parent
d58b49887d
commit
311e279d53
@ -1,2 +1,2 @@
|
||||
SOURCES/sos-4.5.4.tar.gz
|
||||
SOURCES/sos-4.5.5.tar.gz
|
||||
SOURCES/sos-audit-0.3.tgz
|
||||
|
@ -1,2 +1,2 @@
|
||||
e2c0fe1ab4ab24b7d91d3fb2c590a00bf4f3cf98 SOURCES/sos-4.5.4.tar.gz
|
||||
cc86572817d14115c3dc5a942c79e89fa17514c4 SOURCES/sos-4.5.5.tar.gz
|
||||
9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz
|
||||
|
@ -0,0 +1,57 @@
|
||||
From 59c2660584734af92eca2eae31af3fbf5557f853 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Jansky <jjansky@redhat.com>
|
||||
Date: Mon, 10 Jul 2023 13:10:22 +0200
|
||||
Subject: [PATCH] [clean] Properly obfuscate MAC addresses
|
||||
|
||||
Some of mac addresses was not properly obfuscated because
|
||||
some collected data contains mac addresses in format
|
||||
01:<mac> and parser was not ready for that.
|
||||
|
||||
Also added mapper which will obfuscate mac address in case
|
||||
it is in format with _ instead of : as for example
|
||||
|
||||
00_50_56_87_5d_01
|
||||
|
||||
instead of
|
||||
|
||||
00:50:56:87:5d:01
|
||||
|
||||
Format with _ is used for example by vmware plugin.
|
||||
|
||||
Resolves: #3302
|
||||
|
||||
Signed-off-by: Jan Jansky <jjansky@redhat.com>
|
||||
---
|
||||
sos/cleaner/mappings/mac_map.py | 2 +-
|
||||
sos/cleaner/parsers/mac_parser.py | 4 ++--
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/sos/cleaner/mappings/mac_map.py b/sos/cleaner/mappings/mac_map.py
|
||||
index 334a6681..4ccba25a 100644
|
||||
--- a/sos/cleaner/mappings/mac_map.py
|
||||
+++ b/sos/cleaner/mappings/mac_map.py
|
||||
@@ -75,5 +75,5 @@ class SoSMacMap(SoSMap):
|
||||
if re.match('(([0-9a-fA-F]{4}:){3}([0-9a-fA-F]){4})', item):
|
||||
return self.mac6_quad_template % hextets
|
||||
# match 48-bit IPv4 MAC addresses
|
||||
- if re.match('([0-9a-fA-F]:?){12}', item):
|
||||
+ if re.match('([0-9a-fA-F][:_]?){12}', item):
|
||||
return self.mac_template % hextets
|
||||
diff --git a/sos/cleaner/parsers/mac_parser.py b/sos/cleaner/parsers/mac_parser.py
|
||||
index 88b0ac2e..4e790018 100644
|
||||
--- a/sos/cleaner/parsers/mac_parser.py
|
||||
+++ b/sos/cleaner/parsers/mac_parser.py
|
||||
@@ -25,8 +25,8 @@ IPV6_REG_4HEX = (
|
||||
)
|
||||
# aa:bb:cc:dd:ee:ff avoiding ipv6 substring matches
|
||||
IPV4_REG = (
|
||||
- r'((?<!([0-9a-fA-F\'\"]:)|::)(([^:\-])?([0-9a-fA-F]{2}([:-])){5}'
|
||||
- r'([0-9a-fA-F]){2}(\'|\")?(\/|\,|\-|\.|\s|$)))'
|
||||
+ r'((?<!([0-9a-fA-F\'\"]:)|::)'
|
||||
+ r'(([^:\-])?(([0-9a-fA-F]{2}([:\-\_])){5,6}([0-9a-fA-F]{2}))))'
|
||||
)
|
||||
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,93 @@
|
||||
From cca04c1e1fdc97632cdefdc1d1d7a3dea9cb4aea Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Moravec <pmoravec@redhat.com>
|
||||
Date: Wed, 28 Jun 2023 11:49:56 +0200
|
||||
Subject: [PATCH 1/2] [clean] Respect permissions of sanitised files
|
||||
|
||||
When copying files we applied a substitution in, we must replace just
|
||||
original file content (shutil.copyfile) and not also its stat data
|
||||
(shutil.copy).
|
||||
|
||||
Resolves: #3292
|
||||
|
||||
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
||||
---
|
||||
sos/cleaner/__init__.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sos/cleaner/__init__.py b/sos/cleaner/__init__.py
|
||||
index feeedf66..fbcaa9c3 100644
|
||||
--- a/sos/cleaner/__init__.py
|
||||
+++ b/sos/cleaner/__init__.py
|
||||
@@ -778,7 +778,7 @@ third party.
|
||||
% (short_name, err), caller=arc_name)
|
||||
tfile.seek(0)
|
||||
if subs:
|
||||
- shutil.copy(tfile.name, filename)
|
||||
+ shutil.copyfile(tfile.name, filename)
|
||||
tfile.close()
|
||||
|
||||
_ob_short_name = self.obfuscate_string(short_name.split('/')[-1])
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
||||
From fc1489a621108d3613d3337489a64950e52d77c3 Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Moravec <pmoravec@redhat.com>
|
||||
Date: Thu, 29 Jun 2023 22:57:46 +0200
|
||||
Subject: [PATCH 2/2] [tests] add test for #3292
|
||||
|
||||
Add a test that cleaner keeps permissions of a sanitised file
|
||||
|
||||
Relevant to: #3292
|
||||
|
||||
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
||||
---
|
||||
.../basic_function_tests/report_with_mask.py | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/tests/cleaner_tests/basic_function_tests/report_with_mask.py b/tests/cleaner_tests/basic_function_tests/report_with_mask.py
|
||||
index 7c4d3905..baee836a 100644
|
||||
--- a/tests/cleaner_tests/basic_function_tests/report_with_mask.py
|
||||
+++ b/tests/cleaner_tests/basic_function_tests/report_with_mask.py
|
||||
@@ -9,6 +9,7 @@
|
||||
from sos_tests import StageOneReportTest, StageTwoReportTest
|
||||
|
||||
import re
|
||||
+from os import stat
|
||||
|
||||
|
||||
class ReportWithMask(StageOneReportTest):
|
||||
@@ -18,6 +19,17 @@ class ReportWithMask(StageOneReportTest):
|
||||
"""
|
||||
|
||||
sos_cmd = '--mask -o host,networking'
|
||||
+ hosts_obfuscated = None
|
||||
+
|
||||
+ def pre_sos_setup(self):
|
||||
+ # obfuscate a random word from /etc/hosts and ensure the updated
|
||||
+ # sanitised file has same permissions (a+r)
|
||||
+ try:
|
||||
+ self.hosts_obfuscated = open('/etc/hosts').read().strip('#\n').split()[-1]
|
||||
+ except (FileNotFoundError, IndexError) as e:
|
||||
+ self.warning(f"Unable to process /etc/hosts: {e}")
|
||||
+ if self.hosts_obfuscated:
|
||||
+ self.sos_cmd += f' --keywords={self.hosts_obfuscated}'
|
||||
|
||||
def test_mask_was_run(self):
|
||||
self.assertOutputContains('Beginning obfuscation')
|
||||
@@ -53,6 +65,12 @@ class ReportWithMask(StageOneReportTest):
|
||||
mac = line.strip().split()[1]
|
||||
assert mac.startswith('53:4f:53'), "Found unobfuscated mac addr %s" % mac
|
||||
|
||||
+ def test_perms_unchanged_on_modified_file(self):
|
||||
+ if self.hosts_obfuscated:
|
||||
+ imode_orig = stat('/etc/hosts').st_mode
|
||||
+ imode_obfuscated = stat(self.get_name_in_archive('etc/hosts')).st_mode
|
||||
+ self.assertEqual(imode_orig, imode_obfuscated)
|
||||
+
|
||||
|
||||
class ReportWithCleanedKeywords(StageOneReportTest):
|
||||
"""Testing for obfuscated keywords provided by the user
|
||||
--
|
||||
2.31.1
|
||||
|
Loading…
Reference in new issue