From 47a2ea75899a6395a80918d043a21d61fe712b44 Mon Sep 17 00:00:00 2001 From: Steve Schnepp Date: Wed, 12 Feb 2014 19:18:31 +0100 Subject: [PATCH] cgi/graph: replace Date::Manip with Date::Parse As stated in #1389 by terryburton : munin-cgi-graph invokes UnixDate from Date::Manip which invokes the system's date command under a shell. This makes it difficult to create a tight MAC security profile (such as AppArmor or SELinux) since it becomes necessary to permit Munin to exec a shell, which is a gaping hole. And cbiedl added : Also due to the shell execution, Date::Manip is sloooow. On my small test box, the entire Date::Manip::ParseDate and ::UnixDate line takes 120 ms, after replacing it with Date::Parse::str2time it is down to 3ms(sic!). Keep in mind this code is run for every graph a browser requests. Another issue mit Date::Manip is its API change, and at some point in the future the legacy DM5 munin uses might be obsoleted anyway. It should be noted Date::Parse::str2time understands all three timestamp formats as required by RFC 2616 in "3.3.1 Full Date". So if there's really breakage due to weird date strings specified by a client, it's rather their fault. Kudos to terryburton for the initial patch. I only edited it a little and then rebased it onto 2.0.6, so it can be also merged directly on the stable-2.0 branch. I also added the full commit message. This is to avoid having to look at the ticket, as the rationale behind the change is solid, but might be subtle. Closes: #1389 --- master/_bin/munin-cgi-graph.in | 7 ++----- master/_bin/munin-graph.in | 13 ++----------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/master/_bin/munin-cgi-graph.in b/master/_bin/munin-cgi-graph.in index dec4aa287..3d2532044 100755 --- a/master/_bin/munin-cgi-graph.in +++ b/master/_bin/munin-cgi-graph.in @@ -27,10 +27,7 @@ $Id$ use strict; use warnings; use IO::Handle; -BEGIN { - $Date::Manip::Backend = 'DM5'; -} -use Date::Manip; +use Date::Parse; use POSIX qw(strftime locale_h); use CGI::Fast qw(:cgi); use CGI::Carp qw(fatalsToBrowser); @@ -496,7 +493,7 @@ sub rfctime_newer_than { # Format of since_string If-Modified-Since: Wed, 23 Jun 2004 16:11:06 GMT my $since_string = shift; my $created = shift; - my $ifmodsec = &UnixDate (&ParseDateString ($since_string), "%s"); + my $ifmodsec = str2time($since_string); return 1 if ($ifmodsec < $created); return 0; diff --git a/master/_bin/munin-graph.in b/master/_bin/munin-graph.in index fb47333a1..1c15d9f30 100755 --- a/master/_bin/munin-graph.in +++ b/master/_bin/munin-graph.in @@ -28,16 +28,7 @@ use strict; use warnings; use IO::Handle; -BEGIN { - # This is needed because Date::Manip has deprecated the functional - # interface in >= 6.x. So, we force the use of the 5.x API. - $Date::Manip::Backend = 'DM5'; - - # Double line here to avoid spurious warnings about D::M::Backend being - # used only once. - $Date::Manip::Backend = 'DM5'; -} -use Date::Manip; +use Date::Parse; use POSIX qw(strftime); use Time::HiRes qw(gettimeofday tv_interval); use IO::File; @@ -350,7 +341,7 @@ sub rfctime_newer_than { # Format of since_string If-Modified-Since: Wed, 23 Jun 2004 16:11:06 GMT my $since_string = shift; my $created = shift; - my $ifmodsec = &UnixDate (&ParseDateString ($since_string), "%s"); + my $ifmodsec = str2time($since_string); return 1 if ($ifmodsec < $created); return 0;