Merge release-21.04.17 into 21.04.x (#11606)

* fix(git): sync dev-21.04.x with 21.04.x (#11526)

* [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521)

* Sanitize and bind ACL host dependency queries

* fix issues

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517)

1122

1153

1134

* removed old variable userCrypted and the use of it (#11334) (#11516)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506)

Refs: MON-14585

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* [SNYK] Sanitize and bind ACL class queries (#11392) (#11513)

* Sanitize and bind ACL class queries

Queries   sanitized  and bound using PDO statement

* fix spaces

spaces between (int) cast and variables

* update file delete spaces after comma

* change variables names due to a review

* Line exceeds 120 characters; contains 123 characters

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530)

Refs: MON-14039

* doc(ack): acknowledge Hakaï security (#11538)

* SNYK: Sanitize and bind ACL actions queries (#11549)

* sanitizing and binding acl actions queries

* fix missing bind

* SNYK: Sanitize and bind Broker listing queries (#11553)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11566)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11563)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* MON-14501 - sanitize query in centreonXmlbgRequest class (#11572)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569)

* sanityze 2 insert queries

* spaces removed in a query

* chore(install): Update version to 21.04.17

* fix(sql): fix query to select contact during ldap import (#11580)

Refs: MON-14263

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: chgautier <cgautier@centreon.com>

.github/CODEOWNERS

@@ -1,12 +1,12 @@
-/.github/       @centreon/centreon-ci
-/.git*          @centreon/centreon-ci
-/.project       @centreon/centreon-ci
-/Jenkinsfile    @centreon/centreon-ci
-/selinux/       @centreon/centreon-ci
-/project/       @centreon/centreon-ci
-*.sh            @centreon/centreon-ci
+/.github/       @centreon/centreon-devops
+/.git*          @centreon/centreon-devops
+/.project       @centreon/centreon-devops
+/Jenkinsfile    @centreon/centreon-devops
+/selinux/       @centreon/centreon-devops
+/project/       @centreon/centreon-devops
+*.sh            @centreon/centreon-devops
 
-*.po            @ghost
+*.po            @centreon/centreon-documentation
 
 /src/                  @centreon/centreon-php
 /config/               @centreon/centreon-php

Jenkinsfile

@@ -206,14 +206,15 @@ try {
         sh 'rm -rf output'
       }
     }
+
     if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') {
       error("Unit test // packaging stage failure.");
     }
   }
 
   stage("$DELIVERY_STAGE") {
     node {
-      checkoutCentreonBuild(buildBranch)    
+      checkoutCentreonBuild(buildBranch)
       sh 'rm -rf output'
       unstash 'tar-sources'
       unstash 'api-doc'
@@ -225,7 +226,7 @@ try {
       error('Delivery stage failure');
     }
   }
-  
+
   stage("$DOCKER_STAGE") {
     def parallelSteps = [:]
     def osBuilds = isStableBuild() ? ['centos7', 'alma8'] : ['centos7']
@@ -238,12 +239,6 @@ try {
         }
       }
     }
-    //'Docker centos8': {
-    //  node {
-    //    checkoutCentreonBuild(buildBranch)
-    //    sh "./centreon-build/jobs/web/${serie}/mon-web-bundle.sh centos8"
-    //  }
-    //}
     parallel parallelSteps
     if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') {
       error('Bundle stage failure.');
@@ -289,27 +284,6 @@ try {
       }
     }
   }
-
-  // TODO : add canary management in centreon-build
-  /*if ((env.BUILD == 'CI')) {
-    stage('Docker packaging with canary rpms') {
-      def parallelSteps = [:]
-      def osBuilds = isStableBuild() ? ['centos7', 'centos8'] : ['centos7']
-      for (x in osBuilds) {
-        def osBuild = x
-        parallelSteps[osBuild] = {
-          node {
-            checkoutCentreonBuild()
-            sh "./centreon-build/jobs/web/${serie}/mon-web-bundle.sh ${osBuild}"
-          }
-        }
-      }
-    }
-    parallel parallelSteps
-    if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') {
-      error('API integration tests stage failure.');
-    }
-  }*/
 
   stage('Acceptance tests') {
     def parallelSteps = [:]
@@ -342,5 +316,4 @@ try {
             "*COMMIT*: <https://github.com/centreon/centreon/commit/${source.COMMIT}|here> by ${source.COMMITTER}\n" +
             "*INFO*: ${e}"
   }
-
 }

SECURITY_ACK.md

@@ -14,6 +14,7 @@ Centreon reserves the right to make final decisions regarding publishing acknowl
 
 <h3> 2022 </h3>
 
+* 2022/05/23 - Lucas Carmo and Daniel França Lima from [Hakaï Security](https://www.hakaioffensivesecurity.com/)
 * 2022/02/16 - Anonymous working with Trend Micro Zero Day Initiative
 
 <h3> 2021 </h3>

composer.json

@@ -7,6 +7,10 @@
         "secure-http": false,
         "platform": {
             "php": "7.3"
+        },
+        "allow-plugins": {
+            "pestphp/pest-plugin": true,
+            "symfony/flex": true
         }
     },
     "require-dev": {
@@ -22,13 +26,12 @@
         "centreon/centreon-test-lib": "21.04.x-dev",
         "sensiolabs/security-checker": "^6.0",
         "symfony/var-dumper": "4.4.*",
-        "symfony/profiler-pack": "^1.0",
         "phpstan/phpstan": "^0.12.59",
         "webmozart/assert": "^1.8",
         "symfony/stopwatch": "^4.4",
         "symfony/twig-bundle": "^4.4",
         "symfony/web-profiler-bundle": "^4.4",
-        "twig/twig": "^2.0",
+        "twig/twig": "2.*",
         "phpstan/phpstan-beberlei-assert": "^0.12"
     },
     "require": {
@@ -39,7 +42,7 @@
         "symfony/filesystem": "4.4.*",
         "symfony/finder": "4.4.*",
         "openpsa/quickform": "3.3.*",
-        "smarty/smarty": "~2.6",
+        "smarty/smarty": "2.*",
         "curl/curl" : "^1.5",
         "ext-ctype": "*",
         "ext-iconv": "*",
@@ -53,7 +56,6 @@
         "symfony/security-bundle": "4.4.*",
         "symfony/yaml": "4.4.*",
         "symfony/options-resolver": "4.4.*",
-        "symfony/serializer-pack": "^1.0",
         "symfony/maker-bundle": "^1.11",
         "nelmio/cors-bundle": "^2.1",
         "symfony/validator": "4.4.*",
@@ -66,7 +68,12 @@
         "dragonmantank/cron-expression": "3.0.1",
         "beberlei/assert": "v3.3.0",
         "enshrined/svg-sanitize": "^0.14.0",
-        "symfony/monolog-bundle": "^3.7"
+        "symfony/monolog-bundle": "^3.7",
+        "doctrine/annotations": "^1.0",
+        "phpdocumentor/reflection-docblock": "^5.2",
+        "symfony/property-access": "4.4.*",
+        "symfony/property-info": "4.4.*",
+        "symfony/serializer": "4.4.*"
     },
     "autoload": {
         "psr-4": {