-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oracle_session and mssql_session improvement #1857
Conversation
no love for postgres_session? :) |
@chris-rock did you cover the case where the SID and SERVICE_NAME change? With one you need the port/host with the other you don't. I don't see a service_name param in the current push.
With a call like:
code:
|
@aaronlippold postgres is another iteration |
@aaronlippold we always use a service name, no sid |
Hi
In the case of Oracle shouldn't we support both side service name?
On May 30, 2017 13:39, "Christoph Hartmann" <notifications@github.com> wrote:
@aaronlippold <https://github.com/aaronlippold> we always use a service
name, no sid
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1857 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABauaPuJopmLMeRNpk7ed4taPIu09_5Qks5r_FQ-gaJpZM4Npn-4>
.
|
6428698
to
ef55e69
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@chris-rock I know this is a WIP, but I have some feedback I'm hoping you'll take into consideration during your next iteration.
Gemfile
Outdated
@@ -8,6 +8,7 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2') | |||
end | |||
|
|||
gem 'ffi', '>= 1.9.14' | |||
gem 'htmlentities' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should go in the gemspec since the InSpec core (and therefore users who install the gem) is relying on it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My bad. Thank you for the reminder!
lib/resources/mssql_session.rb
Outdated
end | ||
cmd | ||
SQLQueryResult.new(cmd, parse_result(cmd)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
parse_result
doesn't exist... did you mean parse_csv_result
which is below in line 68?
lib/resources/oracledb_session.rb
Outdated
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus' | ||
return skip_resource("Can't run Oracle checks without authentication") if @user.nil? or @pass.nil? | ||
|
||
return skip_resource "Can't run Oracle checks without authentication" if @user.nil? or @password.nil? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use ||
instead of or
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
lib/resources/oracledb_session.rb
Outdated
end | ||
|
||
def query(q) | ||
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"') | ||
cmd = inspec.command("echo \"#{escaped_query}\" | #{@sqlplus_bin} -s #{@user}/#{@pass}@#{@host}/#{@sid}") | ||
# escape tables with $ | ||
escaped_query = escaped_query.gsub('$', "\\$") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use Shellwords.shellescape
instead of these gsubs?
lib/resources/oracledb_session.rb
Outdated
if inspec.command(@sqlcl_bin).exist? | ||
bin = @sqlcl_bin | ||
opts = "set sqlformat csv\nSET FEEDBACK OFF" | ||
p = 'parse_csv_result' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use a better variable name here, such as parse_method
, and since we're already going to convert it to a symbols, let's set it as a symbol here and avoid the indirection.
parse_method = :parse_csv_result
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I like that
lib/resources/oracledb_session.rb
Outdated
elsif inspec.command(@sqlplus_bin).exist? | ||
bin = @sqlplus_bin | ||
opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF" | ||
p = 'parse_html_result' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment here as on line 50.
lib/resources/oracledb_session.rb
Outdated
entries = row.elements.to_a('/td') | ||
|
||
headers.each_with_index { |header, index| | ||
# TODO: once nokogiri is back, we can remove html entities |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there plans to bring nokogiri
back in? It has only caused us pain on multiple projects, especially since we support Windows. Can we just remove this TODO and continue to use htmlentities
if we need it?
I don't suppose there's a non-HTML markup we can use with Oracle to avoid this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still try to find a way to circumvent htmlentities
lib/resources/oracledb_session.rb
Outdated
|
||
headers.each_with_index { |header, index| | ||
# TODO: once nokogiri is back, we can remove html entities | ||
require 'htmlentities' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we move this to the top of the file and treat it as first class? I'd rather throw a compile-time error on this when the resource is loaded/eval'd rather than at runtime.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes
lib/utils/database_helpers.rb
Outdated
@results.empty? | ||
end | ||
|
||
def stdout |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm nitpicking, but this and stderr
really bug me because it feels like we're exposing implementation-level details to the user. They shouldn't care that we're making command
calls underneath to get the data.
Can we call these output
and errors
? That way if we ever change the implementation, the method names will still be truthful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I agree on that. I am going to remove that since there is no need to expose this right now
Since all we are doing is shelling out to sqlplus does this resource require that the stand alone sqlplus client be installed, or are we assuming that the user running the scans has all of the environment variables set up that sqlplus requires to run correctly? As a non Oracle DB user I would have to set LD_LIBRARY_PATH, ORACLE_HOME, and a couple of other env variables before the sqlplus client would function correctly. Here's a link to the sqlplus documentation from Oracle http://docs.oracle.com/database/121/SQPUG/ch_two.htm#SQPUG012 In my current use case I have an audit user that checks that seed data was populated correctly after install. This user isn't a DB user and won't have all of the env variables set. |
@YarNhoj Right now, this expects that the sqlplus client is installed and configured. Do you see any way around this? |
76da1b5
to
8e5de65
Compare
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
8e5de65
to
39881f0
Compare
As discussed with @adamleff in #1857 (comment) we are going to remove stdout. Therefore this is a breaking change now. |
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
It doesn't have to be... why don't we deprecate stdout with a warning now, and we can add another item to our 2.0 depredations issue to remove it then. What do you think? |
@adamleff great idea |
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
91dff67
to
4f92019
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few last cleanup things that I'm happy to do myself.
lib/resources/mssql_session.rb
Outdated
module Inspec::Resources | ||
# STABILITY: Experimental | ||
# This resouce needs further testing and refinement |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/resouce/resource
lib/resources/mssql_session.rb
Outdated
if cmd.exit_status != 0 || out =~ /Sqlcmd: Error/ | ||
# TODO: we need to throw an exception here | ||
# change once https://github.com/chef/inspec/issues/1205 is in | ||
# require "pry"; binding.pry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should remove this line.
lib/resources/oracledb_session.rb
Outdated
|
||
module Inspec::Resources | ||
# STABILITY: Experimental | ||
# This resouce needs further testing and refinement |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/resouce/resource
lib/resources/oracledb_session.rb
Outdated
return skip_resource("Can't run Oracle checks without authentication") if @user.nil? or @pass.nil? | ||
|
||
return skip_resource "Can't run Oracle checks without authentication" if @user.nil? || @password.nil? | ||
return skip_resource 'You must provide at least an SID and/or a Service Name for the session' if @service.nil? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should eliminate the reference to "SID" from this skip message since we only support service name.
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
4f92019
to
be42822
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sweet update, @chris-rock!
password
instead ofpass
as argumentTODO: