Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix verification errors caused by 'contains' function #61

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix verification errors caused by 'contains' function #61

wants to merge 3 commits into from
+54 −13

Conversation

eli-engelhardt
Copy link
Contributor

Summary of Changes

  • Added a contains_exact function to address uncaught errors in verification caused by only checking for substrings in the original contains function.
  • Reviewed and updated all instances of the contains function in the nilrt-snac package to ensure proper usage.

Justification

As stated in the bug, the 'contains' function in _config_file.py only checks for substring which would allow for improper verification. For example, the nilrt-snac configuration puts in the following entry: ClientAliveCountMax 4

However if the user changes it, nilrt-snac verify wouldn't throw an error for something like this: ClientAliveCountMax 40, which is not the behavior we want.

Testing

Tested whether exact and non-exact string matches have acceptable behaviors for each modified configuration file.

Procedure

  • This PR: changes user-visible behavior, fixes a bug, or impacts the project's security profile; and so it includes a CHANGELOG note.
  • I certify that the contents of this pull request complies with the Developer Certificate of Origin.

@eli-engelhardt
Fix verification errors caused by 'contains' function
25412d5 
- Added a contains_exact function to address uncaught errors in verifications caused by only checking for substrings in the contains function.
- Reviewed and updated all instances of the contains function in the nilrt-snac package to ensure proper usage.

Signed-off-by: Eli Engelhardt <[email protected]>
@eli-engelhardt eli-engelhardt requested review from amstewart, AlexHearnNI and a team as code owners March 4, 2025 19:46
@eli-engelhardt
Update Changelog
5e968d9 
Signed-off-by: Eli Engelhardt <[email protected]>
dmondrik
dmondrik reviewed Mar 10, 2025
View reviewed changes
docs/CHANGELOG.md
@@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* Restricted write access to system logs in `/var/log` to System Maintainers (root) and Auditors via the `adm` group.
* Restricted write access to `auditd.conf` to System Maintainers and Admins via the `sudo` group.

### Fixed
* Corrected the `verify` operation to ensure it accurately detects configuration changes.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bug also says that running nilrt-snac configure -y did not fix the problem. Does your change address that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does in my latest commit

@eli-engelhardt eli-engelhardt requested a review from dmondrik March 11, 2025 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amstewart amstewart amstewart approved these changes

@AlexHearnNI AlexHearnNI Awaiting requested review from AlexHearnNI AlexHearnNI is a code owner

@dmondrik dmondrik Awaiting requested review from dmondrik

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eli-engelhardt @amstewart @dmondrik