mirror of
https://github.com/inspec/inspec
synced 2024-11-27 15:10:44 +00:00
3d7244fb07
Wildcards are evaluated prior to applying `sudo` permissions. This means that running `sudo find /some/path/*.conf` will fail if the user does not have read permissions on `/some/path/` because the wildcard cannot expand before `sudo` is applied and `*.conf` isn't a file. The solution for this is to run the command in a subshell that has the proper permissions (e.g. `sudo sh -c 'find /some/path/*.conf'`). This modifies `Utils::FindFiles` to use a subshell thus allowing wildcard support. This fixes #2157 Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
44 lines
951 B
Ruby
44 lines
951 B
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Dominik Richter
|
|
# author: Christoph Hartmann
|
|
|
|
module FindFiles
|
|
TYPES = {
|
|
block: 'b',
|
|
character: 'c',
|
|
directory: 'd',
|
|
pipe: 'p',
|
|
file: 'f',
|
|
link: 'l',
|
|
socket: 's',
|
|
door: 'D',
|
|
}.freeze
|
|
|
|
# ignores errors
|
|
def find_files(path, opts = {})
|
|
find_files_or_error(path, opts) || []
|
|
end
|
|
|
|
def find_files_or_error(path, opts = {})
|
|
depth = opts[:depth]
|
|
type = TYPES[opts[:type].to_sym] if opts[:type]
|
|
|
|
cmd = "sh -c \'find #{path}"
|
|
cmd += " -type #{type}" unless type.nil?
|
|
cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
|
|
cmd += "\'"
|
|
|
|
result = inspec.command(cmd)
|
|
exit_status = result.exit_status
|
|
|
|
unless exit_status == 0
|
|
warn "find_files(): exit #{exit_status} from `#{cmd}`"
|
|
return nil
|
|
end
|
|
|
|
result.stdout.split("\n")
|
|
.map(&:strip)
|
|
.find_all { |x| !x.empty? }
|
|
end
|
|
end
|