Update readiness_check.sh #51
Conversation
![gitstream-cm[bot]](https://avatars.githubusercontent.com/in/230441?s=60&v=4){kind=small}
There was a problem hiding this comment.
✨ PR Review
The PR adds DMR cluster status and sync checks with version-based conditional logic. The implementation introduces potential security and reliability concerns that should be addressed.
3 issues detected:
🔒 Security - Unescaped variable expansion in shell commands creates security vulnerabilities.
Details: The password variable is directly interpolated into shell commands without proper escaping or quoting. If the password contains special shell characters (backticks, dollar signs, semicolons), it could lead to command injection vulnerabilities.
File:controllers/brokerscripts/readiness_check.sh (179-179)🐞 Bug - Version parsing assumes fixed format and lacks error handling for unexpected version strings.
Details: The version parsing logic assumes a specific format (X.Y.Z) and uses
cut -d'.' -f2to extract the major version. This approach is brittle and could fail if the version format changes or contains unexpected characters.
File:controllers/brokerscripts/readiness_check.sh🐞 Bug - No validation of query results before processing could lead to incorrect readiness status determination.
Details: The SEMP queries lack proper error handling. If the queries fail or return unexpected responses, the xmllint parsing could fail silently or produce unexpected results, potentially causing false positives or negatives in the readiness check.
File:controllers/brokerscripts/readiness_check.sh
Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using. We'd love your feedback! 🚀
| broker_version=$(/mnt/disks/solace/semp_query.sh -n admin -p ${password} -u http://localhost:8080 \ | ||
| -q "<rpc><show><version/></show></rpc>" \ | ||
| -v "/rpc-reply/rpc/show/version/current-load[text()]") | ||
| broker_version=`echo ${broker_version} | xmllint -xpath "string(returnInfo/valueSearchResult)" - | cut -d'.' -f2` |
There was a problem hiding this comment.
🔒 Security - Command Injection Risk: Properly quote the password variable or use a more secure method to pass credentials, such as reading from a secure file or using environment variables with proper escaping.
| broker_version=`echo ${broker_version} | xmllint -xpath "string(returnInfo/valueSearchResult)" - | cut -d'.' -f2` | |
| broker_version=`echo ${broker_version} | xmllint -xpath "string(returnInfo/valueSearchResult)" -` | |
| # Extract major version with robust parsing and validation | |
| if [[ "$broker_version" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then | |
| broker_version=$(echo "$broker_version" | cut -d'.' -f1) | |
| else | |
| echo "$(date) WARNING: Unable to parse broker version format: $broker_version" | |
| broker_version=0 | |
| fi |
|
Please mark whether you used Copilot to assist coding in this PR
|
2 participants
✨ PR Description
Purpose: Add DMR cluster status and synchronization verification to message broker readiness check script for improved reliability monitoring.
Main changes:
Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using. We'd love your feedback! 🚀