upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2026-02-03 04:09:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixes Ifw writing passwords to EventLog for failed command execution (#774)

Browse source 
Fixes EventLog error handling by no longer parsing command arguments to ensure passwords are not stored on the EventLog, unless the debug mode of Icinga for Windows is enable
This commit is contained in:
Lord Hepipud 2025-01-29 15:19:26 +01:00 committed by GitHub
parent 336b38dddd
commit ed0770e8ff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/100-General/10-Changelog.md
View file

@ -11,6 +11,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
### Bugfixes
* [#754](https://github.com/Icinga/icinga-powershell-framework/issues/754) Fixes EventLog error handling by no longer parsing command arguments to ensure passwords are not stored on the EventLog, unless the debug mode of Icinga for Windows is enable
* [#759](https://github.com/Icinga/icinga-powershell-framework/pull/759) Fixes maximum cache duration for service daemons to the right value
* [#773](https://github.com/Icinga/icinga-powershell-framework/pull/773) Fixes REST-Api invoke command `Invoke-IcingaForWindowsRESTApi` by removing CA certificate check

12
lib/core/framework/Invoke-IcingaInternalServiceCall.psm1
View file

@ -61,12 +61,18 @@ function Invoke-IcingaInternalServiceCall()
Set-IcingaTLSVersion;
Enable-IcingaUntrustedCertificateValidation -SuppressMessages;
# For security reasons, we will not log the arguments in case of an error, only in debug mode
$ErrorArguments = '';
if ($Global:Icinga.Protected.DebugMode) {
$ErrorArguments = $Arguments;
}
# Now queue the check inside our REST-Api
try {
$ApiResult = Invoke-WebRequest -Method POST -UseBasicParsing -Uri ([string]::Format('https://localhost:{0}/v1/checker?command={1}', $RestApiPort, $Command)) -Body (ConvertTo-JsonUTF8Bytes -InputObject $Arguments -Depth 100 -Compress) -ContentType 'application/json' -TimeoutSec $Timeout;
} catch {
# Fallback to execute plugin locally
Write-IcingaEventMessage -Namespace 'Framework' -EventId 1553 -ExceptionObject $_ -Objects $Command, $Arguments;
Write-IcingaEventMessage -Namespace 'Framework' -EventId 1553 -ExceptionObject $_ -Objects $Command, $ErrorArguments;
return $NULL;
}
@ -76,12 +82,12 @@ function Invoke-IcingaInternalServiceCall()
# In case we didn't receive a check result, fallback to local execution
if ([string]::IsNullOrEmpty($IcingaResult.$Command.checkresult)) {
Write-IcingaEventMessage -Namespace 'Framework' -EventId 1553 -Objects 'The check result for the executed command was empty', $Command, $Arguments;
Write-IcingaEventMessage -Namespace 'Framework' -EventId 1553 -Objects 'The check result for the executed command was empty', $Command, $ErrorArguments;
return $NULL;
}
if ([string]::IsNullOrEmpty($IcingaResult.$Command.exitcode)) {
Write-IcingaEventMessage -Namespace 'Framework' -EventId 1553 -Objects 'The check result for the executed command was empty', $Command, $Arguments;
Write-IcingaEventMessage -Namespace 'Framework' -EventId 1553 -Objects 'The check result for the executed command was empty', $Command, $ErrorArguments;
return $NULL;
}