icinga2/lib/base/scriptframe.cpp

/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */

#include "base/scriptframe.hpp"
#include "base/scriptglobal.hpp"
#include "base/namespace.hpp"
#include "base/exception.hpp"
#include "base/configuration.hpp"

using namespace icinga;

boost::thread_specific_ptr<std::stack<ScriptFrame *> > ScriptFrame::m_ScriptFrames;

static auto l_InternalNSBehavior = new ConstNamespaceBehavior();

/* Ensure that this gets called with highest priority
 * and wins against other static initializers in lib/icinga, etc.
 * LTO-enabled builds will cause trouble otherwise, see GH #6575.
 */
INITIALIZE_ONCE_WITH_PRIORITY([]() {
	Namespace::Ptr globalNS = ScriptGlobal::GetGlobals();

	auto systemNSBehavior = new ConstNamespaceBehavior();
	systemNSBehavior->Freeze();
	Namespace::Ptr systemNS = new Namespace(systemNSBehavior);
	globalNS->SetAttribute("System", new ConstEmbeddedNamespaceValue(systemNS));

	systemNS->SetAttribute("Configuration", new EmbeddedNamespaceValue(new Configuration()));

	auto typesNSBehavior = new ConstNamespaceBehavior();
	typesNSBehavior->Freeze();
	Namespace::Ptr typesNS = new Namespace(typesNSBehavior);
	globalNS->SetAttribute("Types", new ConstEmbeddedNamespaceValue(typesNS));

	auto statsNSBehavior = new ConstNamespaceBehavior();
	statsNSBehavior->Freeze();
	Namespace::Ptr statsNS = new Namespace(statsNSBehavior);
	globalNS->SetAttribute("StatsFunctions", new ConstEmbeddedNamespaceValue(statsNS));

	Namespace::Ptr internalNS = new Namespace(l_InternalNSBehavior);
	globalNS->SetAttribute("Internal", new ConstEmbeddedNamespaceValue(internalNS));
}, 1000);

INITIALIZE_ONCE_WITH_PRIORITY([]() {
	l_InternalNSBehavior->Freeze();
}, 0);

/**
 * Construct a @c ScriptFrame that has `Self` assigned to the global namespace.
 *
 * Prefer the other constructor if possible since if misused this may leak global variables
 * without permissions or senstive variables like TicketSalt in a sandboxed context.
 *
 * @todo Remove this constructor and call the other with the global namespace in places where it's actually necessary.
 */
ScriptFrame::ScriptFrame(bool allocLocals)
	: Locals(allocLocals ? new Dictionary() : nullptr), PermChecker(new ScriptPermissionChecker),
	  Self(ScriptGlobal::GetGlobals()), Sandboxed(false), Depth(0), Globals(nullptr)
{
	InitializeFrame();
}

ScriptFrame::ScriptFrame(bool allocLocals, Value self)
	: Locals(allocLocals ? new Dictionary() : nullptr), PermChecker(new ScriptPermissionChecker), Self(std::move(self)),
	  Sandboxed(false), Depth(0), Globals(nullptr)
{
	InitializeFrame();
}

void ScriptFrame::InitializeFrame()
{
	std::stack<ScriptFrame *> *frames = m_ScriptFrames.get();

	if (frames && !frames->empty()) {
		ScriptFrame *frame = frames->top();

		// See the documentation of `ScriptFrame::Globals` for why these two are inherited and Globals isn't.
		PermChecker = frame->PermChecker;
		Sandboxed = frame->Sandboxed;
	}

	PushFrame(this);
}

ScriptFrame::~ScriptFrame()
{
	ScriptFrame *frame = PopFrame();
	ASSERT(frame == this);

#ifndef I2_DEBUG
	(void)frame;
#endif /* I2_DEBUG */
}

/**
 * Returns a sanitized copy of the global variables namespace when sandboxed.
 *
 * This filters out the TicketSalt variable specifically and any variable for which the
 * PermChecker does not return 'true'.
 *
 * However it specifically keeps the Types, System, and Icinga sub-namespaces, because they're
 * accessed through globals in ScopeExpression and the user should have access to all Values
 * contained in these namespaces.
 *
 * @return a sanitized copy of the global namespace if sandboxed, a pointer to the global namespace otherwise.
 */
Namespace::Ptr ScriptFrame::GetGlobals()
{
	if (Sandboxed) {
		if (!Globals) {
			Globals = new Namespace;
			auto globals = ScriptGlobal::GetGlobals();
			ObjectLock lock{globals};
			for (auto& kv : globals) {
				if (kv.first == "TicketSalt") {
					continue;
				}

				if (kv.first == "Types" || kv.first == "System" || kv.first == "Icinga" || PermChecker->CanAccessGlobalVariable(kv.first)) {
					Globals->Set(kv.first, kv.second->Get());
				}
			}
		}
		return Globals;
	}

	return ScriptGlobal::GetGlobals();
}

void ScriptFrame::IncreaseStackDepth()
{
	if (Depth + 1 > 300)
		BOOST_THROW_EXCEPTION(ScriptError("Stack overflow while evaluating expression: Recursion level too deep."));

	Depth++;
}

void ScriptFrame::DecreaseStackDepth()
{
	Depth--;
}

ScriptFrame *ScriptFrame::GetCurrentFrame()
{
	std::stack<ScriptFrame *> *frames = m_ScriptFrames.get();

	ASSERT(!frames->empty());
	return frames->top();
}

ScriptFrame *ScriptFrame::PopFrame()
{
	std::stack<ScriptFrame *> *frames = m_ScriptFrames.get();

	ASSERT(!frames->empty());

	ScriptFrame *frame = frames->top();
	frames->pop();

	return frame;
}

void ScriptFrame::PushFrame(ScriptFrame *frame)
{
	std::stack<ScriptFrame *> *frames = m_ScriptFrames.get();

	if (!frames) {
		frames = new std::stack<ScriptFrame *>();
		m_ScriptFrames.reset(frames);
	}

	if (!frames->empty()) {
		ScriptFrame *parent = frames->top();
		frame->Depth += parent->Depth;
	}

	frames->push(frame);
}
Replace Copyright header with a short version, part I CLion -> replace in path 2019-02-25 08:48:22 -05:00			`/* Icinga 2 \| (c) 2012 Icinga GmbH \| GPLv2+ */`
Implement a way to call methods on objects fixes #8071 2014-12-11 15:12:34 -05:00
Move the VMFrame class to libbase refs #8065 2014-12-12 09:33:02 -05:00			`#include "base/scriptframe.hpp"`
Remove unused #includes 2015-03-28 19:03:47 -04:00			`#include "base/scriptglobal.hpp"`
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00			`#include "base/namespace.hpp"`
Detect infinite recursion in user scripts fixes #10198 2015-09-23 03:21:45 -04:00			`#include "base/exception.hpp"`
Refactor Application::*Const() 2018-08-09 09:37:23 -04:00			`#include "base/configuration.hpp"`
Implement a way to call methods on objects fixes #8071 2014-12-11 15:12:34 -05:00
			`using namespace icinga;`

Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`boost::thread_specific_ptr<std::stack<ScriptFrame *> > ScriptFrame::m_ScriptFrames;`
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00
			`static auto l_InternalNSBehavior = new ConstNamespaceBehavior();`
Build fix for Windows 2014-12-22 08:14:16 -05:00
Fix static initializer priority for namespaces in LTO builds fixes #6575 2018-09-04 09:17:34 -04:00			`/* Ensure that this gets called with highest priority`
			`* and wins against other static initializers in lib/icinga, etc.`
			`* LTO-enabled builds will cause trouble otherwise, see GH #6575.`
			`*/`
Use lambda functions for INITIALIZE_ONCE fixes #12562 2016-08-27 03:35:08 -04:00			`INITIALIZE_ONCE_WITH_PRIORITY([]() {`
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00			`Namespace::Ptr globalNS = ScriptGlobal::GetGlobals();`

			`auto systemNSBehavior = new ConstNamespaceBehavior();`
			`systemNSBehavior->Freeze();`
			`Namespace::Ptr systemNS = new Namespace(systemNSBehavior);`
Replace std::shared_ptr<NamespaceValue> with NamespaceValue::Ptr refs #7361 2019-07-26 08:45:11 -04:00			`globalNS->SetAttribute("System", new ConstEmbeddedNamespaceValue(systemNS));`
Fix auto-completion suggestions for "icinga2 console" refs #12408 2016-08-12 09:36:47 -04:00
Replace std::shared_ptr<NamespaceValue> with NamespaceValue::Ptr refs #7361 2019-07-26 08:45:11 -04:00			`systemNS->SetAttribute("Configuration", new EmbeddedNamespaceValue(new Configuration()));`
Refactor Application::*Const() 2018-08-09 09:37:23 -04:00
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00			`auto typesNSBehavior = new ConstNamespaceBehavior();`
			`typesNSBehavior->Freeze();`
			`Namespace::Ptr typesNS = new Namespace(typesNSBehavior);`
Replace std::shared_ptr<NamespaceValue> with NamespaceValue::Ptr refs #7361 2019-07-26 08:45:11 -04:00			`globalNS->SetAttribute("Types", new ConstEmbeddedNamespaceValue(typesNS));`
Move type variables into the 'Types' namespace refs #12408 2016-08-12 10:53:44 -04:00
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00			`auto statsNSBehavior = new ConstNamespaceBehavior();`
			`statsNSBehavior->Freeze();`
			`Namespace::Ptr statsNS = new Namespace(statsNSBehavior);`
Replace std::shared_ptr<NamespaceValue> with NamespaceValue::Ptr refs #7361 2019-07-26 08:45:11 -04:00			`globalNS->SetAttribute("StatsFunctions", new ConstEmbeddedNamespaceValue(statsNS));`
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00
			`Namespace::Ptr internalNS = new Namespace(l_InternalNSBehavior);`
Replace std::shared_ptr<NamespaceValue> with NamespaceValue::Ptr refs #7361 2019-07-26 08:45:11 -04:00			`globalNS->SetAttribute("Internal", new ConstEmbeddedNamespaceValue(internalNS));`
Fix static initializer priority for namespaces in LTO builds fixes #6575 2018-09-04 09:17:34 -04:00			`}, 1000);`
Fix auto-completion suggestions for "icinga2 console" refs #12408 2016-08-12 09:36:47 -04:00
Implement support for the namespace and using keywords 2018-08-07 07:55:41 -04:00			`INITIALIZE_ONCE_WITH_PRIORITY([]() {`
			`l_InternalNSBehavior->Freeze();`
			`}, 0);`

Filter global variables when Sandboxed 2025-09-22 06:31:02 -04:00			`/**`
			* Construct a @c ScriptFrame that has `Self` assigned to the global namespace.
			`*`
			`* Prefer the other constructor if possible since if misused this may leak global variables`
			`* without permissions or senstive variables like TicketSalt in a sandboxed context.`
			`*`
			`* @todo Remove this constructor and call the other with the global namespace in places where it's actually necessary.`
			`*/`
Avoid unnecessary allocations for script frames 2017-12-18 04:30:20 -05:00			`ScriptFrame::ScriptFrame(bool allocLocals)`
Filter global variables when Sandboxed 2025-09-22 06:31:02 -04:00			`: Locals(allocLocals ? new Dictionary() : nullptr), PermChecker(new ScriptPermissionChecker),`
			`Self(ScriptGlobal::GetGlobals()), Sandboxed(false), Depth(0), Globals(nullptr)`
Make sure all constructors properly initialize the ScriptFrame object refs #12408 2016-08-12 05:42:59 -04:00			`{`
			`InitializeFrame();`
			`}`

Apply clang-tidy fix 'modernize-pass-by-value' 2018-01-04 02:54:18 -05:00			`ScriptFrame::ScriptFrame(bool allocLocals, Value self)`
Filter global variables when Sandboxed 2025-09-22 06:31:02 -04:00			`: Locals(allocLocals ? new Dictionary() : nullptr), PermChecker(new ScriptPermissionChecker), Self(std::move(self)),`
			`Sandboxed(false), Depth(0), Globals(nullptr)`
Make sure all constructors properly initialize the ScriptFrame object refs #12408 2016-08-12 05:42:59 -04:00			`{`
			`InitializeFrame();`
			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`void ScriptFrame::InitializeFrame()`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`{`
'Sandboxed' property isn't properly propagated to child frames refs #12247 2016-07-29 08:11:52 -04:00			`std::stack<ScriptFrame > frames = m_ScriptFrames.get();`

Implement support for namespaces fixes #12408 2016-08-12 05:25:36 -04:00			`if (frames && !frames->empty()) {`
			`ScriptFrame *frame = frames->top();`

Filter global variables when Sandboxed 2025-09-22 06:31:02 -04:00			// See the documentation of `ScriptFrame::Globals` for why these two are inherited and Globals isn't.
Add permission checking to script frames and filter utilities 2025-09-22 06:25:26 -04:00			`PermChecker = frame->PermChecker;`
Implement support for namespaces fixes #12408 2016-08-12 05:25:36 -04:00			`Sandboxed = frame->Sandboxed;`
			`}`
'Sandboxed' property isn't properly propagated to child frames refs #12247 2016-07-29 08:11:52 -04:00
Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`PushFrame(this);`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`ScriptFrame::~ScriptFrame()`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`{`
Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`ScriptFrame *frame = PopFrame();`
			`ASSERT(frame == this);`
Suppress or fix compiler warnings 2019-03-08 08:07:29 -05:00
			`#ifndef I2_DEBUG`
			`(void)frame;`
			`#endif /* I2_DEBUG */`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`}`

Filter global variables when Sandboxed 2025-09-22 06:31:02 -04:00			`/**`
			`* Returns a sanitized copy of the global variables namespace when sandboxed.`
			`*`
			`* This filters out the TicketSalt variable specifically and any variable for which the`
			`* PermChecker does not return 'true'.`
			`*`
			`* However it specifically keeps the Types, System, and Icinga sub-namespaces, because they're`
			`* accessed through globals in ScopeExpression and the user should have access to all Values`
			`* contained in these namespaces.`
			`*`
			`* @return a sanitized copy of the global namespace if sandboxed, a pointer to the global namespace otherwise.`
			`*/`
			`Namespace::Ptr ScriptFrame::GetGlobals()`
			`{`
			`if (Sandboxed) {`
			`if (!Globals) {`
			`Globals = new Namespace;`
			`auto globals = ScriptGlobal::GetGlobals();`
			`ObjectLock lock{globals};`
			`for (auto& kv : globals) {`
			`if (kv.first == "TicketSalt") {`
			`continue;`
			`}`

			`if (kv.first == "Types" \|\| kv.first == "System" \|\| kv.first == "Icinga" \|\| PermChecker->CanAccessGlobalVariable(kv.first)) {`
			`Globals->Set(kv.first, kv.second->Get());`
			`}`
			`}`
			`}`
			`return Globals;`
			`}`

			`return ScriptGlobal::GetGlobals();`
			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`void ScriptFrame::IncreaseStackDepth()`
Implement recursion limit for AST expressions which don't use a separate stack frame fixes #11106 2016-03-23 03:40:32 -04:00			`{`
			`if (Depth + 1 > 300)`
			`BOOST_THROW_EXCEPTION(ScriptError("Stack overflow while evaluating expression: Recursion level too deep."));`

			`Depth++;`
			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`void ScriptFrame::DecreaseStackDepth()`
Implement recursion limit for AST expressions which don't use a separate stack frame fixes #11106 2016-03-23 03:40:32 -04:00			`{`
			`Depth--;`
			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`ScriptFrame *ScriptFrame::GetCurrentFrame()`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`{`
Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`std::stack<ScriptFrame > frames = m_ScriptFrames.get();`
Build fix for Windows 2014-12-22 08:14:16 -05:00
Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`ASSERT(!frames->empty());`
			`return frames->top();`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`ScriptFrame *ScriptFrame::PopFrame()`
Build fix for Windows 2014-12-22 08:14:16 -05:00			`{`
Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`std::stack<ScriptFrame > frames = m_ScriptFrames.get();`

			`ASSERT(!frames->empty());`

			`ScriptFrame *frame = frames->top();`
			`frames->pop();`

			`return frame;`
			`}`

			`void ScriptFrame::PushFrame(ScriptFrame *frame)`
			`{`
			`std::stack<ScriptFrame > frames = m_ScriptFrames.get();`

			`if (!frames) {`
			`frames = new std::stack<ScriptFrame *>();`
			`m_ScriptFrames.reset(frames);`
			`}`

Implement recursion limit for AST expressions which don't use a separate stack frame fixes #11106 2016-03-23 03:40:32 -04:00			`if (!frames->empty()) {`
			`ScriptFrame *parent = frames->top();`
			`frame->Depth += parent->Depth;`
			`}`
Detect infinite recursion in user scripts fixes #10198 2015-09-23 03:21:45 -04:00
Avoid unnecessary allocations in ScriptFrame::SetCurrentFrame 2015-03-29 16:26:07 -04:00			`frames->push(frame);`
Remove unused #includes 2015-03-28 19:03:47 -04:00			`}`