fix command injection vulnerabilities
(cherry picked from commit 3266b560d27c64446880497188f850364af00175)
This commit is contained in:
rabbitali
openeuler-sync-bot
parent
b6ad69fadf
commit
60eaf38f25
27
0011-fix-command-injection-vulnerabilities.patch
Normal file
27
0011-fix-command-injection-vulnerabilities.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 1b2b79f2f3027be1a6d9280b5c091f3a18c5be18 Mon Sep 17 00:00:00 2001
|
||||
From: root <root@localhost.localdomain>
|
||||
Date: Thu, 7 Mar 2024 09:19:00 +0800
|
||||
Subject: [PATCH 1/1] fix command injection vulnerabilities
|
||||
|
||||
---
|
||||
zeus/conf/constant.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/zeus/conf/constant.py b/zeus/conf/constant.py
|
||||
index 1370d6e..167d6c0 100644
|
||||
--- a/zeus/conf/constant.py
|
||||
+++ b/zeus/conf/constant.py
|
||||
@@ -22,8 +22,8 @@ from vulcanus.conf.constant import BASE_CONFIG_PATH
|
||||
MANAGER_CONFIG_PATH = os.path.join(BASE_CONFIG_PATH, 'zeus.ini')
|
||||
|
||||
# ceres
|
||||
-CERES_PLUGIN_START = "aops-ceres plugin --start %s"
|
||||
-CERES_PLUGIN_STOP = "aops-ceres plugin --stop %s"
|
||||
+CERES_PLUGIN_START = "aops-ceres plugin --start '%s'"
|
||||
+CERES_PLUGIN_STOP = "aops-ceres plugin --stop '%s'"
|
||||
CERES_COLLECT_ITEMS_CHANGE = "aops-ceres plugin --change-collect-items '%s'"
|
||||
CERES_PLUGIN_INFO = "aops-ceres plugin --info"
|
||||
CERES_APPLICATION_INFO = "aops-ceres collect --application"
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: aops-zeus
|
||||
Version: v1.4.0
|
||||
Release: 6
|
||||
Release: 7
|
||||
Summary: A host and user manager service which is the foundation of aops.
|
||||
License: MulanPSL2
|
||||
URL: https://gitee.com/openeuler/%{name}
|
||||
@ -15,6 +15,7 @@ Patch0007: 0007-update-verification-method-for-host-ip-field.patch
|
||||
Patch0008: 0008-check-host-status-when-query-host-detail.patch
|
||||
Patch0009: 0009-fix-error-log-when-query-host-status.patch
|
||||
Patch0010: 0010-update-the-exception-catching-type-of-the-function.patch
|
||||
Patch0011: 0011-fix-command-injection-vulnerabilities.patch
|
||||
|
||||
|
||||
BuildRequires: python3-setuptools
|
||||
@ -55,6 +56,9 @@ cp -r database %{buildroot}/opt/aops/
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Mar 07 2024 wenxin<wenxin32@foxmail.com> - v1.4.0-7
|
||||
- fix command injection vulnerabilities
|
||||
|
||||
* Wed Dec 27 2023 wenxin<wenxin32@foxmail.com> - v1.4.0-6
|
||||
- update the exception catching type of the function
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user