sonic-buildimage/device/celestica/x86_64-cel_silverstone-r0/plugins/psuutil.py
Mai Bui 51a1eb112b
[device/celestica] Mitigation for command injection vulnerability (#11740)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [PR (#12065)](https://github.com/sonic-net/sonic-buildimage/pull/12065) needs to merge first.
#### Why I did it
1. `eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
2. `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection.
3. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
4. `is` operator - string comparison should not be used with reference equality.
5. `globals()` - extremely dangerous because it may allow an attacker to execute arbitrary code on the system
#### How I did it
1. `eval()` - use `literal_eval()`
2. `subprocess()` - use `shell=False` instead. use an array string. Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation)
3. `os` - use with `subprocess`
4. `is` - replace by `==` operator for value equality
5. `globals()` - avoid the use of globals()
2022-12-09 10:30:20 -05:00

91 lines
2.7 KiB
Python

import subprocess
import sys
import re
try:
from sonic_psu.psu_base import PsuBase
except ImportError as e:
raise ImportError(str(e) + "- required module not found")
class PsuUtil(PsuBase):
"""Platform-specific PSUutil class"""
def __init__(self):
self.ipmi_raw = ["docker", "exec", "-ti", "pmon", "ipmitool", "raw", "0x4", "0x2d", ""]
self.psu1_id = "0x2f"
self.psu2_id = "0x39"
PsuBase.__init__(self)
def run_command(self, command):
proc = subprocess.Popen(command, universal_newlines=True, stdout=subprocess.PIPE)
(out, err) = proc.communicate()
if proc.returncode != 0:
sys.exit(proc.returncode)
return out
def find_value(self, in_string):
result = re.search("^.+ ([0-9a-f]{2}) .+$", in_string)
if result:
return result.group(1)
else:
return result
def get_num_psus(self):
"""
Retrieves the number of PSUs available on the device
:return: An integer, the number of PSUs available on the device
"""
return 2
def get_psu_status(self, index):
"""
Retrieves the oprational status of power supply unit (PSU) defined
by 1-based index <index>
:param index: An integer, 1-based index of the PSU of which to query status
:return: Boolean, True if PSU is operating properly, False if PSU is faulty
"""
if index is None:
return False
psu_id = self.psu1_id if index == 1 else self.psu2_id
self.ipmi_raw[8] = psu_id
res_string = self.run_command(self.ipmi_raw)
status_byte = self.find_value(res_string)
if status_byte is None:
return False
failure_detected = (int(status_byte, 16) >> 1) & 1
input_lost = (int(status_byte, 16) >> 3) & 1
if failure_detected or input_lost:
return False
else:
return True
def get_psu_presence(self, index):
"""
Retrieves the presence status of power supply unit (PSU) defined
by 1-based index <index>
:param index: An integer, 1-based index of the PSU of which to query status
:return: Boolean, True if PSU is plugged, False if not
"""
if index is None:
return False
psu_id = self.psu1_id if index == 1 else self.psu2_id
self.ipmi_raw[8] = psu_id
res_string = self.run_command(self.ipmi_raw)
status_byte = self.find_value(res_string)
if status_byte is None:
return False
presence = (int(status_byte, 16) >> 0) & 1
if presence:
return True
else:
return False