feat: add Check_MK Service for Mojolicious vulnerability

templates/usr/lib/check_mk_agent/plugins/check_subapp_ws_status.sh.j2

@@ -9,11 +9,27 @@ set -e
 # The webservice uses the HTTP-Statuscodes 200, 204, 404 and 500.
 
 LOCKFILE="/var/lock/check_subapp_ws_status.lock"
-itemname='subapp_ws.run_status'
-URL="http://${HOSTNAME}.{{ vault_subapp_webservice_domain | default('localdomain') }}:{{ vault_subapp_webservice_port }}/heartbeat"
+itemname_heartbeat='subapp_ws.run_status'
+itemname_mainpage='subapp_ws.info_reveal'
+URL_HEARTBEAT="http://${HOSTNAME}.{{ vault_subapp_webservice_domain | default('localdomain') }}:{{ vault_subapp_webservice_port }}/heartbeat"
+URL_MAINPAGE="http://${HOSTNAME}.{{ vault_subapp_webservice_domain | default('localdomain') }}:{{ vault_subapp_webservice_port }}"
 
 # IMPORTANT: Create lockfile using "flock", NOT "touch"!!! It's atomic and doesn't have to be cleared after the script ran.
-output=$( flock ${LOCKFILE} curl --silent --location --head --max-time 10 --write-out "%{http_code}\n" "${URL}" --output /dev/null )
+output_heartbeat=$( flock ${LOCKFILE} curl --silent --location --head --max-time 10 --write-out "%{http_code}\n" "${URL_HEARTBEAT}" --output /dev/null )
+output_mainpage=$( flock ${LOCKFILE} curl --silent --max-time 10 "${URL_MAINPAGE}" )
+
+# details: https://git.slub-dresden.de/slub-digitalpreservation/submissionapplications4rosetta/-/issues/117
+if [[ ${output_mainpage} =~ "/mojo/noraptor.png" ]]; then
+	status_mainpage=0
+	perf_values_mainpage="-"
+	statustext_mainpage="Webservice doesn't reveal any confidential information. Great!"
+else
+	status_mainpage=2
+	perf_values_mainpage="-"
+	statustext_mainpage="Webservice reveals confidential information via Mojolicious. OH NOES!!! Check deployed version."
+fi
+
+echo "${status_mainpage} ${itemname_mainpage} ${perf_values_mainpage} ${statustext_mainpage}"
 
 #EXEMPLARY OUTPUT:
 # HTTP/1.1 204 No Content
@@ -24,29 +40,29 @@ output=$( flock ${LOCKFILE} curl --silent --location --head --max-time 10 --writ
 # 204		### <===== HERE'S THE HTTP CODE, THE REST IS DISCARDED TO /dev/null
 
 # https://de.wikipedia.org/wiki/HTTP-Statuscode
-if [[ ( ${output} -ge 200 ) && ( ${output} -le 226 ) ]]; then
+if [[ ( ${output_heartbeat} -ge 200 ) && ( ${output_heartbeat} -le 226 ) ]]; then
 	# Webservice should return HTTP 204 "No Content" if heartbeat is alive
-	status=0
-	perf_values="-"
-	statustext="WebService is available (HTTP ${output} status code)."
-elif [[ ( ${output} -ge 400 ) && ( ${output} -le 451 ) ]]; then
-	status=2
-	perf_values="-"
-	statustext="WebService is NOT available (Client side error HTTP-${output})."
-elif [[ ( ${output} -ge 500 ) && ( ${output} -le 511 ) ]]; then
-	status=2
-	perf_values="-"
-	statustext="WebService is NOT available (Server side error HTTP-${output})."
+	status_heartbeat=0
+	perf_values_heartbeat="-"
+	statustext_heartbeat="WebService is available (HTTP ${output_heartbeat} status code)."
+elif [[ ( ${output_heartbeat} -ge 400 ) && ( ${output_heartbeat} -le 451 ) ]]; then
+	status_heartbeat=2
+	perf_values_heartbeat="-"
+	statustext_heartbeat="WebService is NOT available (Client side error HTTP-${output_heartbeat})."
+elif [[ ( ${output_heartbeat} -ge 500 ) && ( ${output_heartbeat} -le 511 ) ]]; then
+	status_heartbeat=2
+	perf_values_heartbeat="-"
+	statustext_heartbeat="WebService is NOT available (Server side error HTTP-${output_heartbeat})."
 else
-	status=3
-	perf_values="-"
+	status_heartbeat=3
+	perf_values_heartbeat="-"
 	if [[ ! "$( systemctl status webservice_status_SLUBarchiv.service )" =~ "enabled" ]]; then
-		statustext="SystemD-Unit for Webservice is DISABLED."
+		statustext_heartbeat="SystemD-Unit for Webservice is DISABLED."
 	elif [[ $( systemctl status webservice_status_SLUBarchiv.service | grep "Active: inactive (dead)" ) ]]; then
-		statustext="SystemD-Unit for Webservice is STOPPED."
+		statustext_heartbeat="SystemD-Unit for Webservice is STOPPED."
 	else
-		statustext="Couldn't get WebService status (perhaps timeout occurred)."
+		statustext_heartbeat="Couldn't get WebService status (perhaps timeout occurred)."
 	fi
 fi
 
-echo "${status} ${itemname} ${perf_values} ${statustext}"
+echo "${status_heartbeat} ${itemname_heartbeat} ${perf_values_heartbeat} ${statustext_heartbeat}"