From 0652a7321b37b3aa8af3a77719565e857aad98b4 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 27 Jan 2020 15:59:22 -0500
Subject: [PATCH] Apply whitelist to rpc functions in configmanager

---
 confluent_server/confluent/config/configmanager.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py
index 084ddd50..a5aa26c5 100644
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@@ -609,6 +609,8 @@ def relay_slaved_requests(name, listener):
                         rpc += nrpc
                     rpc = msgpack.unpackb(rpc)
                     exc = None
+                    if not (rpc['function'].startswith('_rpc_') or rpc['function'].endswith('_collective_member')):
+                        raise Exception('Unsupported function {0} called'.format(rpc['function']))
                     try:
                         globals()[rpc['function']](*rpc['args'])
                     except Exception as e:
@@ -765,6 +767,8 @@ def follow_channel(channel):
                 if 'txcount' in rpc:
                     _txcount = rpc['txcount']
                 if 'function' in rpc:
+                    if not (rpc['function'].startswith('_true') or rpc['function'].startswith('_rpc')):
+                        raise Exception("Received unsupported function call: {0}".format(rpc['function']))
                     try:
                         globals()[rpc['function']](*rpc['args'])
                     except Exception as e: