From 7a705d2d60a0f6b8eeb742065d17039952255856 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 23 Mar 2021 15:23:20 -0500
Subject: configd: T3426: check script name against include_set, not
 exclude_set

If the script name is mangled, for any reason (e.g. missing support for
script arguments) checking against the exclude_set will yield a false
positive; check against the include_set, even if this is a longer
search.

(cherry picked from commit 93c07ea1edff3f6f84285322b494a24b807ccc25)
---
 src/services/vyos-configd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/services/vyos-configd b/src/services/vyos-configd
index a4c982e2a..6004e9b95 100755
--- a/src/services/vyos-configd
+++ b/src/services/vyos-configd
@@ -218,7 +218,7 @@ def process_node_data(config, data) -> int:
         logger.critical(f"Missing script_name")
         return R_ERROR_DAEMON
 
-    if script_name in exclude_set:
+    if script_name not in include_set:
         return R_PASS
 
     with stdout_redirected(session_out, session_mode):
-- 
cgit v1.2.3