This is an automated email from the ASF dual-hosted git repository.
jialiang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 028e591870 Fix Ambari Spoofing Vulnerability,cherry pick from:
aa531afa81.
028e591870 is described below
commit 028e591870dd0f63b9bcce78cc50681ce42b9ffb
Author: jialiang <[email protected]>
AuthorDate: Tue Oct 29 09:28:53 2024 +0800
Fix Ambari Spoofing Vulnerability,cherry pick from: aa531afa81.
---
.../main/python/resource_management/core/shell.py | 22 +++++++++++++++-------
ambari-server/pom.xml | 5 +++++
.../controller/AmbariManagementControllerImpl.java | 3 ++-
.../internal/AlertTargetResourceProvider.java | 3 ++-
.../internal/RequestResourceProvider.java | 3 ++-
.../resources/custom_actions/scripts/check_host.py | 3 ++-
.../resources/ui/app/components/diffTooltip.js | 6 +++---
.../src/main/resources/ui/app/helpers/escapeAcl.js | 2 +-
8 files changed, 32 insertions(+), 15 deletions(-)
diff --git a/ambari-common/src/main/python/resource_management/core/shell.py
b/ambari-common/src/main/python/resource_management/core/shell.py
index d2a92bf5d2..045ce383cc 100644
--- a/ambari-common/src/main/python/resource_management/core/shell.py
+++ b/ambari-common/src/main/python/resource_management/core/shell.py
@@ -113,7 +113,7 @@ def call(command, quiet=False, logoutput=None,
stdout=subprocess.PIPE,stderr=sub
return _call_wrapper(command, logoutput=logoutput, throw_on_failure=False,
stdout=stdout, stderr=stderr,
cwd=cwd, env=env, preexec_fn=preexec_fn,
user=user, wait_for_finish=wait_for_finish,
on_timeout=on_timeout, timeout=timeout,
path=path, sudo=sudo, on_new_line=on_new_line,
- tries=tries, try_sleep=try_sleep,
timeout_kill_strategy=timeout_kill_strategy, returns=returns)
+ tries=tries, try_sleep=try_sleep,
timeout_kill_strategy=timeout_kill_strategy, shell=shell, returns=returns)
@log_function_call
def non_blocking_call(command, quiet=False, stdout=None, stderr=None,
@@ -167,7 +167,7 @@ def _call_wrapper(command, **kwargs):
def _call(command, logoutput=None, throw_on_failure=True,
stdout=subprocess.PIPE,stderr=subprocess.STDOUT,
cwd=None, env=None, preexec_fn=preexec_fn, user=None,
wait_for_finish=True, timeout=None, on_timeout=None,
- path=None, sudo=False, on_new_line=None, tries=1, try_sleep=0,
timeout_kill_strategy=TerminateStrategy.TERMINATE_PARENT, returns=[0]):
+ path=None, sudo=False, on_new_line=None, tries=1, try_sleep=0,
timeout_kill_strategy=TerminateStrategy.TERMINATE_PARENT, shell=True,
returns=[0]):
"""
Execute shell command
@@ -201,18 +201,26 @@ def _call(command, logoutput=None, throw_on_failure=True,
stdout=subprocess.PIPE
command = as_sudo(command, env=env)
elif user:
command = as_user(command, user, env=env)
-
- # convert to string and escape
- if isinstance(command, (list, tuple)):
- command = string_cmd_from_args_list(command)
-
+
+ if isinstance(command, str):
+ subprocess_command = [command]
+ elif shell:
+ # TODO: Remove this condition after reviewing 'shell' flag requirement
where shell.call() is being used.
+ subprocess_command = [string_cmd_from_args_list(command)]
+ else:
+ subprocess_command = command
+
# replace placeholder from as_sudo / as_user if present
env_str = _get_environment_str(env)
for placeholder, replacement in PLACEHOLDERS_TO_STR.items():
command = command.replace(placeholder, replacement.format(env_str=env_str))
+ subprocess_command = [cmd.replace(placeholder,
replacement.format(env_str=env_str)) for cmd in subprocess_command]
# --noprofile is used to preserve PATH set for ambari-agent
subprocess_command = ["/bin/bash","--login","--noprofile","-c", command]
+ if shell:
+ # --noprofile is used to preserve PATH set for ambari-agent
+ subprocess_command = ["/bin/bash","--login","--noprofile","-c"] +
subprocess_command
# don't create stdout and stderr pipes, because forked process will not be
able to use them if current process dies
# creating pipes may lead to the forked process silent crash
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index d6562606ac..039f8e3611 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1167,6 +1167,11 @@
<artifactId>commons-compress</artifactId>
<version>1.21</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ <version>1.10.0</version>
+ </dependency>
<dependency>
<groupId>uk.com.robust-it</groupId>
<artifactId>cloning</artifactId>
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 3f8d8d024f..59b078b641 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -255,6 +255,7 @@ import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
+import org.apache.commons.text.StringEscapeUtils;
import org.apache.http.HttpStatus;
import org.apache.http.client.utils.URIBuilder;
import org.slf4j.Logger;
@@ -4170,7 +4171,7 @@ public class AmbariManagementControllerImpl implements
AmbariManagementControlle
String requestContext = "";
if (requestProperties != null) {
- requestContext = requestProperties.get(RequestResourceProvider.CONTEXT);
+ requestContext =
StringEscapeUtils.escapeHtml4(requestProperties.get(RequestResourceProvider.CONTEXT));
if (requestContext == null) {
// guice needs a non-null value as there is no way to mark this
parameter @Nullable
requestContext = "";
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
index 3437645541..f009765aaf 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
@@ -53,6 +53,7 @@ import org.apache.ambari.server.state.AlertState;
import org.apache.ambari.server.state.alert.AlertGroup;
import org.apache.ambari.server.state.alert.AlertTarget;
import org.apache.commons.lang.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -275,7 +276,7 @@ public class AlertTargetResourceProvider extends
private void createAlertTargets(Set<Map<String, Object>> requestMaps,
Map<String, String> requestInfoProps)
throws AmbariException {
for (Map<String, Object> requestMap : requestMaps) {
- String name = (String) requestMap.get(ALERT_TARGET_NAME);
+ String name = StringEscapeUtils.escapeHtml4((String)
requestMap.get(ALERT_TARGET_NAME));
String description = (String) requestMap.get(ALERT_TARGET_DESCRIPTION);
String notificationType = (String)
requestMap.get(ALERT_TARGET_NOTIFICATION_TYPE);
Collection<String> alertStates = (Collection<String>)
requestMap.get(ALERT_TARGET_STATES);
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
index c57b150432..80e38e7835 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
@@ -75,6 +75,7 @@ import org.apache.ambari.server.topology.LogicalRequest;
import org.apache.ambari.server.topology.TopologyManager;
import org.apache.ambari.server.utils.SecretReference;
import org.apache.commons.lang.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -429,7 +430,7 @@ public class RequestResourceProvider extends
AbstractControllerResourceProvider
// in this case it will be mapped to HTTP 400 Bad Request
requestStatus = HostRoleStatus.valueOf(requestStatusStr);
}
- String abortReason = (String)
propertyMap.get(REQUEST_ABORT_REASON_PROPERTY_ID);
+ String abortReason = StringEscapeUtils.escapeHtml4((String)
propertyMap.get(REQUEST_ABORT_REASON_PROPERTY_ID));
String removePendingHostRequests = (String)
propertyMap.get(REQUEST_REMOVE_PENDING_HOST_REQUESTS_ID);
RequestRequest requestRequest = new RequestRequest(clusterNameStr,
requestId);
diff --git
a/ambari-server/src/main/resources/custom_actions/scripts/check_host.py
b/ambari-server/src/main/resources/custom_actions/scripts/check_host.py
index 6df423ac95..3e0871727c 100644
--- a/ambari-server/src/main/resources/custom_actions/scripts/check_host.py
+++ b/ambari-server/src/main/resources/custom_actions/scripts/check_host.py
@@ -39,6 +39,7 @@ from resource_management.core.exceptions import Fail
from ambari_commons.constants import AMBARI_SUDO_BINARY
from resource_management.core import shell
from resource_management.core.logger import Logger
+from shlex import split
# WARNING. If you are adding a new host check that is used by cleanup, add it
to BEFORE_CLEANUP_HOST_CHECKS
@@ -453,7 +454,7 @@ class CheckHost(Script):
db_connection_check_command = "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:{0}{1}
{2}".format(agent_cache_dir,
LIBS_PATH_IN_ARCHIVE_SQLA, db_connection_check_command)
- code, out = shell.call(db_connection_check_command)
+ code, out = shell.call(split(db_connection_check_command, comments=True),
shell=False)
if code == 0:
db_connection_check_structured_output = {"exit_code" : 0, "message": "DB
connection check completed successfully!" }
diff --git
a/contrib/views/capacity-scheduler/src/main/resources/ui/app/components/diffTooltip.js
b/contrib/views/capacity-scheduler/src/main/resources/ui/app/components/diffTooltip.js
index 1f26c2b389..7655d60df8 100644
---
a/contrib/views/capacity-scheduler/src/main/resources/ui/app/components/diffTooltip.js
+++
b/contrib/views/capacity-scheduler/src/main/resources/ui/app/components/diffTooltip.js
@@ -52,8 +52,8 @@ App.DiffTooltipComponent = Em.Component.extend({
caption += fmtString.fmt(
[prefix,item].compact().join('.'),
- (oldV != null && '\'%@\''.fmt(oldV)) || emptyValue,
- (newV != null && '\'%@\''.fmt(newV)) || emptyValue
+ Handlebars.Utils.escapeExpression((oldV != null &&
'\'%@\''.fmt(oldV))) || emptyValue,
+ Handlebars.Utils.escapeExpression((newV != null &&
'\'%@\''.fmt(newV))) || emptyValue
);
},
initialLabels,
@@ -79,7 +79,7 @@ App.DiffTooltipComponent = Em.Component.extend({
oldV = ((isAllChanged && changes._accessAllLabels.objectAt(0)) ||
(queue.get('accessAllLabels') &&
!isAllChanged))?'*':initialLabels.map(idsToNames).join(',') || emptyValue;
newV = ((isAllChanged && changes._accessAllLabels.objectAt(1)) ||
(queue.get('accessAllLabels') &&
!isAllChanged))?'*':currentLabels.map(idsToNames).join(',') || emptyValue;
- caption += fmtString.fmt('accessible-node-labels', oldV, newV);
+ caption += fmtString.fmt('accessible-node-labels',
Handlebars.Utils.escapeExpression(oldV),
Handlebars.Utils.escapeExpression(newV));
}
queue.get('labels').forEach(function (label) {
diff --git
a/contrib/views/capacity-scheduler/src/main/resources/ui/app/helpers/escapeAcl.js
b/contrib/views/capacity-scheduler/src/main/resources/ui/app/helpers/escapeAcl.js
index 125b037357..b8af22c0fa 100644
---
a/contrib/views/capacity-scheduler/src/main/resources/ui/app/helpers/escapeAcl.js
+++
b/contrib/views/capacity-scheduler/src/main/resources/ui/app/helpers/escapeAcl.js
@@ -20,7 +20,7 @@
Ember.Handlebars.helper('escapeACL', function(value) {
var output = '';
- value = value || '';
+ value = Handlebars.Utils.escapeExpression(value || '');
if (value.trim() == '') {
output = '<span class="label label-danger"> <i class="fa fa-ban
fa-fw"></i> Nobody </span> ';
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
