Fixed shell endpoint bug and added notice when executing the script (#4748)

Co-authored-by: matteo <biscosi@ntop.org>

scripts/plugins/endpoints/shell_alert_endpoint/alert_endpoints/shell.lua

@@ -4,6 +4,8 @@
 
 require "lua_utils"
 local json = require "dkjson"
+local alerts_api = require "alerts_api"
+local alert_consts = require "alert_consts"
 
 local endpoint_key = "shell_alert_endpoint"
 
@@ -63,38 +65,50 @@ end
 -- ##############################################
 
 function shell.sendMessage(alerts, settings)
-
   if isEmptyString(settings.path) then
     return false
   end
-  
-  local msg = json.encode(alerts)
+ 
+  for key, alert in ipairs(alerts) do
+    -- Executing the script
+    local exec_script = settings.path .. " " .. settings.options
 
-  local cmd = settings.path .. " " .. settings.options .. " " .. msg
+    os.execute(exec_script)
 
-  local tmp_file = io.popen(cmd .. ' \necho _$?')
-  local tmp_read = tmp_file:read'*a'
-  local exit_code = tmp_read:match'.*%D(%d+)'+0
-  tmp_file:close()
+    -- Storing an alert-notice in regard of the shell script execution
+    -- for security reasons
+    local entity_info = alerts_api.processEntity("ntopng")
+    local type_info = alert_consts.alert_types.alert_shell_script_executed.create(
+      alert_consts.alert_severities.notice,
+      exec_script,
+      alert_consts.alertTypeLabel(alert["alert_type"], true)
+    )
 
-  if(exit_code == 0) then
-    return true
+    alerts_api.store(entity_info, type_info)
   end
-
-  return false
 end
 
 -- ##############################################
 
 function shell.dequeueRecipientAlerts(recipient, budget, high_priority)
+  local full_path
+  local settings = recipient2sendMessageSettings(recipient)
+
+  -- Checking if the script still exist for security reasons
+  if ntop.exists("/usr/share/ntopng/" .. settings.path) then
+    full_path = "/usr/share/ntopng/" .. settings.path
+  elseif ntop.exists("scripts/shell/" .. settings.path) then
+    full_path = "scripts/shell/" .. settings.path
+  else
+    return {success=false, error_message="- unable to execute the script"}
+  end
+
+  settings.path = full_path
   local start_time = os.time()
   local sent = 0
   local more_available = true
   local budget_used = 0
   local MAX_ALERTS_PER_REQUEST = 1
-
-  local settings = recipient2sendMessageSettings(recipient)
-
   local return_msg = {}
   -- Dequeue alerts up to budget x MAX_ALERTS_PER_REQUEST
   -- Note: in this case budget is the number of script messages to send
@@ -128,9 +142,7 @@ function shell.dequeueRecipientAlerts(recipient, budget, high_priority)
       table.insert(alerts, alert)
     end
 
-    if not shell.sendMessage(alerts, settings) then
-      return {success=false, error_message="- unable to execute the script"}
-    end
+    shell.sendMessage(alerts, settings)
 
     -- Remove the processed messages from the queue
     budget_used = budget_used + #notifications