From d7f53f6828127791ae2e215a1f316f1bd66766c0 Mon Sep 17 00:00:00 2001 From: Ben Abrams Date: Thu, 28 Dec 2017 13:16:37 -0800 Subject: [PATCH] [CVE-2017-8418] - updating rubocop dependency. Misc: - appeasing the cops Signed-off-by: Ben Abrams --- CHANGELOG.md | 6 ++ Gemfile | 2 + Rakefile | 8 +- bin/check-3ware-status.rb | 6 +- bin/check-megaraid-sas-status.rb | 4 +- bin/check-mpt2sas-status.rb | 2 + bin/check-raid.rb | 125 +++++++++++------------ bin/check-smart-array-status.rb | 4 +- lib/sensu-plugins-raid-checks.rb | 2 + lib/sensu-plugins-raid-checks/version.rb | 2 + sensu-plugins-raid-checks.gemspec | 8 +- test/spec_helper.rb | 2 + 12 files changed, 97 insertions(+), 74 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab670b9..1910c25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/) ## [Unreleased] +### Security +- updated rubocop dependency to `~> 0.51.0` per: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418. (@majormoses) + +### Changed +- appeased the cops (@majormoses) + ## [2.0.0] - 2017-12-28 ### Breaking Change - `check-raid.rb`: added option `--log` with a default of `false` to prevent it default creating a log which is frequently being written to and filling up the disk. This does the *opposite* of what the vendor defaults are but due to the nature of those running it through a monitoring solution like sensu the defaults do not make sense in this use case. If you are wanting those logs you can change this to `true` to keep existing behavior. (@dhpowrhost) (@smbambling) diff --git a/Gemfile b/Gemfile index 3e96e9a..a49c133 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org' # Specify your gem's dependencies in sensu-plugins-raid-checks.gemspec diff --git a/Rakefile b/Rakefile index d504500..d457ce4 100644 --- a/Rakefile +++ b/Rakefile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'bundler/gem_tasks' require 'github/markup' require 'redcarpet' @@ -7,9 +9,9 @@ require 'yard' require 'yard/rake/yardoc_task' YARD::Rake::YardocTask.new do |t| - OTHER_PATHS = %w().freeze + OTHER_PATHS = %w[].freeze t.files = ['lib/**/*.rb', 'bin/**/*.rb', OTHER_PATHS] - t.options = %w(--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md) + t.options = %w[--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md] end RuboCop::RakeTask.new @@ -35,4 +37,4 @@ task :check_binstubs do end end -task default: [:spec, :make_bin_executable, :yard, :rubocop, :check_binstubs] +task default: %i[spec make_bin_executable yard rubocop check_binstubs] diff --git a/bin/check-3ware-status.rb b/bin/check-3ware-status.rb index 88f93e6..ad1cf6d 100755 --- a/bin/check-3ware-status.rb +++ b/bin/check-3ware-status.rb @@ -1,4 +1,6 @@ #! /usr/bin/env ruby +# frozen_string_literal: true + # # check-raid # @@ -82,7 +84,7 @@ def parse_controllers!(data) data.lines.each do |line| unless line.empty? controller = line.split[0] - @controllers << controller if /^c[0-9]+$/ =~ controller + @controllers << controller if controller.match?(/^c[0-9]+$/) end end end @@ -97,7 +99,7 @@ def parse_disks!(data, controller) data.lines.each do |line| unless line.empty? splitted = line.split - if /^[p][0-9]+$/ =~ splitted[0] + if splitted.first.match?(/^[p][0-9]+$/) # '-' means the drive doesn't belong to any array # If is NOT PRESENT too, it just means this is an empty port status = splitted[1] diff --git a/bin/check-megaraid-sas-status.rb b/bin/check-megaraid-sas-status.rb index 210ffff..3ab76fe 100755 --- a/bin/check-megaraid-sas-status.rb +++ b/bin/check-megaraid-sas-status.rb @@ -1,4 +1,6 @@ #! /usr/bin/env ruby +# frozen_string_literal: true + # # check-raid # @@ -56,7 +58,7 @@ def run (0..$CHILD_STATUS.exitstatus - 1).each do |i| # and check them in turn stdout = `#{config[:megaraidcmd]} -LDInfo -L#{i} -a#{config[:controller]} ` - unless Regexp.new('State\s*:\s*Optimal').match(stdout) + unless Regexp.new('State\s*:\s*Optimal').match?(stdout) error = sprintf '%svirtual drive %d: %s ', error, i, stdout[/State\s*:\s*.*/].split(':')[1] # rubocop:disable Style/FormatString have_error = true end diff --git a/bin/check-mpt2sas-status.rb b/bin/check-mpt2sas-status.rb index 4b48e79..32073da 100755 --- a/bin/check-mpt2sas-status.rb +++ b/bin/check-mpt2sas-status.rb @@ -1,4 +1,6 @@ #! /usr/bin/env ruby +# frozen_string_literal: true + # # check-raid # diff --git a/bin/check-raid.rb b/bin/check-raid.rb index d4d315f..6707151 100755 --- a/bin/check-raid.rb +++ b/bin/check-raid.rb @@ -1,4 +1,6 @@ #! /usr/bin/env ruby +# frozen_string_literal: true + # # check-raid # @@ -38,97 +40,92 @@ class CheckRaid < Sensu::Plugin::Check::CLI default: false # Check software raid # - def check_software - if File.exist?('/proc/mdstat') - contents = File.read('/proc/mdstat') - mg = contents.lines.grep(/active|blocks/) - unless mg.empty? - sg = mg.to_s.lines.grep(/\]\(F\)|[\[U]_/) - unless sg.empty? # rubocop:disable UnlessElse - warning 'Software RAID warning' - else - ok 'Software RAID OK' - end - end + def check_software_raid + return unless File.exist?('/proc/mdstat') + contents = File.read('/proc/mdstat') + mg = contents.lines.grep(/active|blocks/) + return unless mg.empty? + sg = mg.to_s.lines.grep(/\]\(F\)|[\[U]_/) + if sg.empty? + ok 'Software RAID OK' + else + warning 'Software RAID warning' end end # Check HP raid # def check_hp - if File.exist?('/usr/bin/cciss_vol_status') - contents = `/usr/bin/cciss_vol_status /dev/sg0` - c = contents.lines.grep(/status\: OK\./) - # #YELLOW - unless c.empty? # rubocop:disable UnlessElse - ok 'HP RAID OK' - else - warning 'HP RAID warning' - end + return unless File.exist?('/usr/bin/cciss_vol_status') + contents = `/usr/bin/cciss_vol_status /dev/sg0` + c = contents.lines.grep(/status\: OK\./) + # #YELLOW + if c.empty? + warning 'HP RAID warning' + else + ok 'HP RAID OK' end end # Check Adaptec raid controllers # def check_adaptec - if File.exist?('/usr/StorMan/arcconf') - contents = `/usr/StorMan/arcconf GETCONFIG 1 AL` - - mg = contents.lines.grep(/Controller Status/) - # #YELLOW - unless mg.empty? # rubocop:disable UnlessElse - sg = mg.to_s.lines.grep(/Optimal/) - warning 'Adaptec Physical RAID Controller Failure' if sg.empty? - else - warning 'Adaptec Physical RAID Controller Status Read Failure' - end + return unless File.exist?('/usr/StorMan/arcconf') + contents = `/usr/StorMan/arcconf GETCONFIG 1 AL` - mg = contents.lines.grep(/Status of logical device/) - # #YELLOW - unless mg.empty? # rubocop:disable UnlessElse - sg = mg.to_s.lines.grep(/Optimal/) - warning 'Adaptec Logical RAID Controller Failure' if sg.empty? - else - warning 'Adaptec Logical RAID Controller Status Read Failure' - end + mg = contents.lines.grep(/Controller Status/) + # #YELLOW + if mg.empty? + warning 'Adaptec Physical RAID Controller Status Read Failure' + else + sg = mg.to_s.lines.grep(/Optimal/) + warning 'Adaptec Physical RAID Controller Failure' if sg.empty? + end - mg = contents.lines.grep(/S\.M\.A\.R\.T\. /) - # #YELLOW - unless mg.empty? # rubocop:disable UnlessElse - sg = mg.to_s.lines.grep(/No/) - warning 'Adaptec S.M.A.R.T. Disk Failed' if sg.empty? - else - warning 'Adaptec S.M.A.R.T. Status Read Failure' - end + mg = contents.lines.grep(/Status of logical device/) + # #YELLOW + if mg.empty? + warning 'Adaptec Logical RAID Controller Status Read Failure' + else + sg = mg.to_s.lines.grep(/Optimal/) + warning 'Adaptec Logical RAID Controller Failure' if sg.empty? + end - ok 'Adaptec RAID OK' + mg = contents.lines.grep(/S\.M\.A\.R\.T\. /) + # #YELLOW + if mg.empty? + warning 'Adaptec S.M.A.R.T. Status Read Failure' + else + sg = mg.to_s.lines.grep(/No/) + warning 'Adaptec S.M.A.R.T. Disk Failed' if sg.empty? end + + ok 'Adaptec RAID OK' end # Check Megaraid # def check_mega_raid - if File.exist?('/usr/sbin/megacli') - contents = if config[:log] - `/usr/sbin/megacli -AdpAllInfo -aALL` - else - `/usr/sbin/megacli -AdpAllInfo -aALL -NoLog` - end - failed = contents.lines.grep(/(Critical|Failed) Disks\s+\: 0/) - degraded = contents.lines.grep(/Degraded\s+\: 0/) - # #YELLOW - unless failed.empty? || degraded.empty? # rubocop:disable UnlessElse - ok 'MegaRaid RAID OK' - else - warning 'MegaRaid RAID warning' - end + return unless File.exist?('/usr/sbin/megacli') + contents = if config[:log] + `/usr/sbin/megacli -AdpAllInfo -aALL` + else + `/usr/sbin/megacli -AdpAllInfo -aALL -NoLog` + end + failed = contents.lines.grep(/(Critical|Failed) Disks\s+\: 0/) + degraded = contents.lines.grep(/Degraded\s+\: 0/) + # #YELLOW + if failed.empty? || degraded.empty? + warning 'MegaRaid RAID warning' + else + ok 'MegaRaid RAID OK' end end # Main function # def run - check_software + check_software_raid unless `lspci`.lines.grep(/RAID/).empty? check_hp check_adaptec diff --git a/bin/check-smart-array-status.rb b/bin/check-smart-array-status.rb index a4fc864..6e88230 100755 --- a/bin/check-smart-array-status.rb +++ b/bin/check-smart-array-status.rb @@ -1,4 +1,6 @@ #! /usr/bin/env ruby +# frozen_string_literal: true + # # check-smart-array-status # @@ -85,7 +87,7 @@ def parse_disks!(data, controller) data.lines.each do |line| unless line.empty? splitted = line.split - if /^physicaldrive$/ =~ splitted[0] + if splitted.first.match?(/^physicaldrive$/) status = splitted[-1] disk = 'ctrl ' + controller + ' ' + line.strip if status == 'OK' diff --git a/lib/sensu-plugins-raid-checks.rb b/lib/sensu-plugins-raid-checks.rb index ab6a272..4768ec2 100644 --- a/lib/sensu-plugins-raid-checks.rb +++ b/lib/sensu-plugins-raid-checks.rb @@ -1 +1,3 @@ +# frozen_string_literal: true + require 'sensu-plugins-raid-checks/version' diff --git a/lib/sensu-plugins-raid-checks/version.rb b/lib/sensu-plugins-raid-checks/version.rb index 2ce5f30..12169bf 100644 --- a/lib/sensu-plugins-raid-checks/version.rb +++ b/lib/sensu-plugins-raid-checks/version.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module SensuPluginsRaidChecks module Version MAJOR = 2 diff --git a/sensu-plugins-raid-checks.gemspec b/sensu-plugins-raid-checks.gemspec index bffaf3d..6208a6c 100644 --- a/sensu-plugins-raid-checks.gemspec +++ b/sensu-plugins-raid-checks.gemspec @@ -1,10 +1,12 @@ +# frozen_string_literal: true + lib = File.expand_path('../lib', __FILE__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'date' require_relative 'lib/sensu-plugins-raid-checks' -Gem::Specification.new do |s| +Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength s.authors = ['Sensu-Plugins and contributors'] s.date = Date.today.to_s @@ -13,7 +15,7 @@ Gem::Specification.new do |s| controller/array health' s.email = '' s.executables = Dir.glob('bin/**/*.rb').map { |file| File.basename(file) } - s.files = Dir.glob('{bin,lib}/**/*') + %w(LICENSE README.md CHANGELOG.md) + s.files = Dir.glob('{bin,lib}/**/*') + %w[LICENSE README.md CHANGELOG.md] s.homepage = 'https://github.com/sensu-plugins/sensu-plugins-raid-checks' s.license = 'MIT' s.metadata = { 'maintainer' => 'sensu-plugin', @@ -41,6 +43,6 @@ Gem::Specification.new do |s| s.add_development_dependency 'rake', '~> 10.0' s.add_development_dependency 'redcarpet', '~> 3.2' s.add_development_dependency 'rspec', '~> 3.1' - s.add_development_dependency 'rubocop', '~> 0.40.0' + s.add_development_dependency 'rubocop', '~> 0.51.0' s.add_development_dependency 'yard', '~> 0.8' end diff --git a/test/spec_helper.rb b/test/spec_helper.rb index 9797982..3bb6bfe 100644 --- a/test/spec_helper.rb +++ b/test/spec_helper.rb @@ -1,2 +1,4 @@ +# frozen_string_literal: true + require 'codeclimate-test-reporter' CodeClimate::TestReporter.start