mirror of
https://github.com/puppetlabs/vmpooler.git
synced 2026-01-26 10:08:40 -05:00
Use URI.parse.open/File.open instead of open
This commit updates the dashboard to use `URI.parse` instead of `Kernel#open` because open can potentially open files on the server and has other possible security issues. Also updated the logger to use `File.open` as it is more explicit and doesn't have the extra potential for abuse like `Kernel#open` https://rubocop.readthedocs.io/en/latest/cops_security/#securityopen
This commit is contained in:
Brandon High
parent
f90ef4839e
commit
a839af2710
2 changed files with 3 additions and 3 deletions
|
|
@ -83,7 +83,7 @@ module Vmpooler
|
||||||
history ||= {}
|
history ||= {}
|
||||||
|
|
||||||
begin
|
begin
|
||||||
buffer = open(graph_link('.ready.*&from=-1hour&format=json')).read
|
buffer = URI.parse(graph_link('.ready.*&from=-1hour&format=json')).read
|
||||||
history = JSON.parse(buffer)
|
history = JSON.parse(buffer)
|
||||||
|
|
||||||
history.each do |pool|
|
history.each do |pool|
|
||||||
|
|
@ -136,7 +136,7 @@ module Vmpooler
|
||||||
if params[:history]
|
if params[:history]
|
||||||
if graph_url
|
if graph_url
|
||||||
begin
|
begin
|
||||||
buffer = open(graph_link('.running.*&from=-1hour&format=json')).read
|
buffer = URI.parse(graph_link('.running.*&from=-1hour&format=json')).read
|
||||||
JSON.parse(buffer).each do |pool|
|
JSON.parse(buffer).each do |pool|
|
||||||
if pool['target'] =~ /.*\.(.*)$/
|
if pool['target'] =~ /.*\.(.*)$/
|
||||||
pool['name'] = Regexp.last_match[1]
|
pool['name'] = Regexp.last_match[1]
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ module Vmpooler
|
||||||
|
|
||||||
puts "[#{stamp}] #{string}" if ENV['VMPOOLER_DEBUG']
|
puts "[#{stamp}] #{string}" if ENV['VMPOOLER_DEBUG']
|
||||||
|
|
||||||
open(@file, 'a') do |f|
|
File.open(@file, 'a') do |f|
|
||||||
f.puts "[#{stamp}] #{string}"
|
f.puts "[#{stamp}] #{string}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue