use safe for most eval (#2686)

This commit is contained in:
qgarnier 2021-03-29 16:17:44 +02:00 committed by GitHub
parent afd53bcee3
commit 005dd5e042
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 5 deletions

View File

@ -26,6 +26,7 @@ use strict;
use warnings;
use JSON::XS;
use centreon::plugins::statefile;
use Safe;
sub custom_select_threshold {
my ($self, %options) = @_;
@ -37,15 +38,19 @@ sub custom_select_threshold {
local $SIG{__DIE__} = sub { $message = $_[0]; };
if (defined($self->{result_values}->{config}->{critical}) && $self->{result_values}->{config}->{critical} &&
eval "$self->{result_values}->{config}->{critical}") {
$self->{instance_mode}->{safe}->reval($self->{result_values}->{config}->{critical})) {
$status = 'critical';
} elsif (defined($self->{result_values}->{config}->{warning}) && $self->{result_values}->{config}->{warning} ne '' &&
eval "$self->{result_values}->{config}->{warning}") {
$self->{instance_mode}->{safe}->reval($self->{result_values}->{config}->{warning})) {
$status = 'warning';
} elsif (defined($self->{result_values}->{config}->{unknown}) && $self->{result_values}->{config}->{unknown} &&
eval "$self->{result_values}->{config}->{unknown}") {
$self->{instance_mode}->{safe}->reval($self->{result_values}->{config}->{unknown})) {
$status = 'unknown';
}
if ($@) {
$self->{output}->add_option_msg(short_msg => 'Unsafe code evaluation: ' . $@);
$self->{output}->option_exit();
}
};
if (defined($message)) {
$self->{output}->output_add(long_msg => 'filter status issue: ' . $message);
@ -124,6 +129,7 @@ sub new {
'filter-selection:s%' => { name => 'filter_selection' },
});
$self->{safe} = Safe->new();
$self->{snmp_cache} = centreon::plugins::statefile->new(%options);
return $self;
}
@ -737,7 +743,12 @@ sub check_filter {
return 0 if (!defined($options{filter}) || $options{filter} eq '');
$options{filter} =~ s/%\(([a-z-A-Z0-9\.]+?)\)/\$self->{expand}->{'$1'}/g;
return 0 if (eval "$options{filter}");
my $result = $self->{safe}->reval("$options{filter}");
if ($@) {
$self->{output}->add_option_msg(short_msg => 'Unsafe code evaluation: ' . $@);
$self->{output}->option_exit();
}
return 0 if ($result);
return 1;
}

View File

@ -753,9 +753,23 @@ sub compat_threshold_counter {
sub change_macros {
my ($self, %options) = @_;
my ($code) = centreon::plugins::misc::mymodule_load(
output => $self->{output}, module => 'Safe',
no_quit => 1
);
my $safe;
$safe = Safe->new() if ($code == 0);
foreach (@{$options{macros}}) {
if (defined($self->{option_results}->{$_})) {
if (defined($self->{option_results}->{$_}) && $self->{option_results}->{$_} ne '') {
$self->{option_results}->{$_} =~ s/%\{(.*?)\}/\$self->{result_values}->{$1}/g;
if ($code == 0) {
my $result = $safe->reval($self->{option_results}->{$_});
if ($@) {
$self->{output}->add_option_msg(short_msg => 'Unsafe code evaluation: ' . $@);
$self->{output}->option_exit();
}
}
}
}
}