Discard maintenance mode with bad rules files & improve hidden attributes filtering (#2668)
This commit is contained in:
parent
d1676f8f39
commit
77e7575317
|
@ -198,7 +198,7 @@ sub parse {
|
|||
# Removed hidden session attributes
|
||||
foreach my $v ( split /[,\s]+/, $self->conf->{hiddenAttributes} ) {
|
||||
foreach ( keys %{ $json->{headers} } ) {
|
||||
if ( $json->{headers}->{$_} eq '$' . $v ) {
|
||||
if ( $json->{headers}->{$_} =~ /\$$v/ ) {
|
||||
delete $json->{headers}->{$_};
|
||||
my $user = $req->userData->{ $self->conf->{whatToTrace} };
|
||||
$self->userLogger->warn(
|
||||
|
@ -212,39 +212,55 @@ sub parse {
|
|||
$handler->headersInit( undef, { $vhost => $json->{headers} } );
|
||||
$headers = $handler->checkHeaders( $req, $req->userData );
|
||||
|
||||
# Normalize headers name if required
|
||||
if ( $self->conf->{checkDevOpsDisplayNormalizedHeaders} ) {
|
||||
$self->logger->debug("Normalize headers...");
|
||||
@$headers = map {
|
||||
; # Prevent compilation error with old Perl versions
|
||||
no strict 'refs';
|
||||
{
|
||||
key => &{ $handler . '::cgiName' }( $_->{key} ),
|
||||
value => $_->{value}
|
||||
}
|
||||
} @$headers;
|
||||
if ( $handler->tsv->{maintenance}->{$vhost} ) {
|
||||
|
||||
# Prepare form params
|
||||
undef $json;
|
||||
$headers = [];
|
||||
$alert = 'alert-danger';
|
||||
$msg = 'PE' . PE_BAD_DEVOPS_FILE;
|
||||
$self->userLogger->error(
|
||||
"CheckDevOps: bad 'rules.json' file (headers)");
|
||||
$handler->tsv->{maintenance}->{$vhost} = 0;
|
||||
}
|
||||
else {
|
||||
|
||||
my $headers_list = join ', ', map "$_->{key}:$_->{value}", @$headers;
|
||||
$self->logger->debug("CheckDevOps compiled headers: $headers_list");
|
||||
|
||||
# Compile rules
|
||||
@$rules = map {
|
||||
my ( $sub, $flag ) = $handler->conditionSub( $json->{rules}->{$_} );
|
||||
{
|
||||
uri => $_,
|
||||
access => $sub->( $req, $req->userData )
|
||||
? 'allowed'
|
||||
: 'forbidden'
|
||||
# Normalize headers name if required
|
||||
if ( $self->conf->{checkDevOpsDisplayNormalizedHeaders} ) {
|
||||
$self->logger->debug("Normalize headers...");
|
||||
@$headers = map {
|
||||
; # Prevent compilation error with old Perl versions
|
||||
no strict 'refs';
|
||||
{
|
||||
key => &{ $handler . '::cgiName' }( $_->{key} ),
|
||||
value => $_->{value}
|
||||
}
|
||||
} @$headers;
|
||||
}
|
||||
} sort keys %{ $json->{rules} };
|
||||
my $rules_list = join ', ', map "$_->{uri}:$_->{access}", @$rules;
|
||||
$self->logger->debug("CheckDevOps compiled rules: $rules_list");
|
||||
|
||||
# Prepare form params
|
||||
$msg = 'checkDevOps';
|
||||
$alert = 'alert-info';
|
||||
$json = JSON->new->ascii->pretty->encode($json); # Pretty print
|
||||
my $headers_list = join ', ', map "$_->{key}:$_->{value}",
|
||||
@$headers;
|
||||
$self->logger->debug("CheckDevOps compiled headers: $headers_list");
|
||||
|
||||
# Compile rules
|
||||
@$rules = map {
|
||||
my ( $sub, $flag ) =
|
||||
$handler->conditionSub( $json->{rules}->{$_} );
|
||||
{
|
||||
uri => $_,
|
||||
access => $sub->( $req, $req->userData )
|
||||
? 'allowed'
|
||||
: 'forbidden'
|
||||
}
|
||||
} sort keys %{ $json->{rules} };
|
||||
my $rules_list = join ', ', map "$_->{uri}:$_->{access}", @$rules;
|
||||
$self->logger->debug("CheckDevOps compiled rules: $rules_list");
|
||||
|
||||
# Prepare form params
|
||||
$msg = 'checkDevOps';
|
||||
$alert = 'alert-info';
|
||||
$json = JSON->new->ascii->pretty->encode($json); # Pretty print
|
||||
}
|
||||
}
|
||||
|
||||
# Prepare form
|
||||
|
|
|
@ -19,7 +19,7 @@ my $file = '{
|
|||
"User": "$uid",
|
||||
"Mail": "$mail",
|
||||
"Name": "$cn",
|
||||
"UA": "$UA"
|
||||
"UA": "$UA ? $UA : qq#FF#"
|
||||
}
|
||||
}';
|
||||
my $bad_file = '{
|
||||
|
@ -31,6 +31,15 @@ my $bad_file = '{
|
|||
"User": "$uid",
|
||||
}
|
||||
}';
|
||||
my $bad_file2 = qq%{
|
||||
"rules": {
|
||||
"default": "accept"
|
||||
},
|
||||
"headers": {
|
||||
"User": "'user",
|
||||
"Mail": "'mail'"
|
||||
}
|
||||
}%;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
|
@ -122,6 +131,26 @@ count(2);
|
|||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkdevops', 'checkDevOpsFile', 'token' );
|
||||
|
||||
# POST bad file2
|
||||
# --------------
|
||||
$query .= "&checkDevOpsFile=$bad_file2";
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkdevops',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
length => length($query),
|
||||
accept => 'text/html'
|
||||
),
|
||||
'POST checkdevops with bad file2'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="PE104"></span>%,
|
||||
'Found PE_BAD_DEVOPS_FILE' )
|
||||
or explain( $res->[2]->[0], 'trspan="PE104"' );
|
||||
count(2);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkdevops', 'checkDevOpsFile', 'token' );
|
||||
|
||||
# POST file
|
||||
# ---------
|
||||
$query .= "&checkDevOpsFile=$file";
|
||||
|
|
Loading…
Reference in New Issue
Block a user