File v3-1-2-mongodb-sanatiy-check.patch of Package cobbler
From c2a3be07db6ea81ca26194968484597cfb6f72fb Mon Sep 17 00:00:00 2001
From: Enno Gotthold <egotthold@suse.de>
Date: Tue, 25 Jan 2022 13:31:58 +0100
Subject: [PATCH] Security: Stabalize the MongoDB serializer
This commit applies Black to the mongodb.py file.
This commit also adds error handling in regard to ensuring that the
config file is actually existing, and additionally it catches and
re-raises the error thrown during "cp.read(file)".
(cherry picked from commit d398da8e6e20067de6f0d6a96c6ce0a49e6178bc)
---
cobbler/modules/serializers/mongodb.py | 43 +++++++++++++++++++-------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/cobbler/modules/serializers/mongodb.py b/cobbler/modules/serializers/mongodb.py
index c10047e3..ab82876a 100644
--- a/cobbler/modules/serializers/mongodb.py
+++ b/cobbler/modules/serializers/mongodb.py
@@ -25,11 +25,14 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
from past.builtins import cmp
from future import standard_library
standard_library.install_aliases()
+import configparser
+import pathlib
from configparser import ConfigParser
pymongo_loaded = False
try:
- from pymongo import Connection
+ from pymongo import MongoClient
+ from pymongo.errors import ConfigurationError, ConnectionFailure
pymongo_loaded = True
except:
# FIXME: log message
@@ -42,22 +45,38 @@ from cobbler.cexceptions import CX
mongodb = None
-def __connect():
+def __connect(configfile: str = "/etc/cobbler/mongodb.conf"):
"""
Reads the config file for mongodb and then connects to the mongodb.
"""
- cp = ConfigParser()
- cp.read("/etc/cobbler/mongodb.conf")
+ if not pathlib.Path(configfile).is_file():
+ raise FileNotFoundError(
+ "Specified Cobbler MongoDB config file could not be found!"
+ )
- host = cp.get("connection", "host")
- port = int(cp.get("connection", "port"))
+ cp = ConfigParser()
+ try:
+ cp.read("/etc/cobbler/mongodb.conf")
+ except configparser.Error as cp_error:
+ raise configparser.Error(
+ "Could not read Cobbler MongoDB config file!"
+ ) from cp_error
+
+ host = cp.get("connection", "host", fallback="localhost")
+ port = cp.getint("connection", "port", fallback=27017)
# TODO: detect connection error
global mongodb
+ mongodb = MongoClient(host, port)["cobbler"]
try:
- mongodb = Connection(host, port)['cobbler']
- except:
+ # The ismaster command is cheap and doesn't require auth.
+ mongodb.admin.command("ismaster")
+ except ConnectionFailure as e:
# FIXME: log error
- raise CX("Unable to connect to Mongo database")
+ raise CX('Unable to connect to Mongo database or get database "cobbler"') from e
+ except ConfigurationError as e:
+ raise CX(
+ "The configuration of the MongoDB connection isn't correct, please check the Cobbler settings."
+ ) from e
def register():
@@ -87,9 +106,9 @@ def serialize_item(collection, item):
__connect()
collection = mongodb[collection.collection_type()]
- data = collection.find_one({'name': item.name})
+ data = collection.find_one({"name": item.name})
if data:
- collection.update({'name': item.name}, item.to_dict())
+ collection.update({"name": item.name}, item.to_dict())
else:
collection.insert(item.to_dict())
@@ -104,7 +123,7 @@ def serialize_delete(collection, item):
__connect()
collection = mongodb[collection.collection_type()]
- collection.remove({'name': item.name})
+ collection.remove({"name": item.name})
def serialize(collection):
--
2.35.1
