Project

General

Profile

0001-Fix-4648-store-default-values-securely.patch

fix for review - Marek Hulán, 03/13/2014 03:46 PM

View differences:

lib/kafo/configuration.rb
1 1
# encoding: UTF-8
2 2
require 'yaml'
3
require 'tmpdir'
3 4
require 'kafo/puppet_module'
4 5
require 'kafo/password_manager'
5 6

  
......
75 76

  
76 77
    def params_default_values
77 78
      @params_default_values ||= begin
79
        @logger.debug "Creating tmp dir within #{app[:default_values_dir]}..."
80
        temp_dir = Dir.mktmpdir(nil, app[:default_values_dir])
81
        KafoConfigure.register_cleanup_path temp_dir
78 82
        @logger.info "Parsing default values from puppet modules..."
79
        command = PuppetCommand.new("#{includes} dump_values(#{params})").append('2>&1').command
83
        command = PuppetCommand.new("$temp_dir=\"#{temp_dir}\" #{includes} dump_values(#{params})").append('2>&1').command
80 84
        @logger.debug `#{command}`
81 85
        unless $?.exitstatus == 0
82 86
          log = app[:log_dir] + '/' + app[:log_name]
......
85 89
          KafoConfigure.exit(:defaults_error)
86 90
        end
87 91
        @logger.info "... finished"
88
        YAML.load_file(File.join(KafoConfigure.config.app[:default_values_dir], 'default_values.yaml'))
92
        YAML.load_file(File.join(temp_dir, 'default_values.yaml'))
89 93
      end
90 94
    end
91 95

  
lib/kafo/kafo_configure.rb
24 24
  class KafoConfigure < Clamp::Command
25 25
    include StringHelper
26 26

  
27

  
28 27
    class << self
29 28
      attr_accessor :config, :root_dir, :config_file, :gem_root, :temp_config_file,
30 29
                    :modules_dir, :kafo_modules_dir, :verbose, :app_options, :logger
31 30
      attr_writer :hooking
32 31

  
32
      def cleanup_paths
33
        @cleanup_paths ||= []
34
      end
35

  
33 36
      def hooking
34 37
        @hooking ||= Hooking.new
35 38
      end
......
113 116
    end
114 117

  
115 118
    def self.exit(code)
119
      cleanup
116 120
      @exit_code = translate_exit_code(code)
117 121
      throw :exit
118 122
    end
......
136 140
      end
137 141
    end
138 142

  
143
    def self.cleanup
144
      # make sure default values are removed from /tmp
145
      (self.cleanup_paths + ['/tmp/default_values.yaml']).each do |file|
146
        logger.debug "Cleaning #{file}"
147
        FileUtils.rm_rf(file)
148
      end
149
    end
150

  
151
    def self.register_cleanup_path(path)
152
      self.cleanup_paths<< path
153
    end
154

  
155
    def register_cleanup_path(path)
156
      self.class.register_cleanup_path(path)
157
    end
158

  
159
    def cleanup_paths
160
      self.class.cleanup_paths
161
    end
162

  
139 163
    def help
140 164
      self.class.help(invocation_path, self)
141 165
    end
modules/kafo_configure/lib/puppet/parser/functions/dump_values.rb
9 9
      [arg, found_value.nil? ? arg : found_value]
10 10
    end
11 11
    data = Hash[data]
12
    dump_dir = YAML.load_file(lookupvar('kafo_config_file'))[:default_values_dir]
13
    File.open("#{dump_dir}/default_values.yaml", 'w') { |file| file.write(YAML.dump(data)) }
12

  
13
    dump_dir = lookupvar('temp_dir')
14
    file_name = "#{dump_dir}/default_values.yaml"
15
    raise SecurityError, "#{file_name} already exist, can't dump data to it" if File.exist?(file_name)
16

  
17
    FileUtils.touch file_name
18
    File.chmod 0600, file_name
19
    File.open(file_name, 'w') { |file| file.write(YAML.dump(data)) }
14 20
  end
15 21
end