mirror of
https://github.com/asterisk/asterisk.git
synced 2026-07-04 13:57:31 -07:00
ast_loggrabber: Install the ast_tsconvert.py script to a secure temp directory.
The ast_tsconvert.py script called by ast_loggrabber is now installed in a temporary directory that isn't world readable or writable. Resolves: #GHSA-xgj6-2gc5-5x9c
This commit is contained in:
committed by
George Joseph
parent
8b71fe8b16
commit
b02369135e
@@ -216,17 +216,18 @@ fi
|
||||
# Timestamp to use for output files
|
||||
df=${tarball_uniqueid:-$(${DATEFORMAT})}
|
||||
|
||||
# Extract the Python timestamp conver script from the end of this
|
||||
# script and save it to /tmp/.ast_tsconvert.py
|
||||
|
||||
install -m 0600 /dev/stdin /tmp/.ast_tsconvert.py < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
if [ -z "$tmpdir" ] ; then
|
||||
echo "${prog}: Unable to create temporary directory."
|
||||
exit 1
|
||||
fi
|
||||
trap "rm -rf $tmpdir /tmp/.ast_tsconvert.py" EXIT
|
||||
|
||||
# Extract the Python timestamp conver script from the end of this
|
||||
# script and save it to the temporary directory
|
||||
|
||||
install -m 0600 /dev/stdin "$tmpdir/.ast_tsconvert.py" < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
|
||||
|
||||
trap "rm -rf $tmpdir" EXIT
|
||||
tardir=asterisk-${df}.logfiles
|
||||
|
||||
# Now iterate over the logfiles
|
||||
@@ -237,7 +238,7 @@ for i in ${!LOGFILES[@]} ; do
|
||||
mkdir -p "$destdir" 2>/dev/null || :
|
||||
if [ -n "$LOG_DATEFORMAT" ] ; then
|
||||
echo "Converting $lf"
|
||||
cat "$lf" | python /tmp/.ast_tsconvert.py --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}"
|
||||
cat "$lf" | python "$tmpdir/.ast_tsconvert.py" --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}"
|
||||
else
|
||||
echo "Copying $lf"
|
||||
cp "$lf" "${destfile}"
|
||||
|
||||
Reference in New Issue
Block a user