oxidized 0.30.1 → 0.32.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 408f73ee50ed7040fab6c0034d197c5755f4d1042e8f9923ab8159fd90d36497
-  data.tar.gz: 747b1a2c42d53a8eb1903b61119f7184b8fe78c2ea240d879523c6d8758cc42a
+  metadata.gz: b47cc2ddbb41778414a86ed387714b91340ff440f125d948b8168c6ab1641f71
+  data.tar.gz: 492d75d181d94cef898e5a687715d81e94dd9139ff6310e4c6b304edb92be39e
 SHA512:
-  metadata.gz: 216511de21f3497c2cf36f22b379b3eba411e39e969544e7a6fb0d5ec60e725d2086621f8c803cfef3fb88655fd27d78a1973a2df947712a3ee124f7189c5293
-  data.tar.gz: 567883bf03d9e46c0df4f4fead4e361f7a2b30e648cad01e994da14a705d99cd7e06763de9f8f8aedc87578757df02e2fad9bda343fd08dca22770d3478a4ebb
+  metadata.gz: c5028d2ae6b9ecb04783381d0804d68014f308e4109627b27d7a4c8225529ea06d3c300a46547fcfd47f1c961acab294cb7abae8200b0aa857a86af27c6f1269
+  data.tar.gz: cbeebeca48db2727432e42d069f3b94d326e150163944f27a21594dcaf73bc0eab7b91518f5d265c5a576e083b749ca733123fa438d247d15d9d2cf365b4a1dc

data/.github/workflows/ruby.yml

@@ -19,7 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['3.0', '3.1', '3.2']
+        ruby-version: ['3.1', '3.2', '3.3', '3.4', 'ruby-head']
+    continue-on-error: ${{ matrix.ruby-version == 'ruby-head' }}
 
     steps:
     - uses: actions/checkout@v4
@@ -34,9 +35,7 @@ jobs:
       uses: reviewdog/action-rubocop@v2
       with:
         rubocop_version: gemfile
-        rubocop_extensions: rubocop-minitest:gemfile rubocop-rake:gemfile
+        rubocop_extensions: rubocop-minitest:gemfile rubocop-rake:gemfile rubocop-sequel:gemfile
         reporter: github-pr-review
     - name: Run tests
       run: bundle exec rake
-    - uses: codecov/codecov-action@v3
-      if: ${{ always() }}

data/.github/workflows/stale.yml

@@ -14,6 +14,8 @@ jobs:
     steps:
       - uses: actions/stale@v9
         with:
+          stale-issue-message: 'This issue is stale because it has been open 90 days with no activity.'
+          stale-pr-message: 'This PR is stale because it has been open 90 days with no activity.'
           operations-per-run: 500
-          days-before-issue-stale: 90
-          days-before-close: 30
+          days-before-stale: 90
+          days-before-close: -1

data/.rubocop.yml

@@ -1,9 +1,8 @@
 inherit_from: .rubocop_todo.yml
 
-# Do not attempt to police vendored code
 AllCops:
   NewCops: enable
-  TargetRubyVersion: 3.0
+  # Do not attempt to police vendored code
   Exclude:
     - 'vendor/**/*'
 
@@ -19,8 +18,12 @@ Style/FrozenStringLiteralComment:
 Layout/LineLength:
   Enabled: false
 
+# We do not enforce the cop in the models as it would not work with the
+# DSL style of the models
 Lint/AmbiguousRegexpLiteral:
-  Enabled: false
+  Enabled: true
+  Exclude:
+   - lib/oxidized/model/*.rb
 
 Lint/RaiseException:
   Enabled: true
@@ -52,12 +55,19 @@ Style/FormatStringToken:
 Style/HashEachMethods:
   Enabled: true
 
+Style/HashSyntax:
+  EnforcedShorthandSyntax: either
+
 Style/HashTransformKeys:
   Enabled: true
 
 Style/HashTransformValues:
   Enabled: true
 
+Style/RegexpLiteral:
+  EnforcedStyle: slashes
+  AllowInnerSlashes: true
+
 Style/RescueModifier:
   Enabled: false
 
@@ -82,8 +92,12 @@ Metrics/ClassLength:
 ## Metrics/CyclomaticComplexity:
 ##   Max: 7
 
+# The BlockLength metric does not apply to unit tests. They are in nature
+# long and not very pretty
 Metrics/BlockLength:
   Max: 150
+  Exclude:
+   - spec/**/*_spec.rb
 
 Metrics/ParameterLists:
   Max: 6
@@ -94,3 +108,4 @@ Lint/EmptyBlock:
 require:
   - rubocop-rake
   - rubocop-minitest
+  - rubocop-sequel

data/.rubocop_todo.yml

@@ -1,12 +1,12 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2024-02-27 14:27:59 UTC using RuboCop version 1.60.2.
+# on 2025-02-17 10:13:53 UTC using RuboCop version 1.72.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 27
+# Offense count: 30
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
   Enabled: false
@@ -72,19 +72,12 @@ Style/OpenStructUse:
     - 'lib/oxidized/node.rb'
     - 'spec/hook/githubrepo_spec.rb'
 
-# Offense count: 47
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, AllowInnerSlashes.
-# SupportedStyles: slashes, percent_r, mixed
-Style/RegexpLiteral:
-  Enabled: false
-
-# Offense count: 31
+# Offense count: 33
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false
 
-# Offense count: 83
+# Offense count: 94
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:

data/CHANGELOG.md

@@ -4,6 +4,99 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [0.32.0 – 2025-02-17]
+This release fixes a security issue in oxidized-web, which is included in the
+Docker container of oxidized. If you are not using the Docker container but
+use oxidized-web, be sure to update your oxidized-web gem to 0.15.0.
+
+### Added
+- junos: add unit test (@systeembeheerder)
+- apc_aos: support for scp (@robertcheramy)
+- config: allow model_map and group_map keys to be regexp. Fixes #3360 (@ytti)
+- enterprise_sonic: add new model enterprise_sonic (@ohai89)
+- model for Kornfeld Operating System (@yurenkov)
+
+### Changed
+- sonicos: accept policy message. Fixes #3339 (@Steve-M-C, @robertcheramy)
+- input/ssh: change input.debug to dump all characters and include sent commands. (@robertcheramy)
+- cumulus: remove ANSI Escape codes and fix prompt issues. The prompt is more specific now (@alchemyx, @robertcheramy)
+- model unit tests: the tests are automated and simpler to use (@ytti, @robertcheramy)
+- device2yaml.rb: moved to extra/, commands can be specified from the command line or from a file (no cmdsets provided anymore) (@robertcheramy)
+- extra/gitdiff-msteams.sh: honor the 28KB size limit and add an optional link to GitHub (@mopi3456)
+
+### Fixed
+- tplink: send 'enable' before the enable password. Fixes #3271 (@robertcheramy)
+- asyncos: fix prompt for hostnames containing "-" . Fixes #3327 (@robertcheramy)
+- sonicos: fix prompt for hostnames containing "-" . Fixes #3333 (@robertcheramy)
+- xos: Hide radius accounting secret
+- fsos: Hide AAA and SNMP secrets (@RayaneB35)
+- aos7: fix prompt for version 8.8x. Fixes #3351 (@robertcheramy)
+- aosw: Hide power measurements (@rouven0)
+- arubainstant: show version prepends a space to prompt when a core file is present. Fixes #3398 (@robertcheramy)
+
+
+## [0.31.0 – 2024-11-29]
+
+### Added
+- model for Riverbed Steelhead (@Swaeltjie)
+- model for uplink EP4440-DP OLT (@AAm-kun)
+- model for Siklu Multihaul TG radios (@bdg-robert)
+- model for VMWare NSX DFW (@elmobp)
+- model for F5OS (@teunvink)
+- cumulus: Add possibility to use NVUE (@lagertonne)
+- model for garderos (@robertcheramy)
+- unit tests framework for models with ssh input (@robertcheramy)
+- os6: Added support to Dell EMC Networking OS6 (@anubisg1)
+- model for HPE Aruba Networking Instant Mode (Aruba Instant). Fixes #3057 (@robertcheramy)
+- Add JSONFILE source (@sargon)
+
+### Changed
+- h3c: change prompt to expect either angle (user-view) or square (system-view) brackets (@nl987)
+- xos: Hide radius and user secrets for XOS (@iriseden)
+- eos: Hide radius and snmp secrets for Arista EOS (@iriseden)
+- fortios: Hide date in acme certifcate comments (@systeembeheerder)
+- dlink: added support for 'enable admin' before getting configuration, if enable=true (@as8net)
+- dlinknextgen: strip uptime and ntp update time from config
+- Updated slackdiff.rb to use slack_ruby_client instead of slack-api (@Punicaa)
+- oxidized: options (such as credentials, etc.) now use the same resolution logic as variables and can also be defined per model in a group (@EinGlasVollKakao)
+- saos: add inventory and software status collection (@grbeneke)
+- container-image: update to phusion/baseimage:noble-1.0.0 and include security upgrades at build time (@robertcheramy)
+- container-image: use ubuntu-packages instead of gems in order to reduce container image size (@robertcheramy)
+- edgecos.rb: hide temperature and fan speed (@dhooper6430)
+- cnos: show information before config, remove secrets only when told to do so (@robje)
+- Updated slackdiff.rb to use new files.getUploadURLExternal slack file upload API instead of deprecated files.upload (@varesa)
+- Updated source/output files to reference a Source/Output module to avoid namespace duplication (@laf, @robertcheramy)
+- ios: Hide WLAN PSK, AP profile dot1x password, AP profile mgmtuser password/secret and radius COA server-key (@devon-mar)
+- ios: remove values from custom SNMP OID's, set by an EEM script (@syn-bit)
+- Update net-ssh to 7.3 to enable support for aes(128|256)gcm. Fixes #3168 (@jacobw)
+- removed time command from uplink EP4440-DP OLT model
+- fortios: variable `fullconfig` to get the configuration with default values. Fixes: #3159 (@robertcheramy)
+- container-image: install x25519 gem package to support more ssh kex. Fixes #3070 (@benasse)
+- lenovonos: Salt administrator-password line when remove_unstable_lines is set to True (@kani999)
+- lenovonos: Removes lines that started with Fan because RPM always changes. (@kani999)
+
+### Fixed
+- fixed error for ibos when remove_secret is set (@dminuoso)
+- fixed prompt for Watchguard FirewareOS not matching the regex when the node is managed and master (@benasse)
+- fixed prompt for vyos/vyatta to allow logins with non-priviliged accounts. Fixes #3111 (@h-lopez)
+- fixed power consumption included in ArubaOS-CX diffs starting with FL.10.13.xxx. Fixes #3142 (@terratalpi)
+- fixed oxidized-web getting "version not found" when fetching a version from git and no group is defined. Fixes #2222 (@robertcheramy)
+- fixed telnet to disconnect gracefully even if it throws IOError while disconnect. Fixes #3212 (@ytti)
+- docs: run git garbage collection to address performance issues. Fixes #3121 (@robertcheramy)
+- saos: fixed handling of 'unsaved configuration' indicator in prompt (@grbeneke)
+- rgos: also strip "System uptime" for installed modules (@spike77453)
+- fixed digest authentication when using http input (@spike77453)
+- fixed aosw prompt; now working with ArubaOS 8 (@mabezi, @robertcheramy)
+- routeros: fix system info for CHR. Fixes #3180 (@systeembeheerder)
+- removed hardcoded '~/.config/oxidized/config'. Fixes #3229 (@robertcheramy)
+- linuxgeneric: updated prompt to support '$' at the end (@robertcheramy)
+- hook githubrepo: add a specific warning when rugged not installed with ssh support. Fixes #3211 (@robertcheramy)
+- hook githubrepo: works with custom branch names (@robertcheramy)
+- ios: removes secrets when config has multiple snmp-server host lines. Fixes #3239 (@robertcheramy)
+- ios: fixed device specs on ASR900 Series. Fixes #3297 (@robertcheramy, @roshnaraman)
+- netgear: prompt for gs752tpp. Fixes #3287 (@robertcheramy)
+- aoscx: fixed regex for 6400 switches to hide temperature and power (@steveneppler)
+
 
 ## [0.30.1 – 2024-04-12]
 
@@ -13,7 +106,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 ### Fixed
 - The version string was not set correctly (@robertcheramy)
 
-
 ## [0.30.0 – 2024-04-11]
 
 ### Added

data/CONTRIBUTING.md

@@ -6,6 +6,9 @@ A great place for users to get involved is the [GitHub issues](https://github.co
 Through the issues, you can interact with maintainers and other users. You can open an issue
 if you need help, but you can also help other users by reviewing their issues and commenting on them.
 
+Before writing an issue, please read our documentation on
+[how to write good issues](/docs/Issues.md).
+
 > ## Legal Notice
 > When submitting content to this project, you must agree that you have authored 100%
 > of the content, that you have the necessary rights to the content and that the
@@ -119,6 +122,8 @@ bundle config set --local path 'vendor/bundle'
 bundle install
 ```
 
+Note: if you need to install rugged with ssh support, you can tell bundler so with `bundle config build.rugged --with-ssh`. Reinstall rugged with `bundle pristine rugged`
+
 ### Run your code
 ```bash
 bundle exec bin/oxidized

data/Dockerfile

@@ -1,39 +1,46 @@
-# Single-stage build of an oxidized container from phusion/baseimage-docker jammy-1.0.1, derived from Ubuntu 22.04 (Jammy Jellyfish)
-FROM docker.io/phusion/baseimage:jammy-1.0.1
+###################
+# Stage 1: Prebuild to save space in the final image.
 
-# set up dependencies for the build process
-RUN apt-get -yq update \
-    && apt-get -yq --no-install-recommends install ruby3.0 ruby3.0-dev libssl3 bzip2 libssl-dev pkg-config make cmake libssh2-1 libssh2-1-dev git git-email libmailtools-perl g++ libffi-dev ruby-bundler libicu70 libicu-dev libsqlite3-0 libsqlite3-dev libmysqlclient21 libmysqlclient-dev libpq5 libpq-dev zlib1g-dev msmtp \
-    && apt-get clean \
+FROM docker.io/phusion/baseimage:noble-1.0.0 AS prebuilder
+
+# install necessary packages for building gems
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    git \
+    ruby-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# dependencies for hooks
-RUN gem install --no-document aws-sdk slack-ruby-client xmpp4r cisco_spark
+# create bundle directory
+RUN mkdir -p /usr/local/bundle
+ENV GEM_HOME=/usr/local/bundle
 
-# dependencies for sources
-RUN gem install --no-document gpgme sequel sqlite3 mysql2 pg
+###################
+# Install the x25519 gem
+RUN gem install x25519 --no-document
 
-# dependencies for inputs
-RUN gem install --no-document net-tftp net-http-persistent mechanize
 
-# build and install oxidized
+###################
+# build oxidized
 COPY . /tmp/oxidized/
 WORKDIR /tmp/oxidized
 
 # docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
 RUN git fetch --unshallow || true
 
+# Remove any older gems of oxidized if they exist
+RUN rm pkg/* || true
+
 # Ensure rugged is built with ssh support
-RUN CMAKE_FLAGS='-DUSE_SSH=ON' rake install
+RUN rake build
 
-# web interface
-RUN gem install oxidized-web --no-document
 
-# clean up
-WORKDIR /
-RUN rm -rf /tmp/oxidized
-RUN apt-get -yq --purge autoremove ruby-dev pkg-config make cmake ruby-bundler libssl-dev libssh2-1-dev libicu-dev libsqlite3-dev libmysqlclient-dev libpq-dev zlib1g-dev
+###################
+# Stage2: build an oxidized container from phusion/baseimage-docker and install x25519 from stage1
+FROM docker.io/phusion/baseimage:noble-1.0.0
+
+ENV DEBIAN_FRONTEND=noninteractive
 
+##### Place "static" commands at the beginning to optimize image size and build speed
 # add non-privileged user
 ARG UID=30000
 ARG GID=$UID
@@ -55,4 +62,61 @@ COPY extra/oxidized.runit /etc/service/oxidized/run
 COPY extra/auto-reload-config.runit /etc/service/auto-reload-config/run
 COPY extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run
 
+# set up dependencies for the build process
+RUN apt-get -yq update \
+    && apt-get -yq upgrade \
+    && apt-get -yq --no-install-recommends install ruby \
+    # Build process of oxidized from git (beloww)
+    git \
+    # Allow git send-email from docker image
+    git-email libmailtools-perl \
+    # Allow sending emails in the docker container
+    msmtp \
+    # Debuging tools inside the container
+    inetutils-telnet \
+    # Use ubuntu gems where possible
+    # Gems needed by oxidized
+    ruby-rugged ruby-slop ruby-psych \
+    ruby-net-telnet ruby-net-ssh ruby-net-ftp ruby-ed25519 \
+    # Gem dependencies for inputs
+    ruby-net-http-persistent ruby-mechanize \
+    # Gem dependencies for sources
+    ruby-sqlite3 ruby-mysql2 ruby-pg ruby-sequel ruby-gpgme\
+    # Gem dependencies for hooks
+    ruby-aws-sdk ruby-xmpp4r \
+    # Gems needed by oxidized-web
+    ruby-charlock-holmes ruby-haml ruby-htmlentities ruby-json \
+    puma ruby-sinatra ruby-sinatra-contrib \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# copy the compiled gem from the builder stage
+COPY --from=prebuilder /usr/local/bundle /usr/local/bundle
+
+# Set environment variables for bundler
+ENV GEM_HOME="/usr/local/bundle"
+ENV PATH="$GEM_HOME/bin:$PATH"
+
+# gems not available in ubuntu noble
+RUN gem install --no-document \
+    # dependencies for hooks
+    slack-ruby-client cisco_spark \
+    # dependencies for specific inputs
+    net-tftp \
+    # Net scp is needed in Version >= 4.1.0, which is not available in ubuntu
+    net-scp
+
+# install oxidized from prebuilder
+# The Dockerfile ist version-independent, so use oxidized-*.gem to cach the gem
+RUN mkdir -p /tmp/oxidized
+COPY --from=prebuilder /tmp/oxidized/pkg/oxidized-*.gem /tmp/oxidized/
+RUN gem install /tmp/oxidized/oxidized-*.gem
+
+# install oxidized-web
+RUN gem install oxidized-web --no-document
+
+# clean up
+WORKDIR /
+RUN rm -rf /tmp/oxidized
+
 EXPOSE 8888/tcp

data/README.md

@@ -101,23 +101,7 @@ gem install oxidized-script oxidized-web # If you don't install oxidized-web, en
 
 ### CentOS, Oracle Linux, Red Hat Linux
 
-On CentOS 6 and 7 / RHEL 6 and 7, begin by installing Ruby 2.3 or greater. This can be accomplished in one of several ways:
-
-Install Ruby 2.3 from [SCL](https://www.softwarecollections.org/en/scls/rhscl/rh-ruby23/):
-
-```shell
-yum install centos-release-scl
-yum install rh-ruby30 rh-ruby30-ruby-devel
-scl enable rh-ruby30 bash
-```
-
-The following additional packages will be required to build the dependencies:
-
-```shell
-yum install make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++
-```
-
-Alternatively, install Ruby 2.6 via RVM by following the instructions:
+On CentOS 6 and 7 / RHEL 6 and 7, begin by installing Ruby 3.1 via RVM by following the instructions:
 
 Make sure you dont have any leftover ruby:
 ```yum erase ruby```
@@ -129,8 +113,8 @@ sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A17031138
 curl -sSL https://get.rvm.io | bash -s stable
 source /etc/profile.d/rvm.sh
 rvm requirements run
-rvm install 3.0
-rvm use 3.0
+rvm install 3.1
+rvm use 3.1
 ```
 
 Install oxidized requirements:
@@ -200,7 +184,7 @@ Run the container for the first time to initialize the config:
 _Note: this step in only required for creating the Oxidized configuration file and can be skipped if you already have one._
 
 ```shell
-docker run --rm -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized
+docker run --rm -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp --user oxidized -t oxidized/oxidized:latest oxidized
 ```
 
 If the RESTful API and Web Interface are enabled, on the docker host running the container
@@ -295,7 +279,7 @@ It is recommended practice to run Oxidized using its own username.  This usernam
 useradd -s /bin/bash -m oxidized
 ```
 
-> It is recommended __not__ to run Oxidized as root.
+> It is recommended __not__ to run Oxidized as root. After creating a dedicated user, switch to the oxidized user using su oxidized to ensure that Oxidized is run under the correct user context.
 
 To initialize a default configuration in your home directory `~/.config/oxidized/config`, simply run `oxidized` once. If you don't further configure anything from the output and source sections, it'll extend the examples on a subsequent `oxidized` execution. This is useful to see what options for a specific source or output backend are available.
 

data/Rakefile

@@ -27,7 +27,8 @@ task :test do
   Rake::TestTask.new do |t|
     t.libs << 'spec'
     t.test_files = FileList['spec/**/*_spec.rb']
-    t.warning = true
+    # Don't display ambiguity warning between regexp and division in models
+    t.warning = false
     t.verbose = true
   end
 end
@@ -73,13 +74,41 @@ task :chmod do
     extra/oxidized.runit
     extra/syslog.rb
     extra/update-ca-certificates.runit
+    extra/device2yaml.rb
   ]
   dirs = []
-  %x(git ls-files -z).split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }.each do |file|
+  %x(git ls-files -z).split("\x0").reject { |f| f.match(/^(test|spec|features)\//) }.each do |file|
     dirs.push(File.dirname(file))
     xbit.include?(file) ? File.chmod(0o0755, file) : File.chmod(0o0644, file)
   end
   dirs.sort.uniq.each { |dir| File.chmod(0o0755, dir) }
 end
 
+# Build the container image with docker or podman
+def command_available?(command)
+  system("which #{command} > /dev/null 2>&1")
+end
+
+def docker_needs_root?
+  !system('docker info > /dev/null 2>&1')
+end
+
+desc 'Build the container image with docker or podman'
+task :build_container do
+  # Prefer podman if available as it runs rootless
+  if command_available?('podman')
+    sh 'podman build -t oxidized:`git describe --tags` -t oxidized:latest .'
+  elsif command_available?('docker')
+    if docker_needs_root?
+      puts 'docker needs root to build the image. Using sudo...'
+      sh 'sudo docker build -t oxidized:`git describe --tags` -t oxidized:latest .'
+    else
+      sh 'docker build -t oxidized:`git describe --tags` -t oxidized:latest .'
+    end
+  else
+    puts 'You need Podman or Docker to build the container image.'
+    exit 1
+  end
+end
+
 task default: :test