Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Removed configurable system commands from generic agents (CVE-2021-36100
- Loading branch information
Showing
12 changed files
with
226 additions
and
230 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# -- | ||
# Copyright (C) 2021-2022 Znuny GmbH, https://znuny.org/ | ||
# -- | ||
# This software comes with ABSOLUTELY NO WARRANTY. For details, see | ||
# the enclosed file COPYING for license information (AGPL). If you | ||
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt. | ||
# -- | ||
|
||
package Kernel::System::GenericAgent::SystemCommandExecution; | ||
|
||
use strict; | ||
use warnings; | ||
|
||
our @ObjectDependencies; | ||
|
||
# | ||
# Example module to show the execution of system commands in generic agent context. | ||
# | ||
|
||
sub new { | ||
my ( $Type, %Param ) = @_; | ||
|
||
my $Self = {}; | ||
bless( $Self, $Type ); | ||
|
||
# 0=off; 1=on; | ||
$Self->{Debug} = $Param{Debug} || 0; | ||
|
||
return $Self; | ||
} | ||
|
||
sub Run { | ||
my ( $Self, %Param ) = @_; | ||
|
||
# Execute system command | ||
my $Output = `/path/to/some/script.sh`; | ||
|
||
# Parameters given in generic agent config can be used, e.g.: | ||
$Output = `/path/to/some/script.sh $Param{TicketID}`; | ||
|
||
return 1; | ||
} | ||
|
||
1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
107 changes: 107 additions & 0 deletions
107
scripts/DBUpdateTo6/RemoveGenericAgentSystemCommandCalls.pm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
# -- | ||
# Copyright (C) 2021-2022 Znuny GmbH, https://znuny.org/ | ||
# -- | ||
# This software comes with ABSOLUTELY NO WARRANTY. For details, see | ||
# the enclosed file COPYING for license information (AGPL). If you | ||
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt. | ||
# -- | ||
|
||
package scripts::DBUpdateTo6::RemoveGenericAgentSystemCommandCalls; ## no critic | ||
|
||
use strict; | ||
use warnings; | ||
|
||
use IO::Interactive qw(is_interactive); | ||
|
||
use parent qw(scripts::DBUpdateTo6::Base); | ||
|
||
use version; | ||
|
||
use Kernel::System::VariableCheck qw(:all); | ||
|
||
our @ObjectDependencies = ( | ||
'Kernel::System::GenericAgent', | ||
); | ||
|
||
sub Run { | ||
my ( $Self, %Param ) = @_; | ||
|
||
my $GenericAgentObject = $Kernel::OM->Get('Kernel::System::GenericAgent'); | ||
|
||
my $UserID = 1; | ||
|
||
my $JobsToMigrate = $Self->_GetJobsToMigrate(); | ||
return 1 if !IsHashRefWithData($JobsToMigrate); | ||
|
||
# Remove system commands from generic agents and mark them via job name as '[NEEDS ATTENTION]' | ||
for my $OldJobName ( sort keys %{$JobsToMigrate} ) { | ||
my $NewJobName = "[NEEDS ATTENTION] $OldJobName"; | ||
|
||
my $Job = $JobsToMigrate->{$OldJobName}; | ||
delete $Job->{NewCMD}; | ||
|
||
$Job->{Valid} = 0; | ||
|
||
$GenericAgentObject->JobDelete( | ||
Name => $OldJobName, | ||
UserID => $UserID, | ||
); | ||
|
||
$GenericAgentObject->JobAdd( | ||
Name => $NewJobName, | ||
Data => $Job, | ||
UserID => $UserID, | ||
); | ||
} | ||
|
||
return 1; | ||
} | ||
|
||
sub CheckPreviousRequirement { | ||
my ( $Self, %Param ) = @_; | ||
|
||
my $JobsToMigrate = $Self->_GetJobsToMigrate(); | ||
return 1 if !IsHashRefWithData($JobsToMigrate); | ||
|
||
print "\n The following generic agent jobs have configured system command calls.\n"; | ||
" System command calls are not allowed anymore and will be removed. The job will also be renamed and set invalid.\n"; | ||
|
||
for my $JobName ( sort keys %{$JobsToMigrate} ) { | ||
print " $JobName: $JobsToMigrate->{$JobName}->{NewCMD}\n"; | ||
} | ||
|
||
if ( is_interactive() ) { | ||
print ' Do you want to continue? [Y]es/[N]o: '; | ||
|
||
my $Answer = <>; | ||
$Answer =~ s{\s}{}g; | ||
|
||
return if $Answer !~ m{\Ay(es)?\z}i; | ||
} | ||
|
||
return 1; | ||
} | ||
|
||
sub _GetJobsToMigrate { | ||
my ( $Self, %Param ) = @_; | ||
|
||
my $GenericAgentObject = $Kernel::OM->Get('Kernel::System::GenericAgent'); | ||
|
||
my %Jobs = $GenericAgentObject->JobList(); | ||
|
||
my %JobsToMigrate; | ||
|
||
JOBNAME: | ||
for my $JobName ( sort keys %Jobs ) { | ||
my %Job = $GenericAgentObject->JobGet( Name => $JobName ); | ||
next JOBNAME if !%Job; | ||
next JOBNAME if !IsStringWithData( $Job{'NewCMD'} ); | ||
|
||
$JobsToMigrate{$JobName} = {%Job}; | ||
} | ||
|
||
return \%JobsToMigrate; | ||
} | ||
|
||
1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.