From eff9e77d5a695f2ef800c54206dbe0ac11dc0272 Mon Sep 17 00:00:00 2001 From: fly_1997 Date: Wed, 27 Nov 2024 10:18:57 +0800 Subject: [PATCH 4/5] add command verification --- src/plugin/collect/system/CMakeLists.txt | 2 +- .../collect/system/command/command_base.cpp | 29 ++++++++++--------- .../collect/system/command/command_base.h | 3 ++ .../system/command/command_collector.h | 3 +- src/plugin/collect/system/kernel_config.cpp | 9 ++++++ src/plugin/collect/system/kernel_config.h | 1 + src/plugin_mgr/event/subscribe_handler.cpp | 10 ++----- src/plugin_mgr/instance_run_handler.cpp | 3 +- 8 files changed, 36 insertions(+), 24 deletions(-) diff --git a/src/plugin/collect/system/CMakeLists.txt b/src/plugin/collect/system/CMakeLists.txt index ee6044f..af4a239 100644 --- a/src/plugin/collect/system/CMakeLists.txt +++ b/src/plugin/collect/system/CMakeLists.txt @@ -1,6 +1,6 @@ cmake_minimum_required(VERSION 3.11) project(system_collector) -include_directories(../include) +include_directories(command) add_compile_options(-O2 -fPIC -Wall -Wextra) add_library(system_collector SHARED thread_collector.cpp diff --git a/src/plugin/collect/system/command/command_base.cpp b/src/plugin/collect/system/command/command_base.cpp index bf658b8..e6c0a83 100644 --- a/src/plugin/collect/system/command/command_base.cpp +++ b/src/plugin/collect/system/command/command_base.cpp @@ -10,6 +10,7 @@ * See the Mulan PSL v2 for more details. ******************************************************************************/ #include "command_base.h" +#include #include #include @@ -59,23 +60,25 @@ CommandBase::CommandBase() attrsFirst["vmstat"] = {"swpd"}; } +std::vector CommandBase::command{"mpstat", "iostat", "vmstat", "sar", "pidstat"}; +std::vector CommandBase::illegal{"|", ";", "&", "$", ">", "<", "`", "\n"}; + +bool CommandBase::ValidateCmd(const std::string &cmd) +{ + for (auto word : illegal) { + if (strstr(cmd.c_str(), word.c_str())) { + return false; + } + } + return true; +} + bool CommandBase::ValidateArgs(const oeaware::Topic& topic) { - auto cmd = GetCommand(topic); - PopenProcess p; - p.Popen(cmd); - if (!p.stream) { + if (std::find(command.begin(), command.end(), topic.topicName) == command.end()) { return false; } - char buffer[128]; - bool isValid = false; - if (fgets(buffer, sizeof(buffer), p.stream) != nullptr) { - if (strstr(buffer, "Linux") != nullptr || strstr(buffer, "procs") != nullptr) { - isValid = true; - } - } - p.Pclose(); - return isValid; + return ValidateCmd(topic.params); } void CommandBase::ParseLine(const std::string& line) diff --git a/src/plugin/collect/system/command/command_base.h b/src/plugin/collect/system/command/command_base.h index a6d7627..ef9bd7c 100644 --- a/src/plugin/collect/system/command/command_base.h +++ b/src/plugin/collect/system/command/command_base.h @@ -35,9 +35,12 @@ public: oeaware::Topic topic; std::unordered_map> attrsFirst; std::vector skipLine{"---swap--"}; + static std::vector command; + static std::vector illegal; CommandBase(); virtual ~CommandBase() = default; static bool ValidateArgs(const oeaware::Topic& topic); + static bool ValidateCmd(const std::string &cmd); void ParseLine(const std::string& line); static std::string GetCommand(const oeaware::Topic& topic); bool FillDataStruct(void* dataStruct); diff --git a/src/plugin/collect/system/command/command_collector.h b/src/plugin/collect/system/command/command_collector.h index 26fc7e7..72553e3 100644 --- a/src/plugin/collect/system/command/command_collector.h +++ b/src/plugin/collect/system/command/command_collector.h @@ -27,8 +27,7 @@ public: void Disable() override; void Run() override; private: - std::vector topicStr = {"mpstat", "iostat", "vmstat", "sar", "pidstat", "lscpu", "zone_reclaim_mode", - "meminfo", "ethtool", "ifconfig", "os-release", "version"}; + std::vector topicStr = {"mpstat", "iostat", "vmstat", "sar", "pidstat"}; std::unordered_map> collectors; std::unordered_map collectThreads; std::unordered_map publishThreads; diff --git a/src/plugin/collect/system/kernel_config.cpp b/src/plugin/collect/system/kernel_config.cpp index 6bdfc8a..3d25251 100644 --- a/src/plugin/collect/system/kernel_config.cpp +++ b/src/plugin/collect/system/kernel_config.cpp @@ -17,6 +17,7 @@ #include #include #include +#include "command_base.h" KernelConfig::KernelConfig(): oeaware::Interface() { @@ -258,12 +259,20 @@ void KernelConfig::WriteSysParam(const std::string &path, const std::string &val INFO(logger, "successfully wrote value{" << value <<"} to " << path << "."); } +std::vector KernelConfig::cmdGroup{"sysctl", "ifconfig", "/sbin/blockdev"}; + void KernelConfig::SetKernelConfig() { for (auto &p : setSystemParams) { WriteSysParam(p.first, p.second); } for (auto &cmd : cmdRun) { + auto cmdParts = oeaware::SplitString(cmd, " "); + if (cmdParts.empty() || std::find(cmdGroup.begin(), cmdGroup.end(), cmdParts[0]) == cmdGroup.end() || + !CommandBase::ValidateCmd(cmd)) { + WARN(logger, "cmd{" << cmd << "} invalid."); + continue; + } FILE *pipe = popen(cmd.data(), "r"); if (!pipe) { WARN(logger, "{" << cmd << "} run failed."); diff --git a/src/plugin/collect/system/kernel_config.h b/src/plugin/collect/system/kernel_config.h index aa96886..32049d4 100644 --- a/src/plugin/collect/system/kernel_config.h +++ b/src/plugin/collect/system/kernel_config.h @@ -62,6 +62,7 @@ private: std::unordered_map kernelParams; std::vector cmdRun; + static std::vector cmdGroup; std::vector allEths; }; diff --git a/src/plugin_mgr/event/subscribe_handler.cpp b/src/plugin_mgr/event/subscribe_handler.cpp index 8697958..f29b455 100644 --- a/src/plugin_mgr/event/subscribe_handler.cpp +++ b/src/plugin_mgr/event/subscribe_handler.cpp @@ -14,24 +14,20 @@ namespace oeaware { Result SubscribeHandler::Subscribe(const std::string &name, const Topic &topic) { - Result result; if (!memoryStore->IsInstanceExist(topic.instanceName)) { WARN(logger, "The subscribed instance " << topic.instanceName << " does not exist."); - result.code = -1; - return result; + return Result(FAILED, "instance does not exist."); } auto instance = memoryStore->GetInstance(topic.instanceName); if (!instance->supportTopics.count(topic.topicName)) { WARN(logger, "The subscribed topic " << topic.topicName << " does not exist."); - result.code = -1; - return result; + return Result(FAILED, "topic does not exist."); } auto msg = std::make_shared(RunType::SUBSCRIBE, std::vector{topic.GetType(), name}); instanceRunHandler->RecvQueuePush(msg); msg->Wait(); - result = msg->result; - return result; + return msg->result; } EventResult SubscribeHandler::Handle(const Event &event) diff --git a/src/plugin_mgr/instance_run_handler.cpp b/src/plugin_mgr/instance_run_handler.cpp index 30dc886..abee581 100644 --- a/src/plugin_mgr/instance_run_handler.cpp +++ b/src/plugin_mgr/instance_run_handler.cpp @@ -61,7 +61,8 @@ Result InstanceRunHandler::Subscribe(const std::vector &payload) if (!topicState[topic.instanceName][topic.topicName][topic.params]) { result = instance->interface->OpenTopic(topic); if (result.code < 0) { - WARN(logger, "topic open failed, " << result.payload); + WARN(logger, "topic{" << LogText(topic.instanceName) << ", " << LogText(topic.topicName) << ", " << + LogText(topic.params) << "} open failed, " << result.payload); DisableInstance(instance->name); return result; } -- 2.33.0