Plugin mk_sap.py throwing exception after some time

Troubleshooting
1

Hello,

I enabled the new mk_sap.py plugin on one of my VMs (NAME=“openSUSE Leap” VERSION=“15.5”) to monitor the SAP-Instances running there.
Everything is running great but after some time I am seeing the following exception being thrown

# /etc/check_mk/lib/plugins/mk_sap.py
Traceback (most recent call last):
  File "/etc/check_mk/lib/plugins/mk_sap.py", line 148, in <module>
    states = ast.literal_eval(opened_file.read())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/ast.py", line 110, in literal_eval
    return _convert(node_or_string)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/ast.py", line 99, in _convert
    return dict(zip(map(_convert, node.keys),
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/ast.py", line 109, in _convert
    return _convert_signed_num(node)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/ast.py", line 83, in _convert_signed_num
    return _convert_num(node)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/ast.py", line 74, in _convert_num
    _raise_malformed_node(node)
  File "/usr/lib64/python3.11/ast.py", line 71, in _raise_malformed_node
    raise ValueError(msg + f': {node!r}')
ValueError: malformed node or string on line 1: <ast.Call object at 0x7f9401811d50>

Deleting the state file (/tmp/check_mk/sap.state) gets the plugin back to working as expected.

Any ideas how and why this happens?

Kind regards
Frank

2

I think it happens, when I try to enable a ‘logwatch’ like
'SAP CCMS Admin Workplace/Security/SID/System Log Messages/Security'

Running the state file through AST looks okay:

# python3.11 /usr/lib64/python3.11/ast.py  -m eval < /tmp/check_mk/sap.state
Expression(
   body=Dict(
      keys=[
         Tuple(
            elts=[
               Constant(value='SID'),
               Constant(value='hostname_SID_00/SAP CCMS Admin Workplace/Security/SID/System Log Messages/Security')],
            ctx=Load())],
      values=[
         Call(
            func=Attribute(
               value=Name(id='datetime', ctx=Load()),
               attr='datetime',
               ctx=Load()),
            args=[
               Constant(value=2024),
               Constant(value=7),
               Constant(value=12),
               Constant(value=6),
               Constant(value=49),
               Constant(value=59)],
            keywords=[])]))

According to ast — Abstract Syntax Trees — Python 3.12.5 documentation

Warning: It is possible to crash the Python interpreter due to stack depth limitations in Python’s AST compiler.

It can raise ValueError, TypeError, SyntaxError, MemoryError and RecursionError depending on the malformed input.
This cannot be the reason here, can it?

Kind regards
Frank

3

Hi, yes this is a bug in mk_sap. Try the following change:

@@ -145,7 +145,7 @@
 # Load the state file into memory
 try:
     with open(STATE_FILE) as opened_file:
-        states = ast.literal_eval(opened_file.read())
+        states = eval(opened_file.read())
 except IOError:
     states = {}

At link Easiest way to persist a data structure to a file in python? - Stack Overflow there are discussed a different ways of preserving data. Apparently ast.literal_eval() can’t recover datetime…

4

Thank you for the response.
Wasn’t the whole point to use ast.literal_eval to avoid the security issue with eval?

5

According to ast — Abstract Syntax Trees — Python 3.13.0 documentation is ast.literal_eval a bit safer, but not completely safe. So I don’t know. The information stored in the sap.state file is hopefully trusted information.

6

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.