mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Validate arguments for ps
in docker top
Fix #24357 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This commit is contained in:
parent
07dd69df8d
commit
2539332209
2 changed files with 153 additions and 36 deletions
|
@ -5,12 +5,82 @@ package daemon
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/docker/engine-api/types"
|
"github.com/docker/engine-api/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func validatePSArgs(psArgs string) error {
|
||||||
|
// NOTE: \\s does not detect unicode whitespaces.
|
||||||
|
// So we use fieldsASCII instead of strings.Fields in parsePSOutput.
|
||||||
|
// See https://github.com/docker/docker/pull/24358
|
||||||
|
re := regexp.MustCompile("\\s+([^\\s]*)=\\s*(PID[^\\s]*)")
|
||||||
|
for _, group := range re.FindAllStringSubmatch(psArgs, -1) {
|
||||||
|
if len(group) >= 3 {
|
||||||
|
k := group[1]
|
||||||
|
v := group[2]
|
||||||
|
if k != "pid" {
|
||||||
|
return fmt.Errorf("specifying \"%s=%s\" is not allowed", k, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// fieldsASCII is similar to strings.Fields but only allows ASCII whitespaces
|
||||||
|
func fieldsASCII(s string) []string {
|
||||||
|
fn := func(r rune) bool {
|
||||||
|
switch r {
|
||||||
|
case '\t', '\n', '\f', '\r', ' ':
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return strings.FieldsFunc(s, fn)
|
||||||
|
}
|
||||||
|
|
||||||
|
func parsePSOutput(output []byte, pids []int) (*types.ContainerProcessList, error) {
|
||||||
|
procList := &types.ContainerProcessList{}
|
||||||
|
|
||||||
|
lines := strings.Split(string(output), "\n")
|
||||||
|
procList.Titles = fieldsASCII(lines[0])
|
||||||
|
|
||||||
|
pidIndex := -1
|
||||||
|
for i, name := range procList.Titles {
|
||||||
|
if name == "PID" {
|
||||||
|
pidIndex = i
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if pidIndex == -1 {
|
||||||
|
return nil, fmt.Errorf("Couldn't find PID field in ps output")
|
||||||
|
}
|
||||||
|
|
||||||
|
// loop through the output and extract the PID from each line
|
||||||
|
for _, line := range lines[1:] {
|
||||||
|
if len(line) == 0 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
fields := fieldsASCII(line)
|
||||||
|
p, err := strconv.Atoi(fields[pidIndex])
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, pid := range pids {
|
||||||
|
if pid == p {
|
||||||
|
// Make sure number of fields equals number of header titles
|
||||||
|
// merging "overhanging" fields
|
||||||
|
process := fields[:len(procList.Titles)-1]
|
||||||
|
process = append(process, strings.Join(fields[len(procList.Titles)-1:], " "))
|
||||||
|
procList.Processes = append(procList.Processes, process)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return procList, nil
|
||||||
|
}
|
||||||
|
|
||||||
// ContainerTop lists the processes running inside of the given
|
// ContainerTop lists the processes running inside of the given
|
||||||
// container by calling ps with the given args, or with the flags
|
// container by calling ps with the given args, or with the flags
|
||||||
// "-ef" if no args are given. An error is returned if the container
|
// "-ef" if no args are given. An error is returned if the container
|
||||||
|
@ -21,6 +91,10 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.Container
|
||||||
psArgs = "-ef"
|
psArgs = "-ef"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := validatePSArgs(psArgs); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
container, err := daemon.GetContainer(name)
|
container, err := daemon.GetContainer(name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -43,42 +117,9 @@ func (daemon *Daemon) ContainerTop(name string, psArgs string) (*types.Container
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Error running ps: %v", err)
|
return nil, fmt.Errorf("Error running ps: %v", err)
|
||||||
}
|
}
|
||||||
|
procList, err := parsePSOutput(output, pids)
|
||||||
procList := &types.ContainerProcessList{}
|
|
||||||
|
|
||||||
lines := strings.Split(string(output), "\n")
|
|
||||||
procList.Titles = strings.Fields(lines[0])
|
|
||||||
|
|
||||||
pidIndex := -1
|
|
||||||
for i, name := range procList.Titles {
|
|
||||||
if name == "PID" {
|
|
||||||
pidIndex = i
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if pidIndex == -1 {
|
|
||||||
return nil, fmt.Errorf("Couldn't find PID field in ps output")
|
|
||||||
}
|
|
||||||
|
|
||||||
// loop through the output and extract the PID from each line
|
|
||||||
for _, line := range lines[1:] {
|
|
||||||
if len(line) == 0 {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
fields := strings.Fields(line)
|
|
||||||
p, err := strconv.Atoi(fields[pidIndex])
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
|
return nil, err
|
||||||
}
|
|
||||||
|
|
||||||
for _, pid := range pids {
|
|
||||||
if pid == p {
|
|
||||||
// Make sure number of fields equals number of header titles
|
|
||||||
// merging "overhanging" fields
|
|
||||||
process := fields[:len(procList.Titles)-1]
|
|
||||||
process = append(process, strings.Join(fields[len(procList.Titles)-1:], " "))
|
|
||||||
procList.Processes = append(procList.Processes, process)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
daemon.LogContainerEvent(container, "top")
|
daemon.LogContainerEvent(container, "top")
|
||||||
return procList, nil
|
return procList, nil
|
||||||
|
|
76
daemon/top_unix_test.go
Normal file
76
daemon/top_unix_test.go
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
//+build !windows
|
||||||
|
|
||||||
|
package daemon
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestContainerTopValidatePSArgs(t *testing.T) {
|
||||||
|
tests := map[string]bool{
|
||||||
|
"ae -o uid=PID": true,
|
||||||
|
"ae -o \"uid= PID\"": true, // ascii space (0x20)
|
||||||
|
"ae -o \"uid= PID\"": false, // unicode space (U+2003, 0xe2 0x80 0x83)
|
||||||
|
"ae o uid=PID": true,
|
||||||
|
"aeo uid=PID": true,
|
||||||
|
"ae -O uid=PID": true,
|
||||||
|
"ae -o pid=PID2 -o uid=PID": true,
|
||||||
|
"ae -o pid=PID": false,
|
||||||
|
"ae -o pid=PID -o uid=PIDX": true, // FIXME: we do not need to prohibit this
|
||||||
|
"aeo pid=PID": false,
|
||||||
|
"ae": false,
|
||||||
|
"": false,
|
||||||
|
}
|
||||||
|
for psArgs, errExpected := range tests {
|
||||||
|
err := validatePSArgs(psArgs)
|
||||||
|
t.Logf("tested %q, got err=%v", psArgs, err)
|
||||||
|
if errExpected && err == nil {
|
||||||
|
t.Fatalf("expected error, got %v (%q)", err, psArgs)
|
||||||
|
}
|
||||||
|
if !errExpected && err != nil {
|
||||||
|
t.Fatalf("expected nil, got %v (%q)", err, psArgs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestContainerTopParsePSOutput(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
output []byte
|
||||||
|
pids []int
|
||||||
|
errExpected bool
|
||||||
|
}{
|
||||||
|
{[]byte(` PID COMMAND
|
||||||
|
42 foo
|
||||||
|
43 bar
|
||||||
|
100 baz
|
||||||
|
`), []int{42, 43}, false},
|
||||||
|
{[]byte(` UID COMMAND
|
||||||
|
42 foo
|
||||||
|
43 bar
|
||||||
|
100 baz
|
||||||
|
`), []int{42, 43}, true},
|
||||||
|
// unicode space (U+2003, 0xe2 0x80 0x83)
|
||||||
|
{[]byte(` PID COMMAND
|
||||||
|
42 foo
|
||||||
|
43 bar
|
||||||
|
100 baz
|
||||||
|
`), []int{42, 43}, true},
|
||||||
|
// the first space is U+2003, the second one is ascii.
|
||||||
|
{[]byte(` PID COMMAND
|
||||||
|
42 foo
|
||||||
|
43 bar
|
||||||
|
100 baz
|
||||||
|
`), []int{42, 43}, true},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, f := range tests {
|
||||||
|
_, err := parsePSOutput(f.output, f.pids)
|
||||||
|
t.Logf("tested %q, got err=%v", string(f.output), err)
|
||||||
|
if f.errExpected && err == nil {
|
||||||
|
t.Fatalf("expected error, got %v (%q)", err, string(f.output))
|
||||||
|
}
|
||||||
|
if !f.errExpected && err != nil {
|
||||||
|
t.Fatalf("expected nil, got %v (%q)", err, string(f.output))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue