Module: check_mk
Branch: master
Commit: e45a7e631a7cabd2653a0142069a99ee033c87d9
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e45a7e631a7cab…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Nov 11 14:15:36 2016 +0100
tar handling: Cleaned up subprocess involving shell; Using standard StringIO() instead of
own buffer object
---
bandit.yaml | 2 +-
cmk_base/agent_simulator.py | 2 +-
web/htdocs/multitar.py | 25 ++++++++-----------------
3 files changed, 10 insertions(+), 19 deletions(-)
diff --git a/bandit.yaml b/bandit.yaml
index de70674..b655c6b 100644
--- a/bandit.yaml
+++ b/bandit.yaml
@@ -86,7 +86,7 @@ exclude_dirs:
tests:
# (optional) list skipped test IDs here, eg '[B101, B406]':
-skips:
+skips: [B404]
### (optional) plugin settings - some test plugins require configuration data
### that may be given here, per-plugin. All bandit test plugins have a built in
diff --git a/cmk_base/agent_simulator.py b/cmk_base/agent_simulator.py
index bb6d953..6cc838a 100644
--- a/cmk_base/agent_simulator.py
+++ b/cmk_base/agent_simulator.py
@@ -42,7 +42,7 @@ def process(output):
if e == -1:
break
simfunc = output[i+2 : e]
- replacement = str(eval("agentsim_" + simfunc))
+ replacement = str(eval("agentsim_" + simfunc)) # nosec
output = output[:i] + replacement + output[e+1:]
except Exception, e:
if cmk.debug.enabled():
diff --git a/web/htdocs/multitar.py b/web/htdocs/multitar.py
index 7e7c205..37b6dcb 100644
--- a/web/htdocs/multitar.py
+++ b/web/htdocs/multitar.py
@@ -29,23 +29,10 @@
import cmk.paths
import os, tarfile, time, shutil, cStringIO, grp
+import subprocess
import traceback
from lib import *
-class fake_file:
- def __init__(self, content):
- self.content = content
- self.pointer = 0
-
- def size(self):
- return len(self.content)
-
- def read(self, size):
- new_end = self.pointer + size
- data = self.content[self.pointer:new_end]
- self.pointer = new_end
- return data
-
def create(filename, components):
tar = tarfile.open(filename, "w:gz")
for what, name, path in components:
@@ -58,8 +45,11 @@ def create(filename, components):
basedir = os.path.dirname(abspath)
filename = os.path.basename(abspath)
subtarname = name + ".tar"
- subdata = os.popen("tar cf - --dereference --force-local -C '%s'
'%s'" % \
- (basedir, filename)).read()
+
+ subdata = subprocess.check_output([
+ "tar", "cf", "-",
"--dereference", "--force-local",
+ "-C", basedir, filename
+ ])
info = tarfile.TarInfo(subtarname)
info.mtime = time.time()
@@ -69,7 +59,8 @@ def create(filename, components):
info.mode = 0644
info.type = tarfile.REGTYPE
info.name = subtarname
- tar.addfile(info, fake_file(subdata))
+
+ tar.addfile(info, cStringIO.StringIO(subdata))
def extract_from_buffer(buffer, elements):
stream = cStringIO.StringIO()