Details
-
Type:
Bug
-
Status: Done
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: 3.7.3, 3.11.0, 3.10.3
-
Component/s: Evaluation, Logging
-
Labels:
Description
palĀ·impĀ·sest
noun
a manuscript or piece of writing material on which the original writing has been effaced to make room for later writing but of which traces remain.
https://www.google.com/search?q=define+palimpsest
Summary: When looking in cf-agent -v output, we see traces of prior bundles. This is confusing - and concerning, seems it seems there is some kind of data leakage .
We observed this on 3.7.3, and it is still present in 3.10.3.
How to reproduce:
Create a simple policy with two bundles, the first is parameterized and the second not:
bundle agent main { methods: "any" usebundle => one("apple"); "any" usebundle => two; } bundle agent one (x) { reports: "$(x)"; } bundle agent two { reports: "II"; }
Now run it, and you will see that the parameter is reported for the first AND SECOND bundle – even thought the second bundle was NOT parameterized!
verbose: END Discovered hard classes verbose: ---------------------------------------------------------------- verbose: ---------------------------------------------------------------- verbose: Preliminary variable/class-context convergence verbose: ---------------------------------------------------------------- verbose: Setting minimum acceptable TLS version: 1.0 verbose: ---------------------------------------------------------------- verbose: Begin policy/promise evaluation verbose: ---------------------------------------------------------------- verbose: Using bundlesequence => {"main"} verbose: B: ***************************************************************** verbose: B: BEGIN bundle main verbose: B: ***************************************************************** verbose: P: ......................................................... verbose: P: BEGIN promise 'promise_example_cf_5' of type "methods" (pass 1) verbose: P: Promiser/affected object: 'any' verbose: P: From parameterized bundle: main( {"apple"}) verbose: P: Base context class: any verbose: P: Stack path: /default/main/methods/'any'[1] verbose: B: ***************************************************************** verbose: B: BEGIN bundle one( {"apple"}) verbose: B: ***************************************************************** verbose: V: + Private parameter: 'x' in scope 'one' (type: s) in pass 1 verbose: P: ......................................................... verbose: P: BEGIN promise 'promise_example_cf_13' of type "reports" (pass 1) verbose: P: Promiser/affected object: 'apple' verbose: P: From parameterized bundle: one( {"apple"}) verbose: P: Base context class: any verbose: P: Stack path: /default/main/methods/'any'/default/one/reports/'apple'[1] R: apple verbose: A: Promise was KEPT verbose: P: END reports promise (apple) verbose: A: ................................................... verbose: A: Bundle Accounting Summary for 'one' in namespace default verbose: A: Promises kept in 'one' = 1 verbose: A: Promises not kept in 'one' = 0 verbose: A: Promises repaired in 'one' = 0 verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'one' = 100.0% verbose: A: ................................................... verbose: Additional promise info: source path '/tmp/example.cf' at line 5 verbose: Method 'one' verified verbose: B: ***************************************************************** verbose: B: END bundle one verbose: B: ***************************************************************** verbose: A: Promise was KEPT verbose: P: END methods promise (any) verbose: P: ......................................................... verbose: P: BEGIN promise 'promise_example_cf_6' of type "methods" (pass 1) verbose: P: Promiser/affected object: 'any' verbose: P: From parameterized bundle: main( {"apple"}) verbose: P: Base context class: any verbose: P: Stack path: /default/main/methods/'any'[1] verbose: B: ***************************************************************** verbose: B: BEGIN bundle two verbose: B: ***************************************************************** verbose: P: ......................................................... verbose: P: BEGIN promise 'promise_example_cf_21' of type "reports" (pass 1) verbose: P: Promiser/affected object: 'II' verbose: P: From parameterized bundle: two( {"apple"}) verbose: P: Base context class: any verbose: P: Stack path: /default/main/methods/'any'/default/two/reports/'II'[1] R: II verbose: A: Promise was KEPT verbose: P: END reports promise (II) verbose: A: ................................................... verbose: A: Bundle Accounting Summary for 'two' in namespace default verbose: A: Promises kept in 'two' = 1 verbose: A: Promises not kept in 'two' = 0 verbose: A: Promises repaired in 'two' = 0 verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'two' = 100.0% verbose: A: ................................................... verbose: Additional promise info: source path '/tmp/example.cf' at line 6 verbose: Method 'two' verified verbose: B: ***************************************************************** verbose: B: END bundle two verbose: B: ***************************************************************** verbose: A: Promise was KEPT verbose: P: END methods promise (any) verbose: A: ................................................... verbose: A: Bundle Accounting Summary for 'main' in namespace default verbose: A: Promises kept in 'main' = 4 verbose: A: Promises not kept in 'main' = 0 verbose: A: Promises repaired in 'main' = 0 verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'main' = 100.0% verbose: A: ................................................... verbose: B: ***************************************************************** verbose: B: END bundle main verbose: B: ***************************************************************** verbose: Generate diff state reports for policy '/tmp/example.cf' SKIPPED verbose: No lock purging scheduled verbose: Outcome of version (not specified) (agent-0): Promises observed - Total promise compliance: 100% kept, 0% repaired, 0% not kept (out of 4 events). User promise compliance: 100% kept, 0% repaired, 0% not kept (out of 4 events). CFEngine system compliance: 0% kept, 0% repaired, 0% not kept (out of 0 events).
Specifically:
verbose: P: From parameterized bundle: two( {"apple"})
The bundle two was not parameterized.