Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host resource: use bash over netcat in Linux #2607

Merged
merged 4 commits into from
Mar 7, 2018
Merged

Host resource: use bash over netcat in Linux #2607

merged 4 commits into from
Mar 7, 2018

Conversation

jvale
Copy link
Contributor

@jvale jvale commented Feb 11, 2018

Netcat's presence is widely considered a security issue, and thus not always available. This solution only uses timeout (from coreutils) and bash builtins, so less likely to require installing additional packages.

It also adds UDP support for free and moves a bit further in the direction of solving the concerns raised in #1439.

@jvale jvale requested a review from a team as a code owner February 11, 2018 19:16
@jvale jvale force-pushed the host_use_bash_over_netcat branch from ea0ddc5 to c58810d Compare February 11, 2018 19:24
adamleff
adamleff suggested changes Feb 12, 2018
View reviewed changes
Copy link
Contributor

@adamleff adamleff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a great improvement, but I think we need to leave the netcat support in as a fallback. Not all Linux versions have a bash installed that was compiled with the /dev/tcp and /dev/udp support. For example, I believe the default Debian compile instructions for bash still include --disable-net-redirections

@jvale
Copy link
Contributor Author

jvale commented Feb 12, 2018

Fair enough, will work on that.

@jvale jvale force-pushed the host_use_bash_over_netcat branch 2 times, most recently from 517095f to 7835599 Compare February 18, 2018 04:37
jvale added 3 commits February 18, 2018 04:56
@jvale
Add support to use bash in host resource
628f3e0 
Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.

Signed-off-by: João Vale <[email protected]>
@jvale
Darwin UDP support in host resource
fd03915 
Signed-off-by: João Vale <[email protected]>
@jvale
Host: use netcat first if available
5dd2e6f 
Signed-off-by: João Vale <[email protected]>
@jvale jvale force-pushed the host_use_bash_over_netcat branch from 7835599 to 5dd2e6f Compare February 18, 2018 04:56
@jvale
Copy link
Contributor Author

jvale commented Feb 18, 2018

As suggest, brought back netcat. It is the preferred option, if available on the box. Also added support for UDP in Darwin since the code was pretty much already there.

jquick
jquick reviewed Feb 27, 2018
View reviewed changes
Copy link
Contributor

@jquick jquick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jvale ! This is a really nice addition to the host resource. Just some small suggestions.

lib/resources/host.rb Outdated
def missing_requirements(protocol)
missing = []

if %w{tcp udp}.include?(protocol) and !@has_nc and !@has_ncat
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you change the and's to &&? We try to avoid and/or due to the lower precedence.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had no idea about the precedence difference, guess I learned something. :) Done.

lib/resources/host.rb Outdated

def ping(hostname, port, protocol)
if %w{tcp udp}.include?(protocol)
if @has_nc or @has_ncat
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, if you could change to ||

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...and also done.

@jvale
Code review suggestions
da75a99 
Signed-off-by: João Vale <[email protected]>
jquick
jquick approved these changes Mar 1, 2018
View reviewed changes
Copy link
Contributor

@jquick jquick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jvale !

@jquick
Copy link
Contributor

jquick commented Mar 1, 2018

@adamleff - You mind giving another pass on this one?

@jquick jquick added the Type: Enhancement Improves an existing feature label Mar 7, 2018
@jquick jquick merged commit 3e2450e into inspec:master Mar 7, 2018
@jvale jvale deleted the host_use_bash_over_netcat branch March 12, 2018 00:09
@jvale jvale restored the host_use_bash_over_netcat branch March 12, 2018 00:09
@rockandska rockandska mentioned this pull request Apr 3, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamleff adamleff adamleff approved these changes

@jquick jquick jquick approved these changes

Assignees
No one assigned
Labels
Type: Enhancement Improves an existing feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jvale @jquick @adamleff