Checkmk git commits October 2018

checkmk-commits@lists.checkmk.com

15 participants
308 discussions

Cleaned up python warnings found during unit test execution

by Lars Michelsen

Module: check_mk Branch: master Commit: 1f99559d1ae302367bab753caad93d05ec3e41de URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1f99559d1ae302… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 19:26:19 2018 +0200 Cleaned up python warnings found during unit test execution Change-Id: I4d4e50ebcf24d6ef0823369314159fc9c2fa17e3 --- cmk/gui/bi.py | 4 ++-- tests/conftest.py | 4 ++-- tests/unit/cmk/gui/test_htmllib_OutputFunnel.py | 4 ++-- tests/unit/cmk_base/test_checks.py | 2 -- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/cmk/gui/bi.py b/cmk/gui/bi.py index c1c5d45..87edc8d 100644 --- a/cmk/gui/bi.py +++ b/cmk/gui/bi.py @@ -24,13 +24,13 @@ # to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, # Boston, MA 02110-1301 USA. +import hashlib import re import pprint import time import os import marshal import fcntl -import md5 import multiprocessing from contextlib import contextmanager import traceback @@ -413,7 +413,7 @@ class JobWorker(multiprocessing.Process): # Generates a unique id for the given entry def get_hash(entry): - return md5.md5(repr(entry) + repr(job)).hexdigest() + return hashlib.md5(repr(entry) + repr(job)).hexdigest() for group in {sg for g in groups for sg in g}: # Flattened groups new_entries_hash = map(get_hash, new_entries) diff --git a/tests/conftest.py b/tests/conftest.py index a24aa53..d24a751 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -57,7 +57,7 @@ def pytest_configure(config): def pytest_collection_modifyitems(items): """Mark collected test types based on their location""" for item in items: - type_marker = item.get_marker("type") + type_marker = item.get_closest_marker("type") if type_marker and type_marker.args: continue # Do not modify manually set marks @@ -82,7 +82,7 @@ def pytest_collection_modifyitems(items): def pytest_runtest_setup(item): """Skip tests of unwanted types""" - test_type = item.get_marker("type") + test_type = item.get_closest_marker("type") if test_type is None: raise Exception("Test is not TYPE marked: %s" % item) diff --git a/tests/unit/cmk/gui/test_htmllib_OutputFunnel.py b/tests/unit/cmk/gui/test_htmllib_OutputFunnel.py index 96f7032..d7b26ce 100644 --- a/tests/unit/cmk/gui/test_htmllib_OutputFunnel.py +++ b/tests/unit/cmk/gui/test_htmllib_OutputFunnel.py @@ -106,7 +106,7 @@ def test_output_funnel_context_raise(html): assert html.plug_text == [['B']] raise Exception("Test exception") except Exception, e: - assert e.message == "Test exception" + assert "%s" % e == "Test exception" finally: assert not html.is_plugged() @@ -124,7 +124,7 @@ def test_output_funnel_try_finally(html): html.write("finally2\n") except Exception, e: html.write("except1\n") - html.write("%s\n" % e.message) + html.write("%s\n" % e) finally: html.write("finally1\n") assert html.written == "try1\ntry2\nexcept2\nfinally2\nexcept1\nError\nfinally1\n" diff --git a/tests/unit/cmk_base/test_checks.py b/tests/unit/cmk_base/test_checks.py index f273a3b..440c385 100644 --- a/tests/unit/cmk_base/test_checks.py +++ b/tests/unit/cmk_base/test_checks.py @@ -1,6 +1,5 @@ import pytest -import cmk_base.discovery as discovery import cmk_base.config as config import cmk_base.check_utils import cmk_base.check_api as check_api @@ -67,7 +66,6 @@ def test_do_status_data_inventory_for(monkeypatch, result, ruleset): ############ Management board checks -(a)pytest.fixture def _check_plugins(): return { "tcp_check_mgmt_only" : "mgmt_only",

5 years, 8 months

Removed outdated comment

by Lars Michelsen

Module: check_mk Branch: master Commit: 415ac63c1b16c7e5af1630babddb33e8dd5d8680 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=415ac63c1b16c7… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Oct 19 08:21:45 2018 +0200 Removed outdated comment Change-Id: Idd2c1e27582d98b1a4f0d3b93cf16d4be8a36968 --- cmk/gui/plugins/wato/__init__.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmk/gui/plugins/wato/__init__.py b/cmk/gui/plugins/wato/__init__.py index 9c5a8f9..556cdb2 100644 --- a/cmk/gui/plugins/wato/__init__.py +++ b/cmk/gui/plugins/wato/__init__.py @@ -36,9 +36,6 @@ from cmk.plugin_loader import load_plugins # | |___/ | # '----------------------------------------------------------------------' -# TODO: Would be better to replace this star import with an explicit list of -# names needed for the plugins. Then we would have something like an official -# plugin API. At least a list of names that are intended to be used by plugins. from cmk.gui.plugins.wato.utils import ( ACResultCRIT, ACResultOK,

5 years, 8 months

6505 FIX Avoid CMC crash during event helper restarts.

by Sven Panne

Module: check_mk Branch: master Commit: eb91c585e3e3768990602de0f43eea35c3179679 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=eb91c585e3e376… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Thu Oct 18 15:36:20 2018 +0200 6505 FIX Avoid CMC crash during event helper restarts. When an event helper (for notifications/alerts) should be restarted, the Check_MK Micro Core could go into an infinite recursion, ultimately leading to a crash of the CMC itself. This has been fixed. CMK-1117 Change-Id: I3f474453466abd299ca8cdc1e87140e824c8a120 --- .werks/6505 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.werks/6505 b/.werks/6505 new file mode 100644 index 0000000..c661ecc --- /dev/null +++ b/.werks/6505 @@ -0,0 +1,15 @@ +Title: Avoid CMC crash during event helper restarts. +Level: 1 +Component: core +Compatible: compat +Edition: cee +Version: 1.6.0i1 +Date: 1539869658 +Class: fix + +When an event helper (for notifications/alerts) should be restarted, the +Check_MK Micro Core could go into an infinite recursion, ultimately leading +to a crash of the CMC itself. This has been fixed. + +CMK-1117 +

5 years, 8 months

Fixed pick issue; Cleaned up multiple inheritance on the way

by Lars Michelsen

Module: check_mk Branch: master Commit: 399d81a9fde0f7a7f67355f1c7421e018d1e9b7f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=399d81a9fde0f7… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 17:40:43 2018 +0200 Fixed pick issue; Cleaned up multiple inheritance on the way Change-Id: I7d67f179ea1d4b9ac1023f968aabb814771d8553 --- cmk/gui/plugins/wato/ac_tests.py | 43 ++++++---------------------------------- cmk/gui/watolib.py | 31 +++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/cmk/gui/plugins/wato/ac_tests.py b/cmk/gui/plugins/wato/ac_tests.py index 05ec188..3fb7d24 100644 --- a/cmk/gui/plugins/wato/ac_tests.py +++ b/cmk/gui/plugins/wato/ac_tests.py @@ -417,38 +417,7 @@ class ACTestBackupNotEncryptedConfigured(ACTest): -class ACMicrocoreTest(object): - """Abstract base class for microcore specific tests""" - __metaclass__ = abc.ABCMeta - - def _uses_microcore(self): - local_connection = sites.livestatus.LocalConnection() - version = local_connection.query_value("GET status\nColumns: program_version\n", deflt="") - return version.startswith("Check_MK") - - - def _get_effective_global_setting(self, varname): - global_settings = watolib.load_configuration_settings() - default_values = watolib.ConfigDomain().get_all_default_globals() - - if watolib.is_wato_slave_site(): - current_settings = watolib.load_configuration_settings(site_specific=True) - else: - sites = watolib.SiteManagementFactory.factory().load_sites() - current_settings = sites[config.omd_site()].get("globals", {}) - - if varname in current_settings: - value = current_settings[varname] - elif varname in global_settings: - value = global_settings[varname] - else: - value = default_values[varname] - - return value - - - -class ACApacheTest(object): +class ACApacheTest(ACTest): """Abstract base class for apache related tests""" __metaclass__ = abc.ABCMeta @@ -483,7 +452,7 @@ class ACApacheTest(object): -class ACTestApacheNumberOfProcesses(ACTest, ACApacheTest): +class ACTestApacheNumberOfProcesses(ACApacheTest): def category(self): return ACTestCategories.performance @@ -567,7 +536,7 @@ class ACTestApacheNumberOfProcesses(ACTest, ACApacheTest): -class ACTestApacheProcessUsage(ACTest, ACApacheTest): +class ACTestApacheProcessUsage(ACApacheTest): def category(self): return ACTestCategories.performance @@ -609,7 +578,7 @@ class ACTestApacheProcessUsage(ACTest, ACApacheTest): -class ACTestCheckMKHelperUsage(ACTest, ACMicrocoreTest): +class ACTestCheckMKHelperUsage(ACTest): def category(self): return ACTestCategories.performance @@ -671,7 +640,7 @@ class ACTestCheckMKHelperUsage(ACTest, ACMicrocoreTest): -class ACTestAlertHandlerEventTypes(ACTest, ACMicrocoreTest): +class ACTestAlertHandlerEventTypes(ACTest): def category(self): return ACTestCategories.performance @@ -699,7 +668,7 @@ class ACTestAlertHandlerEventTypes(ACTest, ACMicrocoreTest): -class ACTestGenericCheckHelperUsage(ACTest, ACMicrocoreTest): +class ACTestGenericCheckHelperUsage(ACTest): def category(self): return ACTestCategories.performance diff --git a/cmk/gui/watolib.py b/cmk/gui/watolib.py index 15ec529..3ebf4b4 100644 --- a/cmk/gui/watolib.py +++ b/cmk/gui/watolib.py @@ -10198,10 +10198,41 @@ class ACTest(object): return self._results + def _uses_microcore(self): + """Whether or not the local site is using the CMC""" + local_connection = sites.livestatus.LocalConnection() + version = local_connection.query_value("GET status\nColumns: program_version\n", deflt="") + return version.startswith("Check_MK") + + + def _get_effective_global_setting(self, varname): + global_settings = load_configuration_settings() + default_values = ConfigDomain().get_all_default_globals() + + if is_wato_slave_site(): + current_settings = load_configuration_settings(site_specific=True) + else: + sites = SiteManagementFactory.factory().load_sites() + current_settings = sites[config.omd_site()].get("globals", {}) + + if varname in current_settings: + value = current_settings[varname] + elif varname in global_settings: + value = global_settings[varname] + else: + value = default_values[varname] + + return value + + def check_analyze_config(): results = [] + # TODO: I'll clean up this plugin mechanism soon for test_cls in ACTest.__subclasses__(): # pylint: disable=no-member + if test_cls.__subclasses__(): # pylint: disable=no-member + continue # Only use leaf classes + test = test_cls() if not test.is_relevant():

5 years, 8 months

Reserved 20 Werk IDS

by Lars Michelsen

Module: check_mk Branch: master Commit: 03d9cb8c1a792a35cb41b00ba62706294a94311e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=03d9cb8c1a792a… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 17:18:07 2018 +0200 Reserved 20 Werk IDS Change-Id: Id438c2ae173eb3df6fdb9dc347b4be5a33419329 --- .werks/first_free | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.werks/first_free b/.werks/first_free index f611b29..8af922a 100644 --- a/.werks/first_free +++ b/.werks/first_free @@ -1 +1 @@ -6841 +6861

5 years, 8 months

Revert "Added some debug output."

by Sven Panne

Module: check_mk Branch: master Commit: 400c80962aa03ae942c54f34b0b234216eb3d76f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=400c80962aa03a… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Thu Oct 18 16:39:12 2018 +0200 Revert "Added some debug output." This reverts commit 2c6d3de5b80af2adc204d91946ee72b6fe7b6727. --- tests/conftest.py | 2 -- tests/testlib/__init__.py | 2 -- 2 files changed, 4 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index 629f702..a24aa53 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,7 +1,5 @@ # This file initializes the py.test environment -print("==================== executing tests/conftest.py") - import pytest # TODO: Can we somehow push some of the registrations below to the subdirectories? pytest.register_assert_rewrite( diff --git a/tests/testlib/__init__.py b/tests/testlib/__init__.py index 759354e..c5adeca 100644 --- a/tests/testlib/__init__.py +++ b/tests/testlib/__init__.py @@ -1,8 +1,6 @@ #!/usr/bin/env python # encoding: utf-8 -print("==================== executing tests/testlib/__init__.py") - import os import glob import pwd

5 years, 8 months

6788 SEC Notification spooler: Fixed deserialization of arbitrary input

by Lars Michelsen

Module: check_mk Branch: master Commit: cb28df62e93bcb91c3b077fdd28688cf8701604c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cb28df62e93bcb… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 14:52:45 2018 +0200 6788 SEC Notification spooler: Fixed deserialization of arbitrary input The notification daemon of one site connects to the notification daemon of another site to exchange notifications between both sites. The messages that are sent between the notification daemons were encoded in an insecure format which allowed code injections between the communication partners. This means it was possible to inject code from one notification spooler to another. We have now changed the message format to a secure alternative which prevents code injections. To be able to perform this transition without loosing notifications and preventing subtile incompatibilities we decided to keep the new format disabled by default for all sites created with Check_MK 1.4 and 1.5. This means your installation will still be affected by this issue by default after updating. However, once you have updated all your sites to at least 1.4.0p37 in case of the 1.4.0 branch or or at least 1.5.0p7 in case of the 1.5.0 branch you can change the main configuration option "Notification Spooler insecure messages" to "off" and activate the new configuration. Once you have done this all notification spoolers will use the new secure message format. Please note that the 1.6 notification spoolers will always use the new message format and not be compatible to the old message format of the 1.5 notification spoolers anymore. If you plan to use 1.5 and 1.6 together during migration you will have to ensure that you use the new message format in your 1.5 sites. CMK-1156 Change-Id: I1815c94c24f0063d42985938dbc977dde597e1bb --- .werks/6788 | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/.werks/6788 b/.werks/6788 new file mode 100644 index 0000000..acfd538 --- /dev/null +++ b/.werks/6788 @@ -0,0 +1,36 @@ +Title: Notification spooler: Fixed deserialization of arbitrary input +Level: 2 +Component: notifications +Class: security +Compatible: incomp +Edition: cee +State: unknown +Version: 1.6.0i1 +Date: 1539862587 + +The notification daemon of one site connects to the notification daemon of +another site to exchange notifications between both sites. + +The messages that are sent between the notification daemons were encoded in an +insecure format which allowed code injections between the communication +partners. This means it was possible to inject code from one notification +spooler to another. + +We have now changed the message format to a secure alternative which prevents +code injections. + +To be able to perform this transition without loosing notifications and +preventing subtile incompatibilities we decided to keep the new format disabled +by default for all sites created with Check_MK 1.4 and 1.5. This means your +installation will still be affected by this issue by default after updating. + +However, once you have updated all your sites to at least 1.4.0p37 in case of +the 1.4.0 branch or or at least 1.5.0p7 in case of the 1.5.0 branch you can +change the main configuration option "Notification Spooler insecure messages" +to "off" and activate the new configuration. Once you have done this all +notification spoolers will use the new secure message format. + +Please note that the 1.6 notification spoolers will always use the new message +format and not be compatible to the old message format of the 1.5 notification +spoolers anymore. If you plan to use 1.5 and 1.6 together during migration you +will have to ensure that you use the new message format in your 1.5 sites.

5 years, 8 months

6786 SEC Livestatus proxy: Fixed file path traversal vulnerability

by Lars Michelsen

Module: check_mk Branch: master Commit: ec4a5fd821bea17767d538bf58683e66b7f1fb5a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ec4a5fd821bea1… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 14:46:39 2018 +0200 6786 SEC Livestatus proxy: Fixed file path traversal vulnerability The livestatus proxy connects to the livestatus server of remote sites. One task is to fetch the inventory data of the remote site and replicate it to the master site to make client accesses faster. The livestatus proxy was not validating the incoming data correctly which made it possible for an attacker that has access to the remote sites to compromise the site the livestatus proxy daemon is running in. Using this vulnerability it was possible to write write files in directories that are writable by the liveproxy site user. This could be used to gain access to the liveproxy site. CMK-1153 Change-Id: Ie4de43fc2f8603ba9f03198384a41291ccee726d --- .werks/6786 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.werks/6786 b/.werks/6786 new file mode 100644 index 0000000..8f0095e --- /dev/null +++ b/.werks/6786 @@ -0,0 +1,20 @@ +Title: Livestatus proxy: Fixed file path traversal vulnerability +Level: 2 +Component: liveproxy +Class: security +Compatible: compat +Edition: cee +State: unknown +Version: 1.6.0i1 +Date: 1539844674 + +The livestatus proxy connects to the livestatus server of remote sites. One task is to +fetch the inventory data of the remote site and replicate it to the master site to make +client accesses faster. + +The livestatus proxy was not validating the incoming data correctly which made it possible +for an attacker that has access to the remote sites to compromise the site the livestatus +proxy daemon is running in. + +Using this vulnerability it was possible to write write files in directories that are writable +by the liveproxy site user. This could be used to gain access to the liveproxy site.

5 years, 8 months

6787 SEC Notification spooler: Fixed file path traversal vulnerability

by Lars Michelsen

Module: check_mk Branch: master Commit: cb1a576289ad7cd96e142b0376a45d6eaaf09a10 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cb1a576289ad7c… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 09:23:19 2018 +0200 6787 SEC Notification spooler: Fixed file path traversal vulnerability The notification daemon of one site connects to the notification daemon of another site to exchange notifications between both sites. The notification daemon was not validating the incoming data correctly which made it possible for an attacker that has access to the notification sending site to compromise the receiving site. Using this vulnerability it was possible to write write files in directories that are writable by the receiving site user. This could be used to gain access to the site. CMK-1157 Change-Id: I20cc050a096e3f93827741a9d162c509d575e6fe --- .werks/6787 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.werks/6787 b/.werks/6787 new file mode 100644 index 0000000..52107b8 --- /dev/null +++ b/.werks/6787 @@ -0,0 +1,19 @@ +Title: Notification spooler: Fixed file path traversal vulnerability +Level: 2 +Component: notifications +Class: security +Compatible: compat +Edition: cee +State: unknown +Version: 1.6.0i1 +Date: 1539847243 + +The notification daemon of one site connects to the notification daemon of another site +to exchange notifications between both sites. + +The notification daemon was not validating the incoming data correctly which made it possible +for an attacker that has access to the notification sending site to compromise the receiving +site. + +Using this vulnerability it was possible to write write files in directories that are writable +by the receiving site user. This could be used to gain access to the site.

5 years, 8 months

Replaced deprecated tuple parameters.

by Sven Panne

Module: check_mk Branch: master Commit: c2a0f4ae0727cd6bacb1b6330f461c2c69125625 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c2a0f4ae0727cd… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Thu Oct 18 11:59:02 2018 +0200 Replaced deprecated tuple parameters. This is a Python-2-only feature, which has been deprecated in PEP 3113 since 2007, see https://www.python.org/dev/peps/pep-3113/. Some tools (e.g. Bandit) don't like this feature anymore at all, so it's a good time to remove it. This is a totally mechanical change done by 2to3's tuple_params fix, followed by a few naming improvements here and there. Change-Id: Ibd0a6e616be76c99c42a1a1e3405032f88d63d32 --- bin/mkbackup | 6 +++--- checks/j4p_performance | 6 ++++-- checks/jolokia_metrics | 12 ++++++++---- checks/omd_apache | 2 +- checks/sap | 6 +++--- cmk/gui/backup.py | 4 ++-- cmk/gui/plugins/metrics/utils.py | 2 +- cmk/gui/userdb.py | 2 +- cmk/gui/wato/pages/backup.py | 2 +- cmk/gui/wato/pages/rulesets.py | 2 +- cmk/gui/watolib.py | 2 +- doc/helpers/reindent.py | 3 ++- 12 files changed, 28 insertions(+), 21 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c2a0f4ae07…

5 years, 8 months

← Newer
1
...
9
10
11
12
13
14
15
...
31
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits October 2018