MINOR: cli: set tainted when using CLI expert/experimental mode

Mark the process as tainted as soon as a command command only accessible
in expert or experimental mode is executed.

diff --git a/include/haproxy/global.h b/include/haproxy/global.h
index c69955c..2ff7b5d 100644 (file)
--- a/include/haproxy/global.h
+++ b/include/haproxy/global.h
@@ -100,6 +100,8 @@ static inline unsigned long thread_mask(unsigned long mask)
 enum tainted_flags {
        TAINTED_CONFIG_EXP_KW_DECLARED = 0x1,
        TAINTED_ACTION_EXP_EXECUTED    = 0x2,
+       TAINTED_CLI_EXPERT_MODE        = 0x4,
+       TAINTED_CLI_EXPERIMENTAL_MODE  = 0x8,
 };
 void mark_tainted(const enum tainted_flags flag);
 unsigned int get_tainted();

diff --git a/src/cli.c b/src/cli.c
index 4d9624b..c5009a3 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -739,6 +739,11 @@ static int cli_parse_request(struct appctx *appctx)
                return 0;
        }
 
+       if (kw->level == ACCESS_EXPERT)
+               mark_tainted(TAINTED_CLI_EXPERT_MODE);
+       else if (kw->level == ACCESS_EXPERIMENTAL)
+               mark_tainted(TAINTED_CLI_EXPERIMENTAL_MODE);
+
        appctx->io_handler = kw->io_handler;
        appctx->io_release = kw->io_release;