From e6c8a07699915d5843772a951b7d9c0bc2c8ca8c Mon Sep 17 00:00:00 2001 From: dheerajd-msys Date: Fri, 15 Jun 2018 15:58:25 +0530 Subject: add sensitive feature Signed-off-by: dheerajd-msys --- .rubocop.yml | 4 ++++ lib/mixlib/shellout.rb | 6 ++++++ lib/mixlib/shellout/unix.rb | 11 ++++++----- lib/mixlib/shellout/windows.rb | 6 +++--- spec/mixlib/shellout_spec.rb | 12 ++++++------ 5 files changed, 25 insertions(+), 14 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 4343509..86ce2a0 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -6,3 +6,7 @@ Lint/UnderscorePrefixedVariableName: Lint/UselessAccessModifier: Exclude: - 'lib/mixlib/shellout/windows/core_ext.rb' + +# Set for mixlib-shell-out-windows.gemspec +Security/Eval: + Enabled: false diff --git a/lib/mixlib/shellout.rb b/lib/mixlib/shellout.rb index 76e6959..e95e7df 100644 --- a/lib/mixlib/shellout.rb +++ b/lib/mixlib/shellout.rb @@ -112,6 +112,8 @@ module Mixlib # Runs windows process with elevated privileges. Required for Powershell commands which need elevated privileges attr_accessor :elevated + attr_accessor :sensitive + # === Arguments: # Takes a single command, or a list of command fragments. These are used # as arguments to Kernel.exec. See the Kernel.exec documentation for more @@ -176,6 +178,7 @@ module Mixlib @terminate_reason = nil @timeout = nil @elevated = false + @sensitive = false if command_args.last.is_a?(Hash) parse_options(command_args.pop) @@ -227,6 +230,7 @@ module Mixlib # showing the exact command executed. Used by +invalid!+ to show command # results when the command exited with an unexpected status. def format_for_exception + return "Command execution failed. STDOUT/STDERR suppressed for sensitive resource" if sensitive msg = "" msg << "#{@terminate_reason}\n" if @terminate_reason msg << "---- Begin output of #{command} ----\n" @@ -345,6 +349,8 @@ module Mixlib self.login = setting when "elevated" self.elevated = setting + when "sensitive" + self.sensitive = setting else raise InvalidCommandOption, "option '#{option.inspect}' is not a valid option for #{self.class.name}" end diff --git a/lib/mixlib/shellout/unix.rb b/lib/mixlib/shellout/unix.rb index bc0fc69..881d54a 100644 --- a/lib/mixlib/shellout/unix.rb +++ b/lib/mixlib/shellout/unix.rb @@ -1,4 +1,4 @@ -#-- +# # Author:: Daniel DeLeo () # Copyright:: Copyright (c) 2010-2016 Chef Software, Inc. # License:: Apache License, Version 2.0 @@ -284,7 +284,7 @@ module Mixlib end def read_stdout_to_buffer - while chunk = child_stdout.read_nonblock(READ_SIZE) + while ( chunk = child_stdout.read_nonblock(READ_SIZE) ) @stdout << chunk @live_stdout << chunk if @live_stdout end @@ -294,7 +294,7 @@ module Mixlib end def read_stderr_to_buffer - while chunk = child_stderr.read_nonblock(READ_SIZE) + while ( chunk = child_stderr.read_nonblock(READ_SIZE) ) @stderr << chunk @live_stderr << chunk if @live_stderr end @@ -304,7 +304,7 @@ module Mixlib end def read_process_status_to_buffer - while chunk = child_process_status.read_nonblock(READ_SIZE) + while ( chunk = child_process_status.read_nonblock(READ_SIZE) ) @process_status << chunk end rescue Errno::EAGAIN @@ -402,7 +402,8 @@ module Mixlib # Try to reap the child process but don't block if it isn't dead yet. def attempt_reap - if results = Process.waitpid2(@child_pid, Process::WNOHANG) + results = Process.waitpid2(@child_pid, Process::WNOHANG) + if results @reaped = true @status = results.last else diff --git a/lib/mixlib/shellout/windows.rb b/lib/mixlib/shellout/windows.rb index 226c7c4..5116d5f 100644 --- a/lib/mixlib/shellout/windows.rb +++ b/lib/mixlib/shellout/windows.rb @@ -1,4 +1,4 @@ -#-- +# # Author:: Daniel DeLeo () # Author:: John Keiser () # Author:: Ho-Sheng Hsiao () @@ -122,7 +122,7 @@ module Mixlib wmi = WmiLite::Wmi.new kill_process_tree(process.process_id, wmi, logger) Process.kill(:KILL, process.process_id) - rescue Errno::EIO, SystemCallError + rescue logger.warn("Failed to kill timed out process #{process.process_id}") if logger end @@ -357,7 +357,7 @@ module Mixlib ].join) end Process.kill(:KILL, instance.wmi_ole_object.processid) - rescue Errno::EIO, SystemCallError + rescue if logger logger.debug([ "Failed to kill child process #{child_pid}::", diff --git a/spec/mixlib/shellout_spec.rb b/spec/mixlib/shellout_spec.rb index 3848c5e..ce4ab43 100644 --- a/spec/mixlib/shellout_spec.rb +++ b/spec/mixlib/shellout_spec.rb @@ -322,11 +322,11 @@ describe Mixlib::ShellOut do context "testing login", :unix_only do subject { shell_cmd } - let (:uid) { 1005 } - let (:gid) { 1002 } - let (:shell) { "/bin/money" } - let (:dir) { "/home/castle" } - let (:path) { "/sbin:/bin:/usr/sbin:/usr/bin" } + let(:uid) { 1005 } + let(:gid) { 1002 } + let(:shell) { "/bin/money" } + let(:dir) { "/home/castle" } + let(:path) { "/sbin:/bin:/usr/sbin:/usr/bin" } before :each do shell_cmd.login = true catbert_user = double("Etc::Passwd", :name => "catbert", :passwd => "x", :uid => 1005, :gid => 1002, :gecos => "Catbert,,,", :dir => "/home/castle", :shell => "/bin/money") @@ -378,7 +378,7 @@ describe Mixlib::ShellOut do # Setting the user should set the env variables describe "#process_environment" do subject { super().process_environment } - it { is_expected.to eq ({ "HOME" => dir, "SHELL" => shell, "USER" => "catbert", "LOGNAME" => "catbert", "PATH" => path, "IFS" => "\t\n" }) } + it { is_expected.to eq({ "HOME" => dir, "SHELL" => shell, "USER" => "catbert", "LOGNAME" => "catbert", "PATH" => path, "IFS" => "\t\n" }) } end # Setting the user with overriding env variables should override context "when adding environment variables" do -- cgit v1.2.1