]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
ast_loggrabber: Install the ast_tsconvert.py script to a secure temp directory.
authorThatTotallyRealMyth <106909154+ThatTotallyRealMyth@users.noreply.github.com>
Wed, 18 Mar 2026 22:40:57 +0000 (09:40 +1100)
committerGeorge Joseph <gtjoseph@users.noreply.github.com>
Thu, 25 Jun 2026 14:21:09 +0000 (08:21 -0600)
The ast_tsconvert.py script called by ast_loggrabber is now installed in a
temporary directory that isn't world readable or writable.

Resolves: #GHSA-xgj6-2gc5-5x9c

contrib/scripts/ast_loggrabber

index 0683dfd9916735bf86050b52be99c16bc5dc3c0d..90beaaa761688fb01a3652fc2d39ea6d80df32d3 100755 (executable)
@@ -216,17 +216,18 @@ fi
 # Timestamp to use for output files
 df=${tarball_uniqueid:-$(${DATEFORMAT})}
 
-# Extract the Python timestamp conver script from the end of this
-# script and save it to /tmp/.ast_tsconvert.py
-
-install -m 0600 /dev/stdin /tmp/.ast_tsconvert.py < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
-
 tmpdir=$(mktemp -d)
 if [ -z "$tmpdir" ] ; then
        echo "${prog}: Unable to create temporary directory."
        exit 1
 fi
-trap "rm -rf $tmpdir /tmp/.ast_tsconvert.py" EXIT
+
+# Extract the Python timestamp conver script from the end of this
+# script and save it to the temporary directory
+
+install -m 0600 /dev/stdin "$tmpdir/.ast_tsconvert.py" < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
+
+trap "rm -rf $tmpdir" EXIT
 tardir=asterisk-${df}.logfiles
 
 # Now iterate over the logfiles
@@ -237,7 +238,7 @@ for i in ${!LOGFILES[@]} ; do
        mkdir -p "$destdir" 2>/dev/null || :
        if [ -n "$LOG_DATEFORMAT" ] ; then
                echo "Converting $lf"
-               cat "$lf" | python /tmp/.ast_tsconvert.py --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}"
+               cat "$lf" | python "$tmpdir/.ast_tsconvert.py" --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}"
        else
                echo "Copying $lf"
                cp "$lf" "${destfile}"