File v3-1-2-mongodb-sanatiy-check.patch of Package cobbler

Overview Repositories Revisions Requests Users Attributes Meta

File v3-1-2-mongodb-sanatiy-check.patch of Package cobbler

From c2a3be07db6ea81ca26194968484597cfb6f72fb Mon Sep 17 00:00:00 2001
From: Enno Gotthold <egotthold@suse.de>
Date: Tue, 25 Jan 2022 13:31:58 +0100
Subject: [PATCH] Security: Stabalize the MongoDB serializer

This commit applies Black to the mongodb.py file.

This commit also adds error handling in regard to ensuring that the
config file is actually existing, and additionally it catches and
re-raises the error thrown during "cp.read(file)".

(cherry picked from commit d398da8e6e20067de6f0d6a96c6ce0a49e6178bc)
---
 cobbler/modules/serializers/mongodb.py | 43 +++++++++++++++++++-------
 1 file changed, 31 insertions(+), 12 deletions(-)

diff --git a/cobbler/modules/serializers/mongodb.py b/cobbler/modules/serializers/mongodb.py
index c10047e3..ab82876a 100644
--- a/cobbler/modules/serializers/mongodb.py
+++ b/cobbler/modules/serializers/mongodb.py
@@ -25,11 +25,14 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 from past.builtins import cmp
 from future import standard_library
 standard_library.install_aliases()
+import configparser
+import pathlib
 from configparser import ConfigParser
 
 pymongo_loaded = False
 try:
-    from pymongo import Connection
+    from pymongo import MongoClient
+    from pymongo.errors import ConfigurationError, ConnectionFailure
     pymongo_loaded = True
 except:
     # FIXME: log message
@@ -42,22 +45,38 @@ from cobbler.cexceptions import CX
 mongodb = None
 
 
-def __connect():
+def __connect(configfile: str = "/etc/cobbler/mongodb.conf"):
     """
     Reads the config file for mongodb and then connects to the mongodb.
     """
-    cp = ConfigParser()
-    cp.read("/etc/cobbler/mongodb.conf")
+    if not pathlib.Path(configfile).is_file():
+        raise FileNotFoundError(
+            "Specified Cobbler MongoDB config file could not be found!"
+        )
 
-    host = cp.get("connection", "host")
-    port = int(cp.get("connection", "port"))
+    cp = ConfigParser()
+    try:
+        cp.read("/etc/cobbler/mongodb.conf")
+    except configparser.Error as cp_error:
+        raise configparser.Error(
+            "Could not read Cobbler MongoDB config file!"
+        ) from cp_error
+
+    host = cp.get("connection", "host", fallback="localhost")
+    port = cp.getint("connection", "port", fallback=27017)
     # TODO: detect connection error
     global mongodb
+    mongodb = MongoClient(host, port)["cobbler"]
     try:
-        mongodb = Connection(host, port)['cobbler']
-    except:
+        # The ismaster command is cheap and doesn't require auth.
+        mongodb.admin.command("ismaster")
+    except ConnectionFailure as e:
         # FIXME: log error
-        raise CX("Unable to connect to Mongo database")
+        raise CX('Unable to connect to Mongo database or get database "cobbler"') from e
+    except ConfigurationError as e:
+        raise CX(
+            "The configuration of the MongoDB connection isn't correct, please check the Cobbler settings."
+        ) from e
 
 
 def register():
@@ -87,9 +106,9 @@ def serialize_item(collection, item):
 
     __connect()
     collection = mongodb[collection.collection_type()]
-    data = collection.find_one({'name': item.name})
+    data = collection.find_one({"name": item.name})
     if data:
-        collection.update({'name': item.name}, item.to_dict())
+        collection.update({"name": item.name}, item.to_dict())
     else:
         collection.insert(item.to_dict())
 
@@ -104,7 +123,7 @@ def serialize_delete(collection, item):
 
     __connect()
     collection = mongodb[collection.collection_type()]
-    collection.remove({'name': item.name})
+    collection.remove({"name": item.name})
 
 
 def serialize(collection):
-- 
2.35.1

Places

File v3-1-2-mongodb-sanatiy-check.patch of Package cobbler

Places