packages/aops-zeus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!112 [sync] PR-105: fix command injection vulnerabilities

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
This commit is contained in:
openeuler-ci-bot 2024-03-13 02:16:19 +00:00 committed by Gitee
commit 9a8b43fa49
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0011-fix-command-injection-vulnerabilities.patch Normal file
View File

@ -0,0 +1,27 @@
From 1b2b79f2f3027be1a6d9280b5c091f3a18c5be18 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Thu, 7 Mar 2024 09:19:00 +0800
Subject: [PATCH 1/1] fix command injection vulnerabilities
---
zeus/conf/constant.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/zeus/conf/constant.py b/zeus/conf/constant.py
index 1370d6e..167d6c0 100644
--- a/zeus/conf/constant.py
+++ b/zeus/conf/constant.py
@@ -22,8 +22,8 @@ from vulcanus.conf.constant import BASE_CONFIG_PATH
MANAGER_CONFIG_PATH = os.path.join(BASE_CONFIG_PATH, 'zeus.ini')
# ceres
-CERES_PLUGIN_START = "aops-ceres plugin --start %s"
-CERES_PLUGIN_STOP = "aops-ceres plugin --stop %s"
+CERES_PLUGIN_START = "aops-ceres plugin --start '%s'"
+CERES_PLUGIN_STOP = "aops-ceres plugin --stop '%s'"
CERES_COLLECT_ITEMS_CHANGE = "aops-ceres plugin --change-collect-items '%s'"
CERES_PLUGIN_INFO = "aops-ceres plugin --info"
CERES_APPLICATION_INFO = "aops-ceres collect --application"
--
2.33.0

6
aops-zeus.spec
View File

@ -1,6 +1,6 @@
Name: aops-zeus Name: aops-zeus
Version: v1.4.0 Version: v1.4.0
Release: 6 Release: 7
Summary: A host and user manager service which is the foundation of aops. Summary: A host and user manager service which is the foundation of aops.
License: MulanPSL2 License: MulanPSL2
URL: https://gitee.com/openeuler/%{name} URL: https://gitee.com/openeuler/%{name}
@ -15,6 +15,7 @@ Patch0007: 0007-update-verification-method-for-host-ip-field.patch
Patch0008: 0008-check-host-status-when-query-host-detail.patch Patch0008: 0008-check-host-status-when-query-host-detail.patch
Patch0009: 0009-fix-error-log-when-query-host-status.patch Patch0009: 0009-fix-error-log-when-query-host-status.patch
Patch0010: 0010-update-the-exception-catching-type-of-the-function.patch Patch0010: 0010-update-the-exception-catching-type-of-the-function.patch
Patch0011: 0011-fix-command-injection-vulnerabilities.patch
BuildRequires: python3-setuptools BuildRequires: python3-setuptools
@ -55,6 +56,9 @@ cp -r database %{buildroot}/opt/aops/
%changelog %changelog
* Thu Mar 07 2024 wenxin<wenxin32@foxmail.com> - v1.4.0-7
- fix command injection vulnerabilities
* Wed Dec 27 2023 wenxin<wenxin32@foxmail.com> - v1.4.0-6 * Wed Dec 27 2023 wenxin<wenxin32@foxmail.com> - v1.4.0-6
- update the exception catching type of the function - update the exception catching type of the function