CheckDevOps: prevent portal crash/loop if a bad rules.json file is provided
Concerned version
Version: %2.0.14
Platform: Nginx/uWSGI
Summary
checkDevOps plugin allows us to test a rules.json file by downloading or providing it. If a bad header is compiled from a provided rules.json file, the portal is marked as in maintenance mode.
sub headersInit {
my ( $class, $conf, $headers ) = @_;
$headers ||= $conf->{exportedHeaders};
# Creation of the subroutine which will generate headers
foreach my $vhost ( keys %{$headers} ) {
unless ($vhost) {
$class->logger->warn('Empty vhost in headers, skipping');
next;
}
$headers->{$vhost} ||= {};
my %headers = %{ $headers->{$vhost} };
$class->tsv->{headerList}->{$vhost} = [ keys %headers ];
my $sub = '';
foreach ( keys %headers ) {
$headers{$_} ||= "''";
my $val = $class->substitute( $headers{$_} ) . " // ''";
$sub .= "('$_' => $val),";
}
unless ( $class->tsv->{forgeHeaders}->{$vhost} =
$class->buildSub($sub) )
{
$class->tsv->{maintenance}->{$vhost} = 1;
$class->logger->error( "$class Unable to forge $vhost headers: "
. $class->tsv->{jail}->error );
}
}
return 1;
}
Logs
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] User dwho was granted to access to /checkdevops
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Start routing checkdevops
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Trying to load token 1638278702_41662
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [warn] Can't find string terminator "'" anywhere before EOF at (eval 149) line 1.
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [warn] Lemonldap::NG::Handler::PSGI::Main Unable to forge auth.example.com headers: Can't find string terminator "'" anywhere before EOF at (eval 149) line 1.
.....
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] CheckDevOps compiled headers:
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] CheckDevOps compiled rules: default:allowed
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Token 1638278702_51351 created
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Starting HTML generation using site/templates/bootstrap/checkdevops.tpl
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Sending site/templates/bootstrap/checkdevops.tpl
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Apply following CORS policy :
....
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Maintenance mode enabled
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Go to portal with maintenance error code
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Build URL http://auth.example.com/
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Redirect 127.0.0.1 to lmError (url was /)
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] User not authenticated, Try in use, cancel redirection
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Start routing checkdevops
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Build URL http://auth.example.com/checkdevops
[Wed Dec 1 10:23:02 2021] [LLNG:10378] [debug] Redirect 127.0.0.1 to portal (url was /checkdevops)
Discard maintenance mode and throw an error.