From da47b542155706887750f8a0338f8cd2ced654a6 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 9 May 2021 11:36:44 +0200 Subject: [PATCH] safcm: strip invalid characters from detected os/arch groups Handle them like any other detected group because the remote can send invalid values. The current code can handle arbitrary group names just fine but it's better to treat all untrusted input the same. --- cmd/safcm/sync_info.go | 15 ++++++++++----- cmd/safcm/sync_info_test.go | 13 +++++++++++++ 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/cmd/safcm/sync_info.go b/cmd/safcm/sync_info.go index 0df33e3..5ba6ac8 100644 --- a/cmd/safcm/sync_info.go +++ b/cmd/safcm/sync_info.go @@ -50,14 +50,19 @@ var infoGroupDetectedRegexp = regexp.MustCompile(`[^a-z0-9_-]+`) func hostInfoRespToGroups(resp safcm.MsgInfoResp) []string { groups := []string{ - config.GroupDetectedPrefix + "_" + resp.Goos, - config.GroupDetectedPrefix + "_" + resp.Goarch, + hostInfoDetectedGroupName(resp.Goos), + hostInfoDetectedGroupName(resp.Goarch), } for _, x := range resp.Output { + groups = append(groups, hostInfoDetectedGroupName(x)) + } + return groups +} + +func hostInfoDetectedGroupName(x string) string { x = strings.TrimSpace(x) x = strings.ToLower(x) x = infoGroupDetectedRegexp.ReplaceAllString(x, "_") - groups = append(groups, config.GroupDetectedPrefix+"_"+x) - } - return groups + x = config.GroupDetectedPrefix + "_" + x + return x } diff --git a/cmd/safcm/sync_info_test.go b/cmd/safcm/sync_info_test.go index 7ad13c9..b1da4c1 100644 --- a/cmd/safcm/sync_info_test.go +++ b/cmd/safcm/sync_info_test.go @@ -63,6 +63,19 @@ func TestHostInfoRespToGroups(t *testing.T) { "detected_with_utf-8_hello_", }, }, + + { + "invalid goos/goarch", + safcm.MsgInfoResp{ + Goos: " INVALID goos! ", + Goarch: "Hello, 世界", + Output: nil, + }, + []string{ + "detected_invalid_goos_", + "detected_hello_", + }, + }, } for _, tc := range tests { -- 2.43.2