From 66d4af42860198bdd5228ea52d81597745fe6eb8 Mon Sep 17 00:00:00 2001 From: Hiroshi Hatake Date: Thu, 11 Mar 2021 11:55:17 +0900 Subject: [PATCH 1/2] storage_local: Use File.open instead of Kernel.open MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * https://www.rubydoc.info/gems/rubocop/RuboCop/Cop/Security/Open ``` `Kernel#open` and `URI.open` enable not only file access but also process invocation by prefixing a pipe symbol (e.g., `open(“| ls”)`). So, it may lead to a serious security risk by using variable input to the argument of `Kernel#open` and `URI.open`. It would be better to use `File.open`, `IO.popen` or `URI.parse#open` explicitly. ``` Signed-off-by: Hiroshi Hatake --- lib/fluent/plugin/storage_local.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/fluent/plugin/storage_local.rb b/lib/fluent/plugin/storage_local.rb index 9fa88dfcb7..1ae0c6cd54 100644 --- a/lib/fluent/plugin/storage_local.rb +++ b/lib/fluent/plugin/storage_local.rb @@ -87,7 +87,7 @@ def configure(conf) if File.exist?(@path) raise Fluent::ConfigError, "Plugin storage path '#{@path}' is not readable/writable" unless File.readable?(@path) && File.writable?(@path) begin - data = open(@path, 'r:utf-8') { |io| io.read } + data = File.open(@path, 'r:utf-8') { |io| io.read } if data.empty? log.warn "detect empty plugin storage file during startup. Ignored: #{@path}" return @@ -115,7 +115,7 @@ def load return if @on_memory return unless File.exist?(@path) begin - json_string = open(@path, 'r:utf-8'){ |io| io.read } + json_string = File.open(@path, 'r:utf-8'){ |io| io.read } json = Yajl::Parser.parse(json_string) unless json.is_a?(Hash) log.error "broken content for plugin storage (Hash required: ignored)", type: json.class @@ -133,7 +133,7 @@ def save tmp_path = @path + '.tmp' begin json_string = Yajl::Encoder.encode(@store, pretty: @pretty_print) - open(tmp_path, 'w:utf-8', @mode) { |io| io.write json_string; io.fsync } + File.open(tmp_path, 'w:utf-8', @mode) { |io| io.write json_string; io.fsync } File.rename(tmp_path, @path) rescue => e log.error "failed to save data for plugin storage to file", path: @path, tmp: tmp_path, error: e From 77d79e91e98945f9c66afca5cccd79b1f48b86d7 Mon Sep 17 00:00:00 2001 From: Hiroshi Hatake Date: Thu, 11 Mar 2021 15:36:12 +0900 Subject: [PATCH 2/2] config: types: Use JSON.parse instead of JSON.load * https://www.rubydoc.info/gems/rubocop/RuboCop/Cop/Security/JSONLoad ``` Autocorrect is disabled by default because it's potentially dangerous. If using a stream, like `JSON.load(open('file'))`, it will need to call `#read` manually, like `JSON.parse(open('file').read)`. If reading single values (rather than proper JSON objects), like `JSON.load('false')`, it will need to pass the `quirks_mode: true` option, like `JSON.parse('false', quirks_mode: true)`. Other similar issues may apply. ``` Signed-off-by: Hiroshi Hatake --- lib/fluent/config/types.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/fluent/config/types.rb b/lib/fluent/config/types.rb index 75dfde385d..66ef37ad39 100644 --- a/lib/fluent/config/types.rb +++ b/lib/fluent/config/types.rb @@ -186,7 +186,7 @@ def self.hash_value(val, opts = {}, name = nil) return nil if val.nil? param = if val.is_a?(String) - val.start_with?('{') ? JSON.load(val) : Hash[val.strip.split(/\s*,\s*/).map{|v| v.split(':', 2)}] + val.start_with?('{') ? JSON.parse(val) : Hash[val.strip.split(/\s*,\s*/).map{|v| v.split(':', 2)}] else val end @@ -213,7 +213,7 @@ def self.array_value(val, opts = {}, name = nil) return nil if val.nil? param = if val.is_a?(String) - val.start_with?('[') ? JSON.load(val) : val.strip.split(/\s*,\s*/) + val.start_with?('[') ? JSON.parse(val) : val.strip.split(/\s*,\s*/) else val end