This file is indexed.

/usr/lib/cgi-bin/sitesummary-collector.cgi is in sitesummary 0.1.28+deb9u1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/perl -wT
#
# Receive HTTP post request with a file upload and process it as a
# sitesummary submission.
#
# Handle three different submission methods
#  - mime-encoded upload with sitesummary report in compressed form

use strict;
use CGI;
use POSIX qw(strftime);
use Socket;
use Sys::Syslog;
use SiteSummary;

my $basedir   = "/var/lib/sitesummary";
my $handlerdir = "/usr/lib/sitesummary/handler.d";

$ENV{PATH} = "/bin:/usr/bin";

print "Content-Type: text/plain\n\n";

my ($peeripaddr, $peername) = get_peerinfo(\*STDIN);

if (exists $ENV{REQUEST_METHOD} && $ENV{REQUEST_METHOD} ne "POST")
{
    print "Sitesummary  HTTP-POST submission URL\n";
    print "Visit http://debian-edu.alioth.debian.org/ for more info.\n";
    exit 0;
}

# Extract post data, handle both simple and multipart way
my @entry;
my $filename = "unknown";
if (exists $ENV{CONTENT_TYPE} && $ENV{CONTENT_TYPE} =~ m%multipart/form-data%){
    my $query = new CGI;
    my $fh = $query->upload("sitesummary");
    if ($fh) {
        $filename = $query->param("sitesummary");
        my $type = $query->uploadInfo($filename)->{'Content-Type'};
        if ("application/octet-stream" ne $type) {
            print "Only 'application/octet-stream' is supported (not $type)!";
            die;
        } else {
            my $encoding = $query->uploadInfo($filename)->{'Content-Encoding'};
            if ("x-gzip" eq $encoding || "gzip" eq $encoding) {
                # Uncompress
                print "Compressed ($encoding) encoding detected.\n";
                my $data;
                # $data = join("", <$fh>);
                my $len = (stat($fh))[7];
                read $fh, $data, $len;
                $data = Compress::Zlib::memGunzip($data);
                @entry = ($data);
            } else { # Pass throught
                #print STDERR "Identity encoding detected.\n";
                @entry = <$fh>;
            }
        }
    } else {
        print $query->cgi_error;
        die;
    }
} else {
    print <<EOF;
Unsupported submission method.
EOF
}

my $timestamp = strftime("%Y-%m-%dT%H:%M:%S", gmtime());

if ($filename =~ m/.tar.gz$/) {
    $filename = "sitesummary.tar.gz";
} elsif ($filename =~ m/.tar.gz.gpg$/) {
    $filename = "sitesummary.tar.gz.gpg";
} else {
    die "Unhandled file type '$filename'"
}

# XXX Come up with some unique file name.
my $savefile = "$basedir/tmpstorage/$peeripaddr-$timestamp-$$-$filename";

open(SITESUMMARY, ">", $savefile) or die "Unable to write to $savefile";
print SITESUMMARY @entry;
close SITESUMMARY;

print "Thanks for your submission to site-summary!\n";
print "SITESUMMARY HTTP-POST OK\n";

process_entry($peeripaddr, $peername, $savefile);

unlink $savefile;

exit 0;

sub extract_unique_id {
    return get_unique_ether_id("system/ifconfig-a") || die "Unable to read ifconfig-a";
}

sub process_entry {
    my ($peeripaddr, $peername, $filename) = @_;
    my $dirname;
    if ($filename =~ m/(.+).tar.gz$/) {
        $dirname = $1;
        mkdir $dirname;
        chdir $dirname;
        `tar zxf $filename`;
    } else {
        die "Unhandled file format '$filename'";
    }

    open(PEERINFO, ">peerinfo") || die;
    print PEERINFO "$peeripaddr $peername\n";
    close(PEERINFO) || die;

    my $id = extract_unique_id($dirname);
    if ("ether-unknown" eq $id) {
        syslog('warning', "%s", "ignoring client without MAC address connected from \[$peeripaddr\]");
        chdir "..";
        `rm -r $dirname`;
        return;
    }
    my $newdir = "$basedir/entries/$id";

    my $status = "new";
    if ( -d $newdir ) {
        `rm -r $newdir`;
        $status = "update";
    }

    rename $dirname, $newdir || die;

    $ENV{"PATH"} = "";
    for my $handler (<$handlerdir/*>) {
        # Untaint script path
        $handler =~ m/^([^;]*)$/; $handler = $1;
        system("$handler", "$newdir", "$status");
    }
}

sub get_peerinfo {
    my $sockethandle = shift;
    my ($peeripstr, $peername) = ("", "");

    if ($ENV{'REMOTE_ADDR'}) { # CGI variable
        $peeripstr = $ENV{'REMOTE_ADDR'};
        $peeripstr =~ m/(\d+).(\d+).(\d+).(\d+)/; # Untaint
        $peeripstr = "$1.$2.$3.$4";
        $peeripaddr = inet_aton($peeripstr);
        $peername = gethostbyaddr($peeripaddr, AF_INET);
    } elsif (my $sockaddr = getpeername($sockethandle)) {
        my $peerport;
        ($peerport, $peeripaddr) = sockaddr_in($sockaddr);
        $peername = gethostbyaddr($peeripaddr, AF_INET);
        $peeripstr = inet_ntoa($peeripaddr);
    } else {
        # Running on the command line, use test host
        $peeripstr = "127.0.0.1";
        $peername = "localhost";
    }
    if ("" eq $peername) {
        syslog('warning', "%s", "client without DNS entry connected from \[$peeripstr\]");
        $peername = "$peeripstr";
    }
    return ($peeripstr, $peername);
}