Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
fix(security): fix vulnerability for file loading (#7227)
Browse files Browse the repository at this point in the history 
* fix(security): fix vulnearability for file loading
Disallow inclusion of files from incorrect folders in broker performance.
Resolves: MON-3312

* style: psr2

* feat(clapi) add acknowledgement in clapi

* add acknowledgement by clapi
* add doc
* add acceptance

* fix(deadCode): removing file unused since a previous major release (#7229)

* enh(doc): improved English documentation, thanks to jefestyler (#7238)

* fix(doc): add entry in toc and correct table format

* Doc improve install chapters (#7239)

* fix(doc): readd quickstart shortlink
* enh(doc): add configuration of proxy in post installation

* fix(front): manage properly session expiration + avoid login inception (#7202)

* fix(sec): allow to set illegal characters for centcore (#7206)

* fix(sec): allow to set illegal characters for centcore

* add french translation for centcore illegal characters

* update properly centcore parameter in database

* move upgrade script

* fix(secu): rce vulnerability when using command's testing feature (#7232)

* fix(secu): Authenticated RCE in minPlayCommand.php
Concatenation of unsanitized command_hostaddress GET parameter to shell_exec leads to remote code execution.

* fix: rce vulnerability when using testing feature
* release note for 19.04.0
* style(PSR2)

* enh(CI): fixing UTF warnings

* feat(API) API to Get/Set/Export/Import Command Arg Descriptions

* feat(API) Add showinstance CLAPI command to Host  (#7199)

* enh(doc): Improved disk space calculation table

* enh(doc): add workbook to calculate the size of the platform

* doc(release notes): Add missing release notes from 2.8.x

* enh(doc): improve poller configuration

Conflicts:
	doc/en/administration_guide/poller/wizard_add_poller.rst

* enh(doc): Add custom code description for SNMP trap

* fix(doc): Remove 2.5 description in trap documentation

* enh(doc): add order of achievement of actions by the centreontrapd process

* fix(doc): correct location of database conf for trap on poller - ref #7011

* fix(doc): correct typo

* fix(doc): remove unsued image

* fix(doc): enable services after remote server installation (#7027)

* fix(doc): enable services after remote server installation
* fix(doc): add enable_services.rst

* enh(doc): Update upgradetoCentreon18.10.rst (#6934)

Update FR & EN chapter to manage MySQL migration from Centreon 3.4.x to Centreon 18.10.x

* fix(doc): describe directory of XML files for partitioning

* enh(ui) : indent third level menu (#7251)

* enh(DT): fix search filter for recurrent downtimes (#7201)

* Mon 3112 fix source install (#7160)

* fix(install): fix installation from sources on 18.10.x

* fix(security): fix vulnearability for file loading
Disallow inclusion of files from incorrect folders in broker performance.
Resolves: MON-3312

* style: psr2
  • Loading branch information
@victorvassilev
victorvassilev authored Mar 22, 2019
1 parent 1fe624d commit 1de4a4a
Showing 1 changed file with 62 additions and 15 deletions.
77 changes: 62 additions & 15 deletions www/include/Administration/brokerPerformance/brokerPerformance.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,10 @@ function createArrayStats($arryFromJson) {
$io[_('State')]['value'] = $arryFromJson['state'];
if ($arryFromJson['state'] == "disconnected") {
$io[_('State')]['class'] = "badge service_critical";
} elseif ($arryFromJson['state'] == "listening" || $arryFromJson['state'] == "connected" || $arryFromJson['state'] == "connecting") {
} elseif ($arryFromJson['state'] == "listening"
|| $arryFromJson['state'] == "connected"
|| $arryFromJson['state'] == "connecting"
) {
$io[_('State')]['class'] = "badge service_ok";
} elseif ($arryFromJson['state'] == "sleeping" || $arryFromJson['state'] == "blocked") {
$io[_('State')]['class'] = "badge service_warning";
Expand All @@ -65,23 +68,41 @@ function createArrayStats($arryFromJson) {
}

if (isset($arryFromJson['last_connection_attempt']) && $arryFromJson['last_connection_attempt'] != -1) {
$io[_('Last connection attempt')] = array('value' => $arryFromJson['last_connection_attempt'], 'isTimestamp' => true);
$io[_('Last connection attempt')] = array(
'value' => $arryFromJson['last_connection_attempt'],
'isTimestamp' => true
);
}

if (isset($arryFromJson['last_connection_success']) && $arryFromJson['last_connection_success'] != -1) {
$io[_('Last connection success')] = array('value' => $arryFromJson['last_connection_success'], 'isTimestamp' => true);;
$io[_('Last connection success')] = array(
'value' => $arryFromJson['last_connection_success'],
'isTimestamp' => true
);
}

if (isset($arryFromJson['one_peer_retention_mode'])) {
$io[_('One peer retention mode')] = array('value' => $arryFromJson['one_peer_retention_mode'], 'isTimestamp' => false);
$io[_('One peer retention mode')] = array(
'value' => $arryFromJson['one_peer_retention_mode'],
'isTimestamp' => false
);
}

if (isset($arryFromJson['event_processing_speed'])) {
$io[_('Event processing speed')] = array('value' => sprintf("%.2f events/s", $arryFromJson['event_processing_speed']), 'isTimestamp' => false);
$io[_('Event processing speed')] = array(
'value' => sprintf("%.2f events/s", $arryFromJson['event_processing_speed']),
'isTimestamp' => false
);
}

if (isset($arryFromJson['queue file']) && isset($arryFromJson['queue file enabled']) && $arryFromJson['queue file enabled'] != "no") {
$io[_('Queue file')] = array('value' => $arryFromJson['queue file'], 'isTimestamp' => false);
if (isset($arryFromJson['queue file'])
&& isset($arryFromJson['queue file enabled'])
&& $arryFromJson['queue file enabled'] != "no"
) {
$io[_('Queue file')] = array(
'value' => $arryFromJson['queue file'],
'isTimestamp' => false
);
}

if (isset($arryFromJson['queue file enabled'])) {
Expand All @@ -98,17 +119,29 @@ function createArrayStats($arryFromJson) {

if (isset($arryFromJson['read_filters']) && $arryFromJson['read_filters']) {
if ($arryFromJson['read_filters'] != 'all') {
$io[_('Input accepted events type')] = array('value' => substr($arryFromJson['read_filters'], 22), 'isTimestamp' => false);
$io[_('Input accepted events type')] = array(
'value' => substr($arryFromJson['read_filters'], 22),
'isTimestamp' => false
);
} else {
$io[_('Input accepted events type')] = array('value' => $arryFromJson['read_filters'], 'isTimestamp' => false);
$io[_('Input accepted events type')] = array(
'value' => $arryFromJson['read_filters'],
'isTimestamp' => false
);
}
}

if (isset($arryFromJson['write_filters']) && $arryFromJson['write_filters']) {
if ($arryFromJson['write_filters'] != 'all') {
$io[_('Output accepted events type')] = array('value' => substr($arryFromJson['write_filters'], 2), 'isTimestamp' => false);
$io[_('Output accepted events type')] = array(
'value' => substr($arryFromJson['write_filters'], 2),
'isTimestamp' => false
);
} else {
$io[_('Output accepted events type')] = array('value' => $arryFromJson['write_filters'], 'isTimestamp' => false);
$io[_('Output accepted events type')] = array(
'value' => $arryFromJson['write_filters'],
'isTimestamp' => false
);
}
}

Expand All @@ -135,7 +168,9 @@ function parseStatsFile($statfile)
$matches[1] = "external-commands";
}

if ((preg_match('/.*external commands.*/', $key) && $json_stats[$key]['state'] != "disconnected") || (!preg_match('/.*external commands.*/', $key))) {
if ((preg_match('/.*external commands.*/', $key) && $json_stats[$key]['state'] != "disconnected")
|| (!preg_match('/.*external commands.*/', $key))
) {
$keySepByDash = explode('-', $key);
$keySepBySpace = explode(' ', $key);
$result['io'][$matches[1]] = createArrayStats($json_stats[$key]);
Expand All @@ -147,7 +182,10 @@ function parseStatsFile($statfile)
/* force type of io */
if (preg_match('/.*external commands.*/', $key)) {
$result['io'][$matches[1]]['type'] = 'input';
} elseif (preg_match('/.*(central-broker-master-sql|centreon-broker-master-rrd|central-broker-master-perfdata).*/', $key)) {
} elseif (preg_match(
'/.*(central-broker-master-sql|centreon-broker-master-rrd|central-broker-master-perfdata).*/',
$key)
) {
$result['io'][$matches[1]]['type'] = 'output';
} elseif (preg_match('/.*(centreon-bam-monitoring|centreon-bam-reporting).*/', $key)) {
$result['io'][$matches[1]]['type'] = 'output';
Expand Down Expand Up @@ -210,7 +248,9 @@ function parseStatsFile($statfile)
/*
* Get poller ID
*/
isset($_POST['pollers']) && $_POST['pollers'] != "" ? $selectedPoller = $_POST['pollers'] : $selectedPoller = $defaultPoller;
isset($_POST['pollers']) && $_POST['pollers'] != ""
? $selectedPoller = $_POST['pollers']
: $selectedPoller = $defaultPoller;
if (!isset($selectedPoller)) {
$tmpKeys = array_keys($pollerList);
$selectedPoller = $tmpKeys[0];
Expand Down Expand Up @@ -266,7 +306,14 @@ function parseStatsFile($statfile)
if ($defaultPoller != $selectedPoller) {
$statsfile = _CENTREON_VARLIB_ . '/broker-stats/broker-stats-' . $selectedPoller . '.dat';
}
if (!file_exists($statsfile) || !is_readable($statsfile)) {

/**
* check if file exists, is readable and inside proper folder
*/
if (!file_exists($statsfile)
|| !is_readable($statsfile)
|| (substr(realpath($statsfile), 0, strlen(_CENTREON_VARLIB_)) !== _CENTREON_VARLIB_ )
) {
$perf_err[$row['config_name']] = _('Cannot open statistics file');
} else {
$perf_info[$row['config_name']] = parseStatsFile($statsfile);
Expand Down

0 comments on commit 1de4a4a

Please sign in to comment.