From b14467358acacb5ff492f2df29c2c76abb9df180 Mon Sep 17 00:00:00 2001

From: Tomas Jelinek <tojeline@redhat.com>

Date: Tue, 20 Mar 2018 15:39:40 +0100

Subject: [PATCH 1/3] get rid of --debug when calling local pcsd

---

 pcsd/pcsd.rb | 15 ++++++++++-----

 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb

index 8f5ad819..b6a7435c 100644

--- a/pcsd/pcsd.rb

+++ b/pcsd/pcsd.rb

@@ -239,8 +239,13 @@ post '/run_pcs' do

     }

     return JSON.pretty_generate(result)

   end

-  # do not reveal potentialy sensitive information

-  command_decoded.delete('--debug')

+  # Do not reveal potentially sensitive information: remove --debug and all its

+  # prefixes since getopt parser in pcs considers them equal to --debug.

+  debug_items = ["--de", "--deb", "--debu", "--debug"]

+  command_sanitized = []

+  command_decoded.each { |item|

+    command_sanitized << item unless debug_items.include?(item)

+  }

   allowed_commands = {

     ['cluster', 'auth', '...'] => {

@@ -341,9 +346,9 @@ post '/run_pcs' do

   allowed = false

   command_settings = {}

   allowed_commands.each { |cmd, cmd_settings|

-    if command_decoded == cmd \

+    if command_sanitized == cmd \

       or \

-      (cmd[-1] == '...' and cmd[0..-2] == command_decoded[0..(cmd.length - 2)])

+      (cmd[-1] == '...' and cmd[0..-2] == command_sanitized[0..(cmd.length - 2)])

       then

         allowed = true

         command_settings = cmd_settings

@@ -372,7 +377,7 @@ post '/run_pcs' do

   options = {}

   options['stdin'] = std_in if std_in

   std_out, std_err, retval = run_cmd_options(

-    @auth_user, options, PCS, *command_decoded

+    @auth_user, options, PCS, *command_sanitized

   )

   result = {

     'status' => 'ok',

-- 

2.13.6