Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sos cleaner confuses version with IP address #2962

Closed
vikas-goel opened this issue Jun 24, 2022 · 9 comments · Fixed by #2965
Closed

sos cleaner confuses version with IP address #2962

vikas-goel opened this issue Jun 24, 2022 · 9 comments · Fixed by #2965

Comments

@vikas-goel
Copy link

vikas-goel commented Jun 24, 2022
edited

When a version string is in a.b.c.d format, e.g. 10.2.1.0, the sos cleaner takes it as an IP address and masks the information.
Can the cleaner be made aware to not mask versions stored in files named after "release" and "version"?
@TurboTurtle
Copy link
Member

Can you give some examples of specific files this is happening in? We can set the IP parser to skip select files, but we want to be as exact as we can be here (i.e. we can't blindly just skip all *version* files most likely).

@vikas-goel
Copy link
Author

vikas-goel commented Jun 26, 2022
edited

There are product specific files such as /path/to/product/version and /etc/*-release.

The version and maybe release files could be collected in sosreport custom plugin subdirectory in addition to top level sos path.

The collection in plug-in subdirectory happens usually when application is running in container. There could be multiple container instances of same application. So, the version file is collected in a unique subdirectory for each container instance.

@TurboTurtle
Copy link
Member

There are product specific files such as /path/to/product/version

I understand the premise. However, as I said we can't blindly block any file glob matching *version*, so I am asking for specific file paths you are actively seeing this happen with.

and /etc/*-release.

I am not aware of any currently supported distro where these files would have a quad-notated version field. If there is one, please detail which distro that is.

@vikas-goel
Copy link
Author

vikas-goel commented Jun 27, 2022
edited

Veritas NetBackup has /usr/openv/netbackup/version file. It can be installed on the host or as a container. There are other similar other Veritas products that have their own different version path.

Veritas has multiple purpose built appliances that are RHEL based. These appliances have their own versioning stored in /etc/appliance-version file.

@TurboTurtle
Copy link
Member

Hmm. After a bit of digging, we may be able to do this reasonably safely for files that end with version, without explicitly matching on *version*. I'll play around with this a bit and post something if it looks decent.

TurboTurtle added a commit to TurboTurtle/sos that referenced this issue Jun 28, 2022
@TurboTurtle
[clean,IP Parser] Skip obvious version files for the IP parser
e2175cf 
For files that can be considered obvious version files - those that end
specifically with either `version` or `version.txt` - skip processing
via the IP parser, as this may lead to improper obfuscation of certain
version strings.

Closes: sosreport#2962

Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
@TurboTurtle TurboTurtle mentioned this issue Jun 28, 2022
Merged
5 tasks
@vikas-goel
Copy link
Author

Hmm. After a bit of digging, we may be able to do this reasonably safely for files that end with version, without explicitly matching on *version*. I'll play around with this a bit and post something if it looks decent.

That will work. Thank you. Can something be done for /etc/*-release file too?

@TurboTurtle
Copy link
Member

Can something be done for /etc/*-release file too?

Earlier you mentioned these products used /etc/*-version files. Are they actually instead using -release files? I don't think there's much of an issue if we expand the skip regex to include -release, but want to verify this before I make further changes.

@vikas-goel
Copy link
Author

There are two things.

  1. Veritas NetBackup that stores version in the "/usr/openv/netbackup/version" file.
  2. Veritas Appliance Optimized Operating Systems, that is based off of RHEL OS, that store versions in /etc/*-release files.

TurboTurtle added a commit to TurboTurtle/sos that referenced this issue Jul 7, 2022
@TurboTurtle
[clean,IP Parser] Skip obvious version files for the IP parser
5374649 
For files that can be considered obvious version files - those that end
specifically with either `version` or `version.txt` - skip processing
via the IP parser, as this may lead to improper obfuscation of certain
version strings. This is also applied to files ending in `release`.

Closes: sosreport#2962

Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
TurboTurtle added a commit that referenced this issue Jul 19, 2022
@TurboTurtle
[clean,IP Parser] Skip obvious version files for the IP parser
7240a8f 
For files that can be considered obvious version files - those that end
specifically with either `version` or `version.txt` - skip processing
via the IP parser, as this may lead to improper obfuscation of certain
version strings. This is also applied to files ending in `release`.

Closes: #2962

Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
@vikas-goel
Copy link
Author

vikas-goel commented Jul 19, 2022
edited

Thanks @TurboTurtle. Any idea which RHEL release will this be part of?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[clean,IP Parser] Skip obvious version files for the IP parser TurboTurtle/sos
2 participants
@TurboTurtle @vikas-goel