Skip to content
GitLab
Closed
Issue created by Christophe Maudoux@maudouxMaintainer

CheckDevOps: prevent portal crash/loop if a bad rules.json file is provided

Concerned version

Version: %2.0.14

Platform: Nginx/uWSGI

Summary

checkDevOps plugin allows us to test a rules.json file by downloading or providing it. If a bad header is compiled from a provided rules.json file, the portal is marked as in maintenance mode.

sub headersInit {
    my ( $class, $conf, $headers ) = @_;
    $headers ||= $conf->{exportedHeaders};

    # Creation of the subroutine which will generate headers
    foreach my $vhost ( keys %{$headers} ) {
        unless ($vhost) {
            $class->logger->warn('Empty vhost in headers, skipping');
            next;
        }
        $headers->{$vhost} ||= {};
        my %headers = %{ $headers->{$vhost} };
        $class->tsv->{headerList}->{$vhost} = [ keys %headers ];
        my $sub = '';
        foreach ( keys %headers ) {
            $headers{$_} ||= "''";
            my $val = $class->substitute( $headers{$_} ) . " // ''";
            $sub .= "('$_' => $val),";
        }

        unless ( $class->tsv->{forgeHeaders}->{$vhost} =
            $class->buildSub($sub) )
        {
            $class->tsv->{maintenance}->{$vhost} = 1;
            $class->logger->error( "$class Unable to forge $vhost headers: "
                  . $class->tsv->{jail}->error );
        }
    }
    return 1;
}

Logs

[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] User dwho was granted to access to /checkdevops
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Start routing checkdevops
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Trying to load token 1638278702_41662
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [warn] Can't find string terminator "'" anywhere before EOF at (eval 149) line 1.

[Wed Dec  1 10:23:02 2021] [LLNG:10378] [warn] Lemonldap::NG::Handler::PSGI::Main Unable to forge auth.example.com headers: Can't find string terminator "'" anywhere before EOF at (eval 149) line 1.
.....
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] CheckDevOps compiled headers: 
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] CheckDevOps compiled rules: default:allowed
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Token 1638278702_51351 created
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Starting HTML generation using site/templates/bootstrap/checkdevops.tpl
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Sending site/templates/bootstrap/checkdevops.tpl
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Apply following CORS policy :
....
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Maintenance mode enabled
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Go to portal with maintenance error code
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Build URL http://auth.example.com/
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Redirect 127.0.0.1 to lmError (url was /)
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] User not authenticated, Try in use, cancel redirection
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Start routing checkdevops
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Build URL http://auth.example.com/checkdevops
[Wed Dec  1 10:23:02 2021] [LLNG:10378] [debug] Redirect 127.0.0.1 to portal (url was /checkdevops)

Discard maintenance mode and throw an error.

Edited by Christophe Maudoux