From bf1d88e53bdcd20b001b2f9be228942f98082b04 Mon Sep 17 00:00:00 2001 From: Eric Eisenhart Date: Wed, 24 May 2023 12:07:56 -0700 Subject: [PATCH 1/3] Minor tweak to debug statements (so debug=0 is silent when no problems) --- pd2zabbix.cgi | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pd2zabbix.cgi b/pd2zabbix.cgi index 188a39f..d9cf658 100755 --- a/pd2zabbix.cgi +++ b/pd2zabbix.cgi @@ -74,9 +74,11 @@ our $config = AppConfig->new( # Search for and load the first available configuration file my $found_config = 0; +my $config_path_used = ''; foreach my $config_path (@config_paths) { if ( -e $config_path ) { - warn("Reading config $config_path\n"); + $config_path_used = $config_path; + # warn("Reading config $config_path\n"); $config->file($config_path); $found_config = 1; last; @@ -85,6 +87,7 @@ foreach my $config_path (@config_paths) { if ($found_config) { $DEBUG = $config->get('debug'); + $DEBUG && warn("Config used: $config_path"); $DEBUG >= 3 && warn( to_json( $config, { allow_blessed => 1 } ) ); } else { From 055881d800ad34ccc57464b8d85af2dc9f01911c Mon Sep 17 00:00:00 2001 From: Eric Eisenhart Date: Wed, 24 May 2023 12:54:54 -0700 Subject: [PATCH 2/3] Validate that Authentication header matches configured auth token. If mismatch, returns a "401" status. Also some tweaks to debug output. --- pd2zabbix.cgi | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/pd2zabbix.cgi b/pd2zabbix.cgi index d9cf658..fdb36d2 100755 --- a/pd2zabbix.cgi +++ b/pd2zabbix.cgi @@ -73,11 +73,12 @@ our $config = AppConfig->new( ); # Search for and load the first available configuration file -my $found_config = 0; +my $found_config = 0; my $config_path_used = ''; foreach my $config_path (@config_paths) { if ( -e $config_path ) { $config_path_used = $config_path; + # warn("Reading config $config_path\n"); $config->file($config_path); $found_config = 1; @@ -87,8 +88,9 @@ foreach my $config_path (@config_paths) { if ($found_config) { $DEBUG = $config->get('debug'); - $DEBUG && warn("Config used: $config_path"); - $DEBUG >= 3 && warn( to_json( $config, { allow_blessed => 1 } ) ); + $DEBUG && warn("Config used: $config_path_used\n"); + my %vars = $config->varlist('.'); + $DEBUG >= 3 && warn( "Config: ". to_json( \%vars ) . "\n") if $DEBUG >= 3; } else { warn("No config found"); @@ -102,7 +104,7 @@ our $ua = LWP::UserAgent->new( agent => 'pagerduty2zabbix (https://github.com/so # Always tell PD we got the message right away: #print $cgi->header(); -if ($DEBUG) { +if ( $DEBUG >= 2 ) { warn "Headers:\n"; for my $header ( $cgi->http() ) { @@ -112,6 +114,24 @@ if ($DEBUG) { warn $cgi->param('POSTDATA'); } +# Authenticate (verify token received matches configured token) +if ( $config->get('pdauthtoken') ) { + my $pdauthtoken = $config->get('pdauthtoken'); + my $pdauthheader = $cgi->http('Authentication'); + $DEBUG >= 3 && warn("Auth header: $pdauthheader\n"); + $DEBUG >= 3 && warn("Auth token config: $pdauthtoken\n"); + if ( defined($pdauthheader) && $pdauthtoken eq $pdauthheader ) { + $DEBUG && warn("Auth token verified"); + } + else { + print $cgi->header(-status=>'401 Invalid Authentication Header'); + die("Auth header didn't match configured auth token"); + } +} +else { + $DEBUG && warn("No stored auth token to verify."); +} + # Read and parse the incoming PagerDuty webhook payload my $json_payload = $cgi->param('POSTDATA'); unless ($json_payload) { From e7926835895c3e4d366891182dbdf4c9ec80649e Mon Sep 17 00:00:00 2001 From: Eric Eisenhart Date: Wed, 24 May 2023 12:58:10 -0700 Subject: [PATCH 3/3] Style fixup with `perltidy -b` --- pd2zabbix.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pd2zabbix.cgi b/pd2zabbix.cgi index fdb36d2..cec244b 100755 --- a/pd2zabbix.cgi +++ b/pd2zabbix.cgi @@ -90,7 +90,7 @@ if ($found_config) { $DEBUG = $config->get('debug'); $DEBUG && warn("Config used: $config_path_used\n"); my %vars = $config->varlist('.'); - $DEBUG >= 3 && warn( "Config: ". to_json( \%vars ) . "\n") if $DEBUG >= 3; + $DEBUG >= 3 && warn( "Config: " . to_json( \%vars ) . "\n" ) if $DEBUG >= 3; } else { warn("No config found"); @@ -124,7 +124,7 @@ if ( $config->get('pdauthtoken') ) { $DEBUG && warn("Auth token verified"); } else { - print $cgi->header(-status=>'401 Invalid Authentication Header'); + print $cgi->header( -status => '401 Invalid Authentication Header' ); die("Auth header didn't match configured auth token"); } }