summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Server/Lint/TemplateAbuse.py
blob: 5a80a588435dcc72adcf44234f059f16b6cfd192 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
""" Check for templated scripts or executables. """

import os
import stat
import Bcfg2.Server.Lint
from Bcfg2.Compat import any  # pylint: disable=W0622
from Bcfg2.Server.Plugin import default_path_metadata
from Bcfg2.Server.Plugins.Cfg.CfgInfoXML import CfgInfoXML
from Bcfg2.Server.Plugins.Cfg.CfgGenshiGenerator import CfgGenshiGenerator
from Bcfg2.Server.Plugins.Cfg.CfgCheetahGenerator import CfgCheetahGenerator
from Bcfg2.Server.Plugins.Cfg.CfgJinja2Generator import CfgJinja2Generator
from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenshiGenerator import \
    CfgEncryptedGenshiGenerator
from Bcfg2.Server.Plugins.Cfg.CfgEncryptedCheetahGenerator import \
    CfgEncryptedCheetahGenerator
from Bcfg2.Server.Plugins.Cfg.CfgEncryptedJinja2Generator import \
    CfgEncryptedJinja2Generator


class TemplateAbuse(Bcfg2.Server.Lint.ServerPlugin):
    """ Check for templated scripts or executables. """
    templates = [CfgGenshiGenerator, CfgCheetahGenerator, CfgJinja2Generator,
                 CfgEncryptedGenshiGenerator, CfgEncryptedCheetahGenerator,
                 CfgEncryptedJinja2Generator]
    extensions = [".pl", ".py", ".sh", ".rb"]

    def Run(self):
        if 'Cfg' in self.core.plugins:
            for entryset in self.core.plugins['Cfg'].entries.values():
                for entry in entryset.entries.values():
                    if (self.HandlesFile(entry.name) and
                        any(isinstance(entry, t) for t in self.templates)):
                        self.check_template(entryset, entry)

    @classmethod
    def Errors(cls):
        return {"templated-script": "warning",
                "templated-executable": "warning"}

    def check_template(self, entryset, entry):
        """ Check a template to see if it's a script or an executable. """
        # first, check for a known script extension
        ext = os.path.splitext(entryset.path)[1]
        if ext in self.extensions:
            self.LintError("templated-script",
                           "Templated script found: %s\n"
                           "File has a known script extension: %s\n"
                           "Template a config file for the script instead" %
                           (entry.name, ext))
            return

        # next, check for a shebang line
        firstline = open(entry.name).readline()
        if firstline.startswith("#!"):
            self.LintError("templated-script",
                           "Templated script found: %s\n"
                           "File starts with a shebang: %s\n"
                           "Template a config file for the script instead" %
                           (entry.name, firstline))
            return

        # finally, check for executable permissions in info.xml
        for entry in entryset.entries.values():
            if isinstance(entry, CfgInfoXML):
                for pinfo in entry.infoxml.pnode.data.xpath("//FileInfo"):
                    try:
                        mode = int(
                            pinfo.get("mode",
                                      default_path_metadata()['mode']), 8)
                    except ValueError:
                        # LintError will be produced by RequiredAttrs plugin
                        self.logger.warning("Non-octal mode: %s" % mode)
                        continue
                    if mode & stat.S_IXUSR != 0:
                        self.LintError(
                            "templated-executable",
                            "Templated executable found: %s\n"
                            "Template a config file for the executable instead"
                            % entry.name)
                        return