tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-09-22 09:17:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disallow nested config objects

Browse Source 
refs #8633
This commit is contained in:
Alexander A. Klimov 2021-03-04 12:13:22 +01:00
parent 9abf482708
commit 924068ceb8
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/config/configitem.cpp
View File

@ -7,6 +7,7 @@
#include "config/configcompiler.hpp"
#include "base/application.hpp"
#include "base/configtype.hpp"
#include "base/defer.hpp"
#include "base/objectlock.hpp"
#include "base/convert.hpp"
#include "base/logger.hpp"
@ -31,6 +32,8 @@
using namespace icinga;
std::mutex ConfigItem::m_Mutex;
thread_local bool ConfigItem::m_CommitInProgress = false;
ConfigItem::TypeMap ConfigItem::m_Items;
ConfigItem::TypeMap ConfigItem::m_DefaultTemplates;
ConfigItem::ItemList ConfigItem::m_UnnamedItems;
@ -190,6 +193,9 @@ ConfigObject::Ptr ConfigItem::Commit(bool discard)
if (m_Scope)
m_Scope->CopyTo(frame.Locals);
try {
m_CommitInProgress = true;
Defer resetCommitInProgress ([this]() { m_CommitInProgress = false; });
m_Expression->Evaluate(frame, &debugHints);
} catch (const std::exception& ex) {
if (m_IgnoreOnError) {

7
lib/config/configitem.hpp
View File

@ -63,6 +63,12 @@ public:
static void RemoveIgnoredItems(const String& allowedConfigPath);
static inline
bool RunsInCommitContext()
{
return m_CommitInProgress;
}
private:
Type::Ptr m_Type; /**< The object type. */
String m_Name; /**< The name. */
@ -81,6 +87,7 @@ private:
ConfigObject::Ptr m_Object;
static std::mutex m_Mutex;
static thread_local bool m_CommitInProgress;
typedef std::map<String, ConfigItem::Ptr> ItemMap;
typedef std::map<Type::Ptr, ItemMap> TypeMap;

6
lib/config/expression.cpp
View File

@ -912,6 +912,9 @@ ExpressionResult ApplyExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhin
if (frame.Sandboxed)
BOOST_THROW_EXCEPTION(ScriptError("Apply rules are not allowed in sandbox mode.", m_DebugInfo));
if (ConfigItem::RunsInCommitContext())
BOOST_THROW_EXCEPTION(ScriptError("Nested objects are not allowed", m_DebugInfo));
ExpressionResult nameres = m_Name->Evaluate(frame);
CHECK_RESULT(nameres);
@ -935,6 +938,9 @@ ExpressionResult ObjectExpression::DoEvaluate(ScriptFrame& frame, DebugHint *dhi
if (frame.Sandboxed)
BOOST_THROW_EXCEPTION(ScriptError("Object definitions are not allowed in sandbox mode.", m_DebugInfo));
if (ConfigItem::RunsInCommitContext())
BOOST_THROW_EXCEPTION(ScriptError("Nested objects are not allowed", m_DebugInfo));
ExpressionResult typeres = m_Type->Evaluate(frame, dhint);
CHECK_RESULT(typeres);
Type::Ptr type = typeres.GetValue();