Jukka Aro <ja(a)mathias-kettner.de> Date: Thu Jan 11 09:36:03 2018 +0100 Windows agent: avoid LocalAlloc when possible If the use of LocalAlloc / LocalFree is not dictated by WinAPI, use platform-indenpendent standard memory allocation instead. Change-Id: Ia897347e4fbc6cbc7848b89daa539ff968bd77c2 --- agents/windows/build_version | 2 +- agents/windows/sections/SectionServices.cc | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/agents/windows/build_version b/agents/windows/build_version index 089bb23..9bcc9f4 100644 --- a/agents/windows/build_version +++ b/agents/windows/build_version @@ -1 +1 @@ -3056 +3058 diff --git a/agents/windows/sections/SectionServices.cc b/agents/windows/sections/SectionServices.cc index 89cdefb..80d6733 100644 --- a/agents/windows/sections/SectionServices.cc +++ b/agents/windows/sections/SectionServices.cc @@ -51,13 +51,12 @@ const char *SectionServices::serviceStartType(SC_HANDLE scm, if (dwError == ERROR_INSUFFICIENT_BUFFER) { start_type = "invalid4"; cbBufSize = dwBytesNeeded; - LocalMemoryHandle<LPQUERY_SERVICE_CONFIGW> lpsc{ - reinterpret_cast<LPQUERY_SERVICE_CONFIGW>( - _winapi.LocalAlloc(LMEM_FIXED, cbBufSize)), - _winapi}; - if (_winapi.QueryServiceConfig(schService.get(), lpsc.get(), + std::vector<BYTE> buffer(cbBufSize, 0); + LPQUERY_SERVICE_CONFIGW lpsc = + reinterpret_cast<LPQUERY_SERVICE_CONFIGW>(buffer.data()); + if (_winapi.QueryServiceConfig(schService.get(), lpsc, cbBufSize, &dwBytesNeeded)) { - switch (lpsc.get()->dwStartType) { + switch (lpsc->dwStartType) { case SERVICE_AUTO_START: start_type = "auto"; break;

6 years, 8 months

Make windows eventlog tests less sensitive

by Jukka Aro

Module: check_mk Branch: master Commit: 42085da1826499c86de1c424284c6f25f974d5ff URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=42085da1826499… Author: Jukka Aro <ja(a)mathias-kettner.de> Date: Thu Jan 11 08:15:27 2018 +0100 Make windows eventlog tests less sensitive Introduce a tolerance of 10 when verifying the expected eventstate.txt. Use this tolerance when verifying non-essential event logs (others than used for actual testing) as some system-dependent log entries may appear there sporadically in a race condition as we cannot easily turn reading both the eventlog and eventstate.txt into an atomic operation. When verifying the Application log actually used for testing, allow no tolerance (that is, use tolerance = 0). Even if not 100% secure, race conditions are far less probable in Application log. Change-Id: I27866c6554ebfebbfbb7b3de3fdfc936b414c59c --- agents/windows/it/test_section_eventlog.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/agents/windows/it/test_section_eventlog.py b/agents/windows/it/test_section_eventlog.py index 01af8c1..c7c02b1 100644 --- a/agents/windows/it/test_section_eventlog.py +++ b/agents/windows/it/test_section_eventlog.py @@ -1,5 +1,6 @@ import contextlib from itertools import chain, repeat +import math import os import platform import re @@ -23,6 +24,7 @@ testlog = 'Application' testsource = 'Test source' testeventtype = 'Warning' testdescription = 'Something might happen!' +tolerance = 10 testids = range(1, 3) @@ -171,9 +173,12 @@ def verify_eventstate(): sorted(expected_eventstate.items()), sorted(actual_eventstate.items())): assert expected_log == actual_log - assert expected_state == actual_state, ( - "expected state for log '%s' is %d, actual state %d" % - (expected_log, expected_state, actual_state)) + state_tolerance = 0 if expected_log == testlog else tolerance + assert math.fabs( + expected_state - actual_state) <= state_tolerance, ( + "expected state for log '%s' is %d, actual state %d, " + "state_tolerance %d" % (expected_log, expected_state, + actual_state, state_tolerance)) @pytest.mark.usefixtures("no_statefile")

6 years, 8 months

Added suppressions for Bandit.

by Sven Panne

Module: check_mk Branch: master Commit: d80be9a91ef69b180029b68460a0b1ed66085086 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d80be9a91ef69b… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Wed Jan 10 17:01:18 2018 +0100 Added suppressions for Bandit. Change-Id: I5299f88bbf48348046e65520f15ad98fdc396b81 --- agents/windows/it/remote.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agents/windows/it/remote.py b/agents/windows/it/remote.py index 6352078..27506b9 100644 --- a/agents/windows/it/remote.py +++ b/agents/windows/it/remote.py @@ -6,7 +6,7 @@ import pytest import re import subprocess import sys -import telnetlib +import telnetlib # nosec # To use another host for running the tests, replace this IP address. remote_ip = '10.1.2.30' @@ -71,7 +71,7 @@ def actual_output(write_config, wait_agent): p = subprocess.Popen([agent_exe, 'adhoc']) # Override wait_agent in tests to wait for async processes to start. wait_agent() - telnet = telnetlib.Telnet(host, port) + telnet = telnetlib.Telnet(host, port) # nosec yield telnet.read_all().splitlines() finally: try:

6 years, 8 months

5632 SEC Fixed XSS when rendering values of dropdown choices

by Lars Michelsen

Module: check_mk Branch: master Commit: 4de133ace84152390d5bba18e7997ebdfa5c7c8a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4de133ace84152… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jan 10 16:20:10 2018 +0100 5632 SEC Fixed XSS when rendering values of dropdown choices When using the WATO configuration it was possible to create e.g. a service level definition with javascript code in it's alias. When this definition was configured in a rule of the ruleset "Service Level of Hosts", the javascript code could be executed in the browsers context of the user viewing the rule. The insertion of the javascript code is only possible for authenticated users with the permission to configure Check_MK. Change-Id: I968949787a22c30b63bcf3f4cf18a9a921d40770 --- .werks/5632 | 18 ++++++++++++++++++ web/htdocs/valuespec.py | 4 ++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/.werks/5632 b/.werks/5632 new file mode 100644 index 0000000..e1d57c8 --- /dev/null +++ b/.werks/5632 @@ -0,0 +1,18 @@ +Title: Fixed XSS when rendering values of dropdown choices +Level: 1 +Component: multisite +Class: security +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i3 +Date: 1515597400 + +When using the WATO configuration it was possible to create e.g. +a service level definition with javascript code in it's alias. When +this definition was configured in a rule of the ruleset +"Service Level of Hosts", the javascript code could be executed in the +browsers context of the user viewing the rule. + +The insertion of the javascript code is only possible for authenticated +users with the permission to configure Check_MK. diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py index 63f91c3..c444209 100644 --- a/web/htdocs/valuespec.py +++ b/web/htdocs/valuespec.py @@ -1619,9 +1619,9 @@ class DropdownChoice(ValueSpec): val, title = entry[:2] if value == val: if self._help_separator: - return title.split(self._help_separator, 1)[0].strip() + return html.attrencode(title.split(self._help_separator, 1)[0].strip()) else: - return title + return html.attrencode(title) return html.attrencode(self._get_invalid_choice_title(value))

6 years, 8 months

Also escape service levels (and other custom vars) in status GUI

by Lars Michelsen

Module: check_mk Branch: master Commit: 9392a8e4f26a38f8306033dbfe08edbc729503a8 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9392a8e4f26a38… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jan 10 16:24:24 2018 +0100 Also escape service levels (and other custom vars) in status GUI Change-Id: I59aca47895fb8fe040ea0c6e7ec35aad2a729780 --- web/plugins/views/painters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/plugins/views/painters.py b/web/plugins/views/painters.py index ad3ffd4..1d44d64 100644 --- a/web/plugins/views/painters.py +++ b/web/plugins/views/painters.py @@ -155,7 +155,7 @@ def paint_custom_var(what, key, row, choices=None): custom_val = custom_vars[key] if choices: custom_val = dict(choices).get(int(custom_val), custom_val) - return key, custom_val + return key, html.attrencode(custom_val) return key, ""

6 years, 8 months

← Newer
1
...
17
18
19
20
21
22
23
...
26
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits January 2018