Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
Merge pull request #7226 from centreon/mon-3312-fix-file-inclusion
Browse files Browse the repository at this point in the history
fix(security): fix vulnerability for file loading
  • Loading branch information
victorvassilev authored Mar 22, 2019
2 parents f84baa3 + 3446170 commit 4bfd7d7
Showing 1 changed file with 26 additions and 6 deletions.
32 changes: 26 additions & 6 deletions www/include/Administration/brokerPerformance/brokerPerformance.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,10 @@ function createArrayStats($arryFromJson) {
$io[_('State')]['value'] = $arryFromJson['state'];
if ($arryFromJson['state'] == "disconnected") {
$io[_('State')]['class'] = "badge service_critical";
} elseif ($arryFromJson['state'] == "listening" || $arryFromJson['state'] == "connected" || $arryFromJson['state'] == "connecting") {
} elseif ($arryFromJson['state'] == "listening"
|| $arryFromJson['state'] == "connected"
|| $arryFromJson['state'] == "connecting"
) {
$io[_('State')]['class'] = "badge service_ok";
} elseif ($arryFromJson['state'] == "sleeping" || $arryFromJson['state'] == "blocked") {
$io[_('State')]['class'] = "badge service_warning";
Expand Down Expand Up @@ -82,7 +85,10 @@ function createArrayStats($arryFromJson) {
$io[_('Event processing speed')] = sprintf("%.2f events/s", $arryFromJson['event_processing_speed']);
}

if (isset($arryFromJson['queue file']) && isset($arryFromJson['queue file enabled']) && $arryFromJson['queue file enabled'] != "no") {
if (isset($arryFromJson['queue file'])
&& isset($arryFromJson['queue file enabled'])
&& $arryFromJson['queue file enabled'] != "no"
) {
$io[_('Queue file')] = $arryFromJson['queue file'];
}

Expand Down Expand Up @@ -137,7 +143,9 @@ function parseStatsFile($statfile)
$matches[1] = "external-commands";
}

if ((preg_match('/.*external commands.*/', $key) && $json_stats[$key]['state'] != "disconnected") || (!preg_match('/.*external commands.*/', $key))) {
if ((preg_match('/.*external commands.*/', $key) && $json_stats[$key]['state'] != "disconnected") ||
(!preg_match('/.*external commands.*/', $key))
) {
$result['io'][$matches[1]] = createArrayStats($json_stats[$key]);
$result['io'][$matches[1]]['type'] = end(explode('-', $key));
$result['io'][$matches[1]]['id'] = end(explode(' ', $key));
Expand All @@ -147,7 +155,10 @@ function parseStatsFile($statfile)
/* force type of io */
if (preg_match('/.*external commands.*/', $key)) {
$result['io'][$matches[1]]['type'] = 'input';
} elseif (preg_match('/.*(central-broker-master-sql|centreon-broker-master-rrd|central-broker-master-perfdata).*/', $key)) {
} elseif (preg_match(
'/.*(central-broker-master-sql|centreon-broker-master-rrd|central-broker-master-perfdata).*/',
$key)
) {
$result['io'][$matches[1]]['type'] = 'output';
} elseif (preg_match('/.*(centreon-bam-monitoring|centreon-bam-reporting).*/', $key)) {
$result['io'][$matches[1]]['type'] = 'output';
Expand Down Expand Up @@ -210,7 +221,9 @@ function parseStatsFile($statfile)
/*
* Get poller ID
*/
isset($_POST['pollers']) && $_POST['pollers'] != "" ? $selectedPoller = $_POST['pollers'] : $selectedPoller = $defaultPoller;
isset($_POST['pollers']) && $_POST['pollers'] != ""
? $selectedPoller = $_POST['pollers']
: $selectedPoller = $defaultPoller;
if (!isset($selectedPoller)) {
$tmpKeys = array_keys($pollerList);
$selectedPoller = $tmpKeys[0];
Expand Down Expand Up @@ -267,7 +280,14 @@ function parseStatsFile($statfile)
if ($defaultPoller != $selectedPoller) {
$statsfile = _CENTREON_VARLIB_ . '/broker-stats/broker-stats-' . $selectedPoller . '.dat';
}
if (!file_exists($statsfile) || !is_readable($statsfile)) {

/**
* check if file exists, is readable and inside proper folder
*/
if (!file_exists($statsfile)
|| !is_readable($statsfile)
|| (substr(realpath($statsfile), 0, strlen(_CENTREON_VARLIB_)) !== _CENTREON_VARLIB_ )
) {
$perf_err[$row['config_name']] = _('Cannot open statistics file');
} else {
$perf_info[$row['config_name']] = parseStatsFile($statsfile);
Expand Down

0 comments on commit 4bfd7d7

Please sign in to comment.