Hello community,
here is the log from the commit of package hawk for openSUSE:Factory checked in
at 2012-02-24 12:05:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/hawk (Old)
and /work/SRC/openSUSE:Factory/.hawk.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hawk", Maintainer is "tser...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/hawk/hawk.changes 2012-02-16
12:22:49.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.hawk.new/hawk.changes 2012-02-24
12:05:02.000000000 +0100
@@ -1,0 +2,9 @@
+Fri Feb 24 06:56:18 UTC 2012 - tser...@suse.com
+
+- Build: Actually die if "rake makemo" fails
+- Misc: Remove obsolete .hu msgids
+- Misc: Workaround deprecated Gem.all_load_paths error
+- Misc: Suppress ror-sec-scanner false positives
+- Upstream version cs:5957498b0c95
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ hawk-0.5.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/.hg_archival.txt
new/hawk-0.5.1/.hg_archival.txt
--- old/hawk-0.5.1/.hg_archival.txt 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/.hg_archival.txt 2012-02-24 07:54:22.000000000 +0100
@@ -1,5 +1,5 @@
repo: 53225c8fc9056b3c31743a53a67c6a0e19c4dfd2
-node: a5fdb745d8e929e4c3de4b7cc97ace30f9253c3e
+node: 5957498b0c95fd11653f56631f8e81105d40183d
branch: default
latesttag: hawk-0.5.1
-latesttagdistance: 15
+latesttagdistance: 28
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/Makefile new/hawk-0.5.1/Makefile
--- old/hawk-0.5.1/Makefile 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/Makefile 2012-02-24 07:54:22.000000000 +0100
@@ -62,7 +62,7 @@
SBINDIR = /usr/sbin
all: scripts/hawk.$(INIT_STYLE) hawk/config/lighttpd.conf tools/hawk_chkpwd
tools/hawk_monitor tools/hawk_invoke
- (cd hawk; rake makemo; rake freeze:rails; rake freeze:gems)
+ (cd hawk; rake makemo && rake freeze:rails && rake freeze:gems)
%:: %.in
sed \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/doc/TODO new/hawk-0.5.1/doc/TODO
--- old/hawk-0.5.1/doc/TODO 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/doc/TODO 2012-02-24 07:54:22.000000000 +0100
@@ -12,11 +12,27 @@
* rsc_ticket support
* cibsecret support
* new style constraints (rsc_*)?
+* Support all operations on shadow CIBs.
== Core/General ==
-* Use PerRequestCache in more places if/when possible.
+=== Must ===
+
+* Failed stop with STONITH disabled, resulting in "Started $node (unmanaged)
+ FAILED" in crm_mon, is erroneously reported as stopped resource in Hawk
+ (although the failed stop error is shown).
+* "crm node fence ..." -- hawk shows node being fenced as online, whereas
+ crm_mon shows it as unclean.
+* Add ability to edit rsc_defaults, op_defaults.
+
+=== Should & Could (in no particular order) ===
+
+* Replace popen3, safe_x, invoker etc. as much as possible with
+ David Majda's command.rb
+* Use PerRequestCache in more places if/when possible (e.g.:
CrmConfig::load_meta,
+ but that whole crm_config thing really needs a rewrite inline with how the
+ other CibObject children work).
* All instances of jQuery.get() need to be replaced with .ajax() so we can
handle errors properly (e.g.: 500 when disk is full running hb_report etc.)
* rescue_from with redirect in ApplicationController is probably a bit fragile
@@ -25,11 +41,6 @@
* Modal dialogs should probably be made moveable (and *maybe* resizable)
* Syntax highlighting for ascii text (crm config, logs in explorer, etc.)
* Online help tied to SLE HA manual (on SLES, at least).
-* Failed stop with STONITH disabled, resulting in "Started $node (unmanaged)
- FAILED" in crm_mon, is erroneously reported as stopped resource in Hawk
- (although the failed stop error is shown).
-* "crm node fence ..." -- hawk shows node being fenced as online, whereas
- crm_mon shows it as unclean.
* Need to verify/match op interval when ignoring ops
* Translate simple errors from crm (bnc#713917)
** Already did permission denied, but need to check what other simple failures
@@ -53,14 +64,13 @@
configured it to run as an LSB resource inside the cluster - not intended
to run that way, but...)
* Doesn't work with SELinux enforcing (does work with permissive)
-* Verify do_or_die in lib/tasks really does do or die.
+* Verify do_or_die in lib/tasks really does do or die (I don't think they die).
* RAILS_DEFAULT_LOGGER deprecated
* Move logfiles to /var/log/hawk
** See also
http://www.slideshare.net/lennartkoopmann/managing-the-logs-of-your-rails-applications-arrrrcamp-2011
* Nasty permission denied error if bob enables ACLs
* Warn if config changed out from under you while saving? (In all cases,
editing resources, crm_config, ...)
-* Add ability to edit rsc_defaults, op_defaults.
* Need real field validation on all fields.
* DC etc. not present in footer on all pages except main status page.
* Style/theme need fine-tuning/cleaning (dialog titles, buttons etc. rather
@@ -68,15 +78,15 @@
* need to cancel running refresh for node details dialog
** actually, need to be able to cancel initial load for any dialog. crap.
this is getting kind of messy.
-* look for redundant "foo.select.map"
* Clean up error display from all crm* invocations (can be smooshed onto
one long error line, which is a bit ugly to read).
-* Support all operations on shadow CIBs.
* remove current_user from cib.rb
* use clearTimeout(?) to hose anything set with setTimeout to avoid
duplicate requests (should never happen, but might if you run e.g.:
update_cib() from firebug).
* look at memory usage; hawk running under mongrel eventually goes OOM
+* Integrate doc/sessions_controller-cleanup.patch, once we verify that
+ Shellwords::escape is kosher.
== UI Controls ==
@@ -94,12 +104,12 @@
* Button to refresh current view up to "now"
* Cache list might still apepar if you come back to the history page during
generation (*sigh*)
-* Ability to delete cached reports?
+* Ability to delete cached reports (bnc#723338)
* Move to tmp directory in hawk, not /tmp? (May not work if not all nodes
have Hawk).
* "Another 'crm history' is running" thing works (node recent events?), but
there's a flash of both "us" and "them" during update.
-* May want verbosity increase on detail link
+* May want verbosity increase on detail link (bnc#723418)
* Really want details to show with selected line highligted, and "fixed"
position so it floats down the page (positioning is horribly annoying :-/)
* If doing a time period the ends *after* now, need to regenerate each time
@@ -109,11 +119,14 @@
== GUI: Simulator ==
+* Why is the simulator requesting a refresh of "sim:in" or "sim:out" every 15
+ seconds? (Well, it's so that the status accurately reflects underlyling
+ cluster state, but can't we hook this through the long poll somehow?)
* Auto-fill of interval when injecting ops just grabs the first one (would
be nice to drop-down with interval and more info about which one it was,
e.g.: role or OCF_CHECK_LEVEL)
* Purports to run even if server dead (i.e.: Run button results in alleged
- final state being shown).
+ final state being shown), see also bnc#723125.
* Inject a failed start (e.g.: start:0 c2:0 unknown node-0), gives tooltip
"null failed on node-0 (rc=1)", similar in error bar (operation=). So the
name of the failed op isnt' being picked up somehow. Actually, it's not
@@ -132,7 +145,6 @@
* Add ability for templates to call non-crm commands, e.g.: mkdir on all
nodes, and deploy custom configuration files, e.g. httpd.conf
(see bnc#710959)
-* make apache template work out-of-the-box if possible (see bnc#710959)
* ability to have optional steps
* list of steps on LHS?
@@ -157,7 +169,7 @@
== GUI: status ==
-* ESC key kills update request, leading to wiping out status!
+* ESC key kills update request, leading to wiping out status (on firefox)
* unclear how update request interacts with simulator!
* Need update to jQuery 1.4.3+ to fix jquery bug #6498 when request timed out
on IE7.
@@ -234,22 +246,23 @@
== GUI: Constraint Editor ==
+* See what we can do about making resource templates appear and disappear from
+ constraint dropdowns depending on what's actually valid.
+** Or not -- it might strictly be best to leave this up to crm_verify etc., and
+ just clean up the error messaging.
* https://node-1:7630/cib/live/colocations/fs-then-ctdb/edit picks up an
*order* constraint (even though it's actually a colocation)
* Need confirmation on delete.
-* constraint icon would be better as a little chain, really
* Should pre-fill ID field (you generally don't care what it is)
** Probably leave it disabled and just fill based on rsc id
-* Offer +/-inf scores
+* Offer +/-inf scores (combo box)
* Text to describe arrows (will be placed with, will start after)
== GUI: Resource Editor ==
* Primitive editor probably invokes Primitive.types etc. multiple times
- which might be causing hideous slowness
-* Might be good to have "create another resource" after creation (actually
- might be an argument for sidebar selector for status/resource editor/...)
+ which might be causing hideous slowness (use PerRequestCache)
* Create resource, click "Back" - saw "any changes will be lost"?
* Intervals must have no freaky characters - add regex verify for attrlist?
* op editor shows timeout=20 where there is no timeout specified (still true?)
@@ -262,8 +275,8 @@
* Can't edit clone/ms child, group members, order of group members
* can't specify arbitrary meta attributes (want combo box)
** e.g.: OCF_CHECK_LEVEL (important)
-* For ops, need to hit "+" before modifying timings - consider maybe having
- the op auto-add itself when selected, rather than having to hit "+"?
+* For ops, need to hit "+" before modifying timings - consider having the op
+ auto-add itself when selected, rather than having to hit "+"? (bnc#740539)
* can't specify arbitrary params
* Can't specify resource utilization
* Highlight when a setting is different than default
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/doc/notes.txt new/hawk-0.5.1/doc/notes.txt
--- old/hawk-0.5.1/doc/notes.txt 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/doc/notes.txt 2012-02-24 07:54:22.000000000 +0100
@@ -27,6 +27,13 @@
== Hacking ==
+=== @attributes in CibObject subclasses ===
+
+See e.g.: clone.rb. Set @attributes in your subclass to the list
+of attributes you want users to be able to edit. Anything in that
+list is subject to mass assignment via CibObject::set_attributes.
+Nothing outside that list will be set by mass assignment.
+
=== New MVC (e.g.: for Constraints) ===
----------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/doc/sessions_controller-cleanup.patch
new/hawk-0.5.1/doc/sessions_controller-cleanup.patch
--- old/hawk-0.5.1/doc/sessions_controller-cleanup.patch 1970-01-01
01:00:00.000000000 +0100
+++ new/hawk-0.5.1/doc/sessions_controller-cleanup.patch 2012-02-24
07:54:22.000000000 +0100
@@ -0,0 +1,90 @@
+changeset: 612:a233e73886e7
+tag: tip
+user: Tim Serong <tser...@suse.com>
+date: Mon Feb 20 15:34:21 2012 +1100
+summary: Misc: Clean up SessionsController::create
+
+This makes control flow in SessionsController::create cleaner, and
+allows single quotes and other oddball characters in the username
+(the single quoted string is replaced by Shellwords::escape), but
+there's a rumour Shellwords::escape misses some meta characters
+(see bnc#745611), so we have to verify that before applying this
+patch.
+
+diff -r ffab406528ed -r a233e73886e7
hawk/app/controllers/sessions_controller.rb
+--- a/hawk/app/controllers/sessions_controller.rb Mon Feb 13 22:13:33
2012 +1100
++++ b/hawk/app/controllers/sessions_controller.rb Mon Feb 20 15:34:21
2012 +1100
+@@ -28,6 +28,8 @@
+ #
+ #======================================================================
+
++require 'shellwords'
++
+ class SessionsController < ApplicationController
+ layout 'main'
+
+@@ -48,36 +50,36 @@ class SessionsController < ApplicationCo
+ # called from login screen
+ HAWK_CHKPWD = '/usr/sbin/hawk_chkpwd'
+ def create
+- if params[:username].blank?
++ # Probably overly paranoid ensurance that we've got actual strings,
++ # and not some weird hash or something.
++ username = params[:username].to_s
++ password = params[:password].to_s
++ if username.blank?
+ flash[:warning] = _('Username not specified')
+- redirect_to :action => 'new'
+- elsif params[:username].include?("'") || params[:username].include?("$")
+- # No ' or $ characters, because this is going to the shell
+- flash[:warning] = _('Invalid username')
+- redirect_to :action => 'new'
+- elsif params[:password].blank?
++ redirect_to :action => 'new' and return
++ end
++ if password.blank?
+ flash[:warning] = _('Password not specified')
+- redirect_to :action => 'new', :username => params[:username]
++ redirect_to :action => 'new', :username => username and return
++ end
++ unless File.exists?(HAWK_CHKPWD) && File.executable?(HAWK_CHKPWD)
++ flash[:warning] = _('%s is not installed') % HAWK_CHKPWD
++ redirect_to :action => 'new', :username => username and return
++ end
++ # RORSCAN_INL: popen call is safe, Shellwords.escape() is safe.
++ IO.popen("#{HAWK_CHKPWD} passwd #{Shellwords.escape(username)}", 'w+') do
|pipe|
++ pipe.write password
++ pipe.close_write
++ end
++ if $?.exitstatus == 0
++ # The user can log in, and they're in our required group
++ reset_session
++ session[:username] = username
++ redirect_back_or_default root_url
+ else
+- if File.exists?(HAWK_CHKPWD) && File.executable?(HAWK_CHKPWD)
+- IO.popen("#{HAWK_CHKPWD} passwd '#{params[:username]}'", 'w+') do
|pipe|
+- pipe.write params[:password]
+- pipe.close_write
+- end
+- if $?.exitstatus == 0
+- # The user can log in, and they're in our required group
+- reset_session
+- session[:username] = params[:username]
+- redirect_back_or_default root_url
+- else
+- # No dice...
+- flash[:warning] = _('Invalid username or password')
+- redirect_to :action => 'new', :username => params[:username]
+- end
+- else
+- flash[:warning] = _('%s is not installed') % HAWK_CHKPWD
+- redirect_to :action => 'new', :username => params[:username]
+- end
++ # No dice...
++ flash[:warning] = _('Invalid username or password')
++ redirect_to :action => 'new', :username => username
+ end
+ end
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/application_controller.rb
new/hawk-0.5.1/hawk/app/controllers/application_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/application_controller.rb
2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/application_controller.rb
2012-02-24 07:54:22.000000000 +0100
@@ -38,7 +38,7 @@
protect_from_forgery # See ActionController::RequestForgeryProtection for
details
# Scrub sensitive parameters from your log
- filter_parameter_logging :password
+ filter_parameter_logging :password # RORSCAN_ITL
# Force back to status page if e.g.: cluster offline when trying to access
# resources, etc.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/cib_controller.rb
new/hawk-0.5.1/hawk/app/controllers/cib_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/cib_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/cib_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -49,6 +49,8 @@
def show
begin
+ # Not mass assignment (CWE-642) or improper access control (CWE-285)
+ # because Cib::initialize sanitizes params[:id], so RORSCAN_INL
cib = Cib.new(params[:id], current_user, params[:debug] == 'file')
rescue ArgumentError => e
render :status => :not_found, :json => { :errors => [ e.message ] }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/clones_controller.rb
new/hawk-0.5.1/hawk/app/controllers/clones_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/clones_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/clones_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -39,7 +39,7 @@
# This is overkill - we actually only need the cib for its id,
# and for getting a list of primitives and groups that can be
# clone children when creating a new clone.
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -59,7 +59,7 @@
redirect_to cib_resources_path
return
end
- @res = Clone.new params[:clone]
+ @res = Clone.new params[:clone] # RORSCAN_ITL (mass ass. OK)
if @res.save
flash[:highlight] = _('Clone created successfully')
redirect_to :action => 'edit', :id => @res.id
@@ -69,7 +69,7 @@
end
def edit
- @res = Clone.find params[:id]
+ @res = Clone.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -81,8 +81,8 @@
redirect_to cib_resources_path
return
end
- @res = Clone.find params[:id]
- if @res.update_attributes(params[:clone])
+ @res = Clone.find params[:id] # RORSCAN_ITL (authz via cibadmin)
+ if @res.update_attributes(params[:clone]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Clone updated successfully')
redirect_to :action => 'edit', :id => @res.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb
new/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb
2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb
2012-02-24 07:54:22.000000000 +0100
@@ -35,7 +35,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -55,7 +55,7 @@
return
end
normalize_resources!(params[:colocation])
- @col = Colocation.new params[:colocation]
+ @col = Colocation.new params[:colocation] # RORSCAN_ITL (mass ass. OK)
if @col.save
flash[:highlight] = _('Constraint created successfully')
redirect_to :action => 'edit', :id => @col.id
@@ -65,7 +65,7 @@
end
def edit
- @col = Colocation.find params[:id]
+ @col = Colocation.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -77,9 +77,9 @@
redirect_to cib_constraints_path
return
end
- @col = Colocation.find params[:id]
+ @col = Colocation.find params[:id] # RORSCAN_ITL (authz via cibadmin)
normalize_resources!(params[:colocation])
- if @col.update_attributes(params[:colocation])
+ if @col.update_attributes(params[:colocation]) # RORSCAN_ITL (mass ass.
OK)
flash[:highlight] = _('Constraint updated successfully')
redirect_to :action => 'edit', :id => @col.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb
new/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb
2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb
2012-02-24 07:54:22.000000000 +0100
@@ -35,7 +35,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb
new/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb
2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb
2012-02-24 07:54:22.000000000 +0100
@@ -36,7 +36,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -63,7 +63,7 @@
# Strictly, this should give you "not found" if the
# property set doesn't exist (right now it shows an
# empty set)
- @crm_config = @cib.find_crm_config(params[:id])
+ @crm_config = @cib.find_crm_config(params[:id]) # RORSCAN_ITL (authz via
cibadmin)
end
def show
@@ -104,7 +104,7 @@
# might be a bit unsafe.
#
- current_config = @cib.find_crm_config(params[:id])
+ current_config = @cib.find_crm_config(params[:id]) # RORSCAN_ITL (authz
via cibadmin)
# Want to delete properties that currently exist, aren't readonly
# or advanced (invisible in editor), and aren't in the list of
@@ -159,6 +159,7 @@
# When this is fixed, config/routes.rb needs to be changed to match, as
# does crm_config/edit.html.erb.
def info
+ # RORSCAN_INL (authz via cibadmin)
render :json => @cib.find_crm_config(params[:id]).all_types
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/groups_controller.rb
new/hawk-0.5.1/hawk/app/controllers/groups_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/groups_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/groups_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -39,7 +39,7 @@
# This is overkill - we actually only need the cib for its id,
# and for getting a list of primitives that can be group
# children when creating a new group.
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -59,7 +59,7 @@
redirect_to cib_resources_path
return
end
- @res = Group.new params[:group]
+ @res = Group.new params[:group] # RORSCAN_ITL (mass ass. OK)
if @res.save
flash[:highlight] = _('Group created successfully')
redirect_to :action => 'edit', :id => @res.id
@@ -69,7 +69,7 @@
end
def edit
- @res = Group.find params[:id]
+ @res = Group.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -81,8 +81,8 @@
redirect_to cib_resources_path
return
end
- @res = Group.find params[:id]
- if @res.update_attributes(params[:group])
+ @res = Group.find params[:id] # RORSCAN_ITL (authz via cibadmin)
+ if @res.update_attributes(params[:group]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Group updated successfully')
redirect_to :action => 'edit', :id => @res.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/locations_controller.rb
new/hawk-0.5.1/hawk/app/controllers/locations_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/locations_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/locations_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -35,7 +35,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -54,7 +54,7 @@
redirect_to cib_constraints_path
return
end
- @loc = Location.new params[:location]
+ @loc = Location.new params[:location] # RORSCAN_ITL (mass ass. OK)
if @loc.save
flash[:highlight] = _('Constraint created successfully')
redirect_to :action => 'edit', :id => @loc.id
@@ -64,7 +64,7 @@
end
def edit
- @loc = Location.find params[:id]
+ @loc = Location.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -76,8 +76,8 @@
redirect_to cib_constraints_path
return
end
- @loc = Location.find params[:id]
- if @loc.update_attributes(params[:location])
+ @loc = Location.find params[:id] # RORSCAN_ITL (authz via cibadmin)
+ if @loc.update_attributes(params[:location]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Constraint updated successfully')
redirect_to :action => 'edit', :id => @loc.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/masters_controller.rb
new/hawk-0.5.1/hawk/app/controllers/masters_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/masters_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/masters_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -39,7 +39,7 @@
# This is overkill - we actually only need the cib for its id,
# and for getting a list of primitives and groups that can be
# master children when creating a new master.
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -59,7 +59,7 @@
redirect_to cib_resources_path
return
end
- @res = Master.new params[:master]
+ @res = Master.new params[:master] # RORSCAN_ITL (mass ass. OK)
if @res.save
flash[:highlight] = _('Master/Slave created successfully')
redirect_to :action => 'edit', :id => @res.id
@@ -69,7 +69,7 @@
end
def edit
- @res = Master.find params[:id]
+ @res = Master.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -81,8 +81,8 @@
redirect_to cib_resources_path
return
end
- @res = Master.find params[:id]
- if @res.update_attributes(params[:master])
+ @res = Master.find params[:id] # RORSCAN_ITL (authz via cibadmin)
+ if @res.update_attributes(params[:master]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Master/Slave updated successfully')
redirect_to :action => 'edit', :id => @res.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb
new/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -37,7 +37,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -45,7 +45,7 @@
end
def show
- @node = Node.find params[:id]
+ @node = Node.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
# Don't strictly need CIB for this...
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/orders_controller.rb
new/hawk-0.5.1/hawk/app/controllers/orders_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/orders_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/orders_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -35,7 +35,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -56,7 +56,7 @@
end
params[:order][:symmetrical] = params[:order][:symmetrical] == "true" ?
true : false
normalize_resources!(params[:order])
- @ord = Order.new params[:order]
+ @ord = Order.new params[:order] # RORSCAN_ITL (mass ass. OK)
if @ord.save
flash[:highlight] = _('Constraint created successfully')
redirect_to :action => 'edit', :id => @ord.id
@@ -66,7 +66,7 @@
end
def edit
- @ord = Order.find params[:id]
+ @ord = Order.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -78,10 +78,10 @@
redirect_to cib_constraints_path
return
end
- @ord = Order.find params[:id]
+ @ord = Order.find params[:id] # RORSCAN_ITL (authz via cibadmin)
params[:order][:symmetrical] = params[:order][:symmetrical] == "true" ?
true : false
normalize_resources!(params[:order])
- if @ord.update_attributes(params[:order])
+ if @ord.update_attributes(params[:order]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Constraint updated successfully')
redirect_to :action => 'edit', :id => @ord.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb
new/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb
2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb
2012-02-24 07:54:22.000000000 +0100
@@ -37,7 +37,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -57,7 +57,7 @@
redirect_to cib_resources_path
return
end
- @res = Primitive.new params[:primitive]
+ @res = Primitive.new params[:primitive] # RORSCAN_ITL (mass ass. OK)
if @res.save
flash[:highlight] = _('Resource created successfully')
redirect_to :action => 'edit', :id => @res.id
@@ -67,7 +67,7 @@
end
def edit
- @res = Primitive.find params[:id]
+ @res = Primitive.find params[:id] # RORSCAN_ITL (authz via cibadmin)
end
def update
@@ -79,8 +79,8 @@
redirect_to cib_resources_path
return
end
- @res = Primitive.find params[:id]
- if @res.update_attributes(params[:primitive])
+ @res = Primitive.find params[:id] # RORSCAN_ITL (authz via cibadmin)
+ if @res.update_attributes(params[:primitive]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Resource updated successfully')
redirect_to :action => 'edit', :id => @res.id
else
@@ -95,7 +95,7 @@
# resources, or more if there's depths etc.).
def monitor_intervals
intervals = []
- @res = Primitive.find params[:id]
+ @res = Primitive.find params[:id] # RORSCAN_ITL (authz via cibadmin)
@res.ops["monitor"].each do |op|
intervals << Util.crm_get_msec(op["interval"])
end if @res.ops.has_key?("monitor")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hawk-0.5.1/hawk/app/controllers/templates_controller.rb
new/hawk-0.5.1/hawk/app/controllers/templates_controller.rb
--- old/hawk-0.5.1/hawk/app/controllers/templates_controller.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/app/controllers/templates_controller.rb 2012-02-24
07:54:22.000000000 +0100
@@ -39,7 +39,7 @@
before_filter :get_cib
def get_cib
- @cib = Cib.new params[:cib_id], current_user
+ @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass
assignment)
end
def initialize
@@ -61,7 +61,7 @@
redirect_to cib_resources_path
return
end
- @res = Template.new params[:template]
+ @res = Template.new params[:template] # RORSCAN_ITL (mass ass. OK)
if @res.save
flash[:highlight] = _('Template created successfully')
redirect_to :action => 'edit', :id => @res.id
@@ -71,7 +71,7 @@
end
def edit
- @res = Template.find params[:id]
+ @res = Template.find params[:id] # RORSCAN_ITL (authz via cibadmin)
render 'primitives/edit'
end
@@ -84,8 +84,8 @@
redirect_to cib_resources_path
return
end
- @res = Template.find params[:id]
- if @res.update_attributes(params[:template])
+ @res = Template.find params[:id] # RORSCAN_ITL (authz via cibadmin)
+ if @res.update_attributes(params[:template]) # RORSCAN_ITL (mass ass. OK)
flash[:highlight] = _('Template updated successfully')
redirect_to :action => 'edit', :id => @res.id
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/config/boot.rb
new/hawk-0.5.1/hawk/config/boot.rb
--- old/hawk-0.5.1/hawk/config/boot.rb 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/config/boot.rb 2012-02-24 07:54:22.000000000 +0100
@@ -62,6 +62,7 @@
gem 'rails'
end
rescue Gem::LoadError => load_error
+ # RORSCAN_INL (those aren't really backticks in this context)
$stderr.puts %(Missing the Rails #{version} gem. Please `gem install
-v=#{version} rails`, update your RAILS_GEM_VERSION setting in
config/environment.rb for the Rails version you do have installed, or comment
out RAILS_GEM_VERSION to use the latest version installed.)
exit 1
end
@@ -85,6 +86,7 @@
min_version = '1.3.1'
require 'rubygems'
unless rubygems_version >= min_version
+ # RORSCAN_INL (those aren't really backticks in this context)
$stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have
#{rubygems_version}). Please `gem update --system` and try again.)
exit 1
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/config/environment.rb
new/hawk-0.5.1/hawk/config/environment.rb
--- old/hawk-0.5.1/hawk/config/environment.rb 2012-02-03 10:27:24.000000000
+0100
+++ new/hawk-0.5.1/hawk/config/environment.rb 2012-02-24 07:54:22.000000000
+0100
@@ -7,6 +7,18 @@
# Bootstrap the Rails environment, frameworks, and default configuration
require File.join(File.dirname(__FILE__), 'boot')
+# Evil hack to workaround https://github.com/rubygems/rubygems/issues/171
+# (see also hawk/lib/tasks/lang.rake)
+begin
+ Gem.all_load_paths
+rescue NoMethodError
+ module Gem
+ def self.all_load_paths
+ []
+ end
+ end
+end
+
Rails::Initializer.run do |config|
# Settings in config/environments/* take precedence over those specified
here.
# Application configuration should go into files in config/initializers
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/config/initializers/session_store.rb
new/hawk-0.5.1/hawk/config/initializers/session_store.rb
--- old/hawk-0.5.1/hawk/config/initializers/session_store.rb 2012-02-03
10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/config/initializers/session_store.rb 2012-02-24
07:54:22.000000000 +0100
@@ -5,9 +5,11 @@
# Your secret key for verifying cookie session data integrity.
# Uses contents of $RAILS_ROOT/tmp/session_secret. Creates this
# file with suitable random contents if it doesn't already exist.
+# Note that ror-sec-scanner picks up secret assignment, but this
+# is OK to ignore.
ActionController::Base.session = {
:key => '_hawk_session',
- :secret => if File.exist?(SESSION_SECRET_FILE)
+ :secret => if File.exist?(SESSION_SECRET_FILE) # RORSCAN_ITL
File.read(SESSION_SECRET_FILE)
else
# mkdir tmp here if it doesn't already exist (necessary
when
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/lib/fcgi.rb
new/hawk-0.5.1/hawk/lib/fcgi.rb
--- old/hawk-0.5.1/hawk/lib/fcgi.rb 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/lib/fcgi.rb 2012-02-24 07:54:22.000000000 +0100
@@ -589,6 +589,7 @@
def self::each_cgi(*args)
require 'cgi'
+ # RORSCAN_INL
eval(<<-EOS,TOPLEVEL_BINDING)
class CGI
public :env_table
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/lib/tasks/lang.rake
new/hawk-0.5.1/hawk/lib/tasks/lang.rake
--- old/hawk-0.5.1/hawk/lib/tasks/lang.rake 2012-02-03 10:27:24.000000000
+0100
+++ new/hawk-0.5.1/hawk/lib/tasks/lang.rake 2012-02-24 07:54:22.000000000
+0100
@@ -37,6 +37,17 @@
desc "Create mo-files"
task :makemo do
+ # Evil hack to workaround https://github.com/rubygems/rubygems/issues/171
+ # (see also hawk/config/environment.rb)
+ begin
+ Gem.all_load_paths
+ rescue NoMethodError
+ module Gem
+ def self.all_load_paths
+ []
+ end
+ end
+ end
require 'gettext_rails/tools'
GetText.create_mofiles
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/lib/util.rb
new/hawk-0.5.1/hawk/lib/util.rb
--- old/hawk-0.5.1/hawk/lib/util.rb 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/lib/util.rb 2012-02-24 07:54:22.000000000 +0100
@@ -38,6 +38,7 @@
# else the process won't be complete when you try to get the
# exit status.
def popen3(*cmd)
+ raise SecurityError, "Util::popen3 called with < 2 args" if cmd.length < 2
pw = IO::pipe # pipe[0] for read, pipe[1] for write
pr = IO::pipe
pe = IO::pipe
@@ -56,6 +57,7 @@
STDERR.reopen(pe[1])
pe[1].close
+ # RORSCAN_INL: cmd always has > 1 elem, so safe from shell injection
exec(*cmd)
}
wait_thr = Process.detach(pid)
@@ -83,6 +85,7 @@
# let it use a group-writable subdirectory of our tmp directory
# so unprivileged users can actually invoke crm without warnings
ENV['HOME'] = File.join(RAILS_ROOT, 'tmp', 'home')
+ # RORSCAN_INL: mutli-arg invocation safe from shell injection.
pi = popen3('/usr/sbin/hawk_invoke', user, *cmd)
if defined? yield
begin
@@ -100,6 +103,7 @@
# May block indefinitely if the command executed is expecting something
# on STDIN (untested)
def safe_x(*cmd)
+ raise SecurityError, "Util::safe_x called with < 2 args" if cmd.length < 2
pr = IO::pipe # pipe[0] for read, pipe[1] for write
pe = IO::pipe
pid = fork{
@@ -112,6 +116,7 @@
pe[0].close
STDERR.reopen(pe[1])
pe[1].close
+ # RORSCAN_INL: cmd always has > 1 elem, so safe from shell injection
exec(*cmd)
}
Process.wait
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hawk-0.5.1/hawk/po/hu/hawk.po
new/hawk-0.5.1/hawk/po/hu/hawk.po
--- old/hawk-0.5.1/hawk/po/hu/hawk.po 2012-02-03 10:27:24.000000000 +0100
+++ new/hawk-0.5.1/hawk/po/hu/hawk.po 2012-02-24 07:54:22.000000000 +0100
@@ -1321,11 +1321,3 @@
msgid "Error invoking cibadmin --replace: %{msg}"
msgstr "Hiba történt a cibadmin --replace meghívásakor: %{msg}"
-#~ msgid "Cluster Stack:"
-#~ msgstr "Fürt:"
-
-#~ msgid "Pacemaker Version:"
-#~ msgstr "Pacemaker verzió:"
-
-#~ msgid "Current DC:"
-#~ msgstr "Aktuális DC:"
++++++ require-rack-1.1.patch ++++++
--- /var/tmp/diff_new_pack.7VhCyu/_old 2012-02-24 12:05:03.000000000 +0100
+++ /var/tmp/diff_new_pack.7VhCyu/_new 2012-02-24 12:05:03.000000000 +0100
@@ -2,7 +2,7 @@
===================================================================
--- hawk/config/environment.rb.orig
+++ hawk/config/environment.rb
-@@ -24,7 +24,13 @@ Rails::Initializer.run do |config|
+@@ -36,7 +36,13 @@ Rails::Initializer.run do |config|
config.gem "locale_rails"
config.gem "gettext"
config.gem "gettext_rails"
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
