XML External Entity (XXE) Injection

@@ -44,6 +44,10 @@
     from urllib.error import HTTPError, URLError
     from urllib.parse import urlparse
 
+    # Correct issue #1025 by monkey path the xmlrpc lib
+    from defusedxml.xmlrpc import monkey_patch
+    monkey_patch()
+
     input = input
     range = range
     map = map
@@ -132,6 +136,10 @@ def system_exec(command):
     from urllib2 import urlopen, HTTPError, URLError
     from urlparse import urlparse
 
+    # Correct issue #1025 by monkey path the xmlrpc lib
+    from defusedxml.xmlrpc import monkey_patch
+    monkey_patch()
+
     input = raw_input
     range = xrange
     ConfigParser.read_file = ConfigParser.readfp

@@ -10,7 +10,7 @@ docker>=2.0.0
 elasticsearch
 graphitesender
 hddtemp
-influxdb
+influxdb>=1.0.0
 influxdb-client; python_version >= "3.6"
 kafka-python
 netifaces

@@ -59,13 +59,19 @@ Requirements
 
 - ``python>=2.7`` or ``python>=3.4``
 - ``psutil>=5.3.0`` (better with latest version)
+- ``defusedxml`` (in order to monkey path xmlrpc)
+- ``future`` (for Python 2 support)
 
 *Note for Python 2.6 users*
 
 Glances no longer supports Python 2.6. Please upgrade
 to a minimum Python version of 2.7/3.4+ or downgrade to Glances 2.6.2 (last version
 with Python 2.6 support).
 
+*Deprecation warning note for Python 2.x users*
+
+Glances version 4.0 will no longer supports Python 2.x.
+
 Optional dependencies:
 
 - ``bernhard`` (for the Riemann export module)

@@ -1,2 +1,3 @@
 psutil>=5.3.0
+defusedxml
 future

@@ -41,7 +41,7 @@ def get_data_files():
 
 
 def get_install_requires():
-    requires = ['psutil>=5.3.0', 'future']
+    requires = ['psutil>=5.3.0', 'defusedxml', 'future']
     if sys.platform.startswith('win'):
         requires.append('bottle')
         requires.append('requests')
@@ -60,7 +60,6 @@ def get_install_extras_require():
                    'paho-mqtt', 'potsdb', 'prometheus_client', 'pyzmq',
                    'statsd'],
         'folders': ['scandir'],  # python_version<"3.5"
-        'gpu': ['py3nvml'],
         'graph': ['pygal'],
         'ip': ['netifaces'],
         'raid': ['pymdstat'],
@@ -70,6 +69,10 @@ def get_install_extras_require():
         'web': ['bottle', 'requests'],
         'wifi': ['wifi']
     }
+    if PY3:
+        extras_require['export'].append('influxdb-client')
+        extras_require['gpu'] = ['py3nvml']
+
     # Add automatically the 'all' target
     extras_require.update({'all': [i[0] for i in extras_require.values()]})
 

@@ -58,6 +58,8 @@ profiling: venv venv-dev
 	@echo "Please complete and run: sudo ./venv/bin/py-spy record -o ./docs/_static/glances-flame.svg -d 60 -s --pid <GLANCES PID>"
 
 release-note:
-	git --no-pager log $(LASTTAG)..HEAD --first-parent --pretty=format:"* %s (by %an)"
+	git --no-pager log $(LASTTAG)..HEAD --first-parent --pretty=format:"* %s"
+	echo ""
+	git --no-pager shortlog -s -n $(LASTTAG)..HEAD
 
 .PHONY: test docs docs-server

@@ -1,15 +1,61 @@
 ==============================================================================
-Glances Version 3
+                                Glances changelog
 ==============================================================================
 
 ===============
-Version 3.1.8
+Version 3.2.0
 ===============
 
 Under Development.
 
 See roadmap here ==> https://github.com/nicolargo/glances/milestone/49
 
+This release is a major version (but minor number because the API did not change). It focus on
+*CPU consumption*. I use `Flame profiling https://github.com/nicolargo/glances/wiki/Glances-FlameGraph`_
+and code optimization to reduce CPU consumption from 20% to 50% depending on your system.
+
+Enhancement and development requests:
+
+    * Improve CPU consumption
+        - Make the refresh rate configurable per plugin #1870
+        - Add caching for processing username and cmdline
+        - Correct and improve refresh time method
+        - Set refresh rate for global CPU percent
+        - Set the dafault refresh rate of system stats to 60 seconds
+        - Default refresh time for sensors is refresh rate * 2
+        - Improve history perf
+        - Change main curses loop
+        - Improve Docker client connection
+        - Update Flame profiling
+    * Get system sensors temperatures thresholds #1864
+    * Filter data exported from Docker plugin
+    * Make the Docker API connection timeout configurable
+    * Add --issue to Github issue template
+    * Add release-note in the Makefile
+    * Add some comments in cpu_percent
+    * Add some comments to the processlist.py
+    * Set minimal version for PSUtil to 5.3.0
+    * Add comment to default glances.conf file
+    * Improve code quality #820
+    * Update WebUI for security vuln
+
+Bugs corrected:
+
+    * Quit from help should return to main screen, not exit #1874
+    * AttributeError: 'NoneType' object has no attribute 'current' #1875
+    * Merge pull request #1873 from metayan/fix-history-add
+    * Correct filter
+    * Correct Flake8 issue in plugins
+    * Pressing Q to get rid of irq not working #1792
+
+Contibutors for this version:
+
+    * Nicolargo
+    * Markus Pöschl
+    * Clifford W. Hansen
+    * Blake
+    * Yan
+
 ===============
 Version 3.1.7
 ===============
@@ -45,7 +91,7 @@ Version 3.1.6.2
 
 Bugs corrected:
 
-    * Remove bad merge for a non tested feature(see https://github.com/nicolargo/glances/issues/1787#issuecomment-774682954)
+    * Remove bad merge for a non tested feature (see https://github.com/nicolargo/glances/issues/1787#issuecomment-774682954)
 
 Version 3.1.6.1
 ===============
@@ -74,8 +120,8 @@ Enhancements and new features:
 
 Bugs corrected:
 
-    * Version tag for docker image packaging #1754 
-    * Unusual characters in cmdline cause lines to disappear and corrupt the display #1692 
+    * Version tag for docker image packaging #1754
+    * Unusual characters in cmdline cause lines to disappear and corrupt the display #1692
     * UnicodeDecodeError on any command with a utf8 character in its name #1676
     * Docker image is not up to date install #1662
     * Add option to set the strftime format #1785
@@ -117,7 +163,7 @@ Enhancements and new features:
 Bugs corrected:
 
     * Can't start server: unexpected keyword argument 'address' bug enhancement #1693
-    * class AmpsList method _build_amps_list() Windows fail (glances/amps_list.py) bug #1689 
+    * class AmpsList method _build_amps_list() Windows fail (glances/amps_list.py) bug #1689
     * Fix grammar in sensors documentation #1681
     * Reflect "used percent" user disk space for [fs] alert #1680
     * Bug: [fs] plugin needs to reflect user disk space usage needs test #1658

@@ -19,10 +19,9 @@
 
 """Manage on alert actions."""
 
-from subprocess import Popen
-
 from glances.logger import logger
 from glances.timer import Timer
+from glances.secure import secure_popen
 
 try:
     import chevron
@@ -94,12 +93,16 @@ def run(self, stat_name, criticity, commands, repeat, mustache_dict=None):
             logger.info("Action triggered for {} ({}): {}".format(stat_name,
                                                                   criticity,
                                                                   cmd_full))
-            logger.debug("Action will be executed with the following command: \
-                subprocess.Popen({}, shell=False)".format(cmd_full.split(' ')))
             try:
-                Popen(cmd_full.split(' '), shell=False)
+                ret = secure_popen(cmd_full)
             except OSError as e:
-                logger.error("Can't execute the action ({})".format(e))
+                logger.error("Action error for {} ({}): {}".format(stat_name,
+                                                                   criticity,
+                                                                   e))
+            else:
+                logger.debug("Action result for {} ({}): {}".format(stat_name,
+                                                                    criticity, 
+                                                                    ret))
 
         self.set(stat_name, criticity)
 

@@ -293,7 +293,7 @@ def get_value(self, section, option,
         If it did not exist, then return the default value.
 
         It allows user to define dynamic configuration key (see issue#1204)
-        Dynamic vlaue should starts and end with the ` char
+        Dynamic value should starts and end with the ` char
         Example: prefix=`hostname`
         """
         ret = default

@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Glances.
+#
+# Copyright (C) 2021 Nicolargo <nicolas@nicolargo.com>
+#
+# Glances is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Glances is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""Secures functions for Glances"""
+
+from glances.compat import nativestr
+from subprocess import Popen, PIPE
+
+
+def secure_popen(cmd):
+    """A more or less secure way to execute system command
+
+    Return: the result of the command OR an error message
+    """
+    ret = None
+
+    # Split by redirection '>'
+    cmd_split_redirect = cmd.split('>')
+    if len(cmd_split_redirect) > 2:
+        return 'Glances error: Only one file redirection allowed ({})'.format(cmd)
+    elif len(cmd_split_redirect) == 2:
+        stdout_redirect = cmd_split_redirect[1].strip()
+        cmd = cmd_split_redirect[0]
+    else:
+        stdout_redirect = None
+
+    sub_cmd_stdin = None
+    p_last = None
+    # Split by pipe '|'
+    for sub_cmd in cmd.split('|'):
+        # Split by space ' '
+        sub_cmd_split = [i for i in sub_cmd.split(' ') if i]
+        p = Popen(sub_cmd_split,
+                  shell=False,
+                  stdin=sub_cmd_stdin,
+                  stdout=PIPE,
+                  stderr=PIPE)
+        if p_last is not None:
+            # Allow p_last to receive a SIGPIPE if p exits.
+            p_last.stdout.close()
+        p_last = p
+        sub_cmd_stdin = p.stdout
+
+    p_ret = p_last.communicate()
+
+    if nativestr(p_ret[1]) == '':
+        # No error
+        ret = nativestr(p_ret[0])
+        if stdout_redirect is not None:
+            # Write result to redirection file
+            with open(stdout_redirect, "w") as stdout_redirect_file:
+                stdout_redirect_file.write(ret)
+    else:
+        # Error
+        ret = nativestr(p_ret[1])
+
+    return ret

@@ -35,11 +35,11 @@
 from glances.thresholds import GlancesThresholds
 from glances.plugins.glances_plugin import GlancesPlugin
 from glances.compat import subsample, range
+from glances.secure import secure_popen
 
 # Global variables
 # =================
 
-
 # Init Glances core
 core = GlancesMain()
 
@@ -376,6 +376,12 @@ def test_099_output_bars_must_be_between_0_and_100_percent(self):
         bar.percent = 101
         self.assertGreaterEqual(bar.percent, bar.max_value)
 
+    def test_100_secure(self):
+        """Test secure functions"""
+        print('INFO: [TEST_100] Secure functions')
+        self.assertEqual(secure_popen('echo -n TEST'), 'TEST')
+        self.assertEqual(secure_popen('echo FOO | grep FOO'), 'FOO\n')
+
     def test_999_the_end(self):
         """Free all the stats"""
         print('INFO: [TEST_999] Free the stats')