From 447b471b3752e2cce23581d07dd661f2ae72d98d Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 13 Sep 2024 10:12:15 +0200 Subject: [PATCH] Scripts: check ACL definition, too; closes #7821 Causes more breakage, but we'll discuss. --- Scripts/dashboard-acl.sh | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/Scripts/dashboard-acl.sh b/Scripts/dashboard-acl.sh index bfdf0661bf..08ba1969ab 100755 --- a/Scripts/dashboard-acl.sh +++ b/Scripts/dashboard-acl.sh @@ -25,10 +25,12 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. +ACLDIR=src/opnsense/mvc/app/models WIDGETDIR=src/opnsense/www/js/widgets -WIDGETS=$(find -s ${WIDGETDIR} -name "*.js") +ACLS=$(find -s ${ACLDIR} -name "ACL.xml") METADATA=$(find -s ${WIDGETDIR}/Metadata -name "*.xml") +WIDGETS=$(find -s ${WIDGETDIR} -name "*.js") for WIDGET in ${WIDGETS}; do FILENAME=$(basename ${WIDGET}) @@ -37,8 +39,8 @@ for WIDGET in ${WIDGETS}; do continue fi - ENDPOINTS=$( (grep -o 'this\.ajaxCall([^,)]*' ${WIDGET} | cut -c 15-; - grep -o 'super\.openEventSource([^,)]*' ${WIDGET} | cut -c 23-) | + ENDPOINTS=$( (grep -o 'this\.ajaxCall([^,)]*' ${WIDGET} | cut -c 15-; \ + grep -o 'super\.openEventSource([^,)]*' ${WIDGET} | cut -c 23-) | \ tr -d "'" | tr -d '`' | sed 's:\$.*:*:' | sort -u) if [ -z "${ENDPOINTS}" ]; then @@ -50,7 +52,7 @@ for WIDGET in ${WIDGETS}; do for METAFILE in ${METADATA}; do if grep -q "${FILENAME}" ${METAFILE}; then - REGISTERED=$(xmllint ${METAFILE} --xpath '//*[filename="'"${FILENAME}"'"]//endpoints//endpoint' | + REGISTERED=$(xmllint ${METAFILE} --xpath '//*[filename="'"${FILENAME}"'"]//endpoints//endpoint' | \ sed -e 's:^[^>]*>::' -e 's:<[^<]*$::' | sort) break fi @@ -71,5 +73,11 @@ for WIDGET in ${WIDGETS}; do exit 1 fi - # XXX finally, check the registered endpoints against actual ACL defintions + for ENDPOINT in ${ENDPOINTS}; do + if ! grep -q "${ENDPOINT#"/"}" ${ACLS}; then + echo "Unknown ACL for ${WIDGET}:" + echo ${ENDPOINT} + exit 1 + fi + done done