From 9f76e8c4bf583a8ac72a9239bb8cc2f2922954d7 Mon Sep 17 00:00:00 2001 From: Laurent Pinsivy Date: Thu, 16 Jul 2020 12:56:24 +0200 Subject: [PATCH] fix(security): fix vulnerability for file loading (#7227) (#8847) * fix(security): fix vulnerability for file loading (#7227) * fix(code): fix PSR2 * fix(code): correct variable name Co-authored-by: victorvassilev --- .../brokerPerformance/brokerPerformance.php | 130 ++++++++++++------ 1 file changed, 91 insertions(+), 39 deletions(-) diff --git a/www/include/Administration/brokerPerformance/brokerPerformance.php b/www/include/Administration/brokerPerformance/brokerPerformance.php index 0fae569cb05..4633d42d959 100644 --- a/www/include/Administration/brokerPerformance/brokerPerformance.php +++ b/www/include/Administration/brokerPerformance/brokerPerformance.php @@ -42,75 +42,109 @@ require_once "./class/centreonGMT.class.php"; require_once realpath(dirname(__FILE__) . "/../../../../config/centreon.config.php"); -function createArrayStats($arryFromJson) +function createArrayStats($arrayFromJson) { $io = array('class' => 'stats_lv1'); - if (isset($arryFromJson['state'])) { - $io[_('State')]['value'] = $arryFromJson['state']; - if ($arryFromJson['state'] == "disconnected") { + if (isset($arrayFromJson['state'])) { + $io[_('State')]['value'] = $arrayFromJson['state']; + if ($arrayFromJson['state'] == "disconnected") { $io[_('State')]['class'] = "badge service_critical"; - } elseif ($arryFromJson['state'] == "listening" || $arryFromJson['state'] == "connected" || $arryFromJson['state'] == "connecting") { + } elseif ( + $arrayFromJson['state'] == "listening" + || $arrayFromJson['state'] == "connected" + || $arrayFromJson['state'] == "connecting" + ) { $io[_('State')]['class'] = "badge service_ok"; - } elseif ($arryFromJson['state'] == "sleeping" || $arryFromJson['state'] == "blocked") { + } elseif ($arrayFromJson['state'] == "sleeping" || $arrayFromJson['state'] == "blocked") { $io[_('State')]['class'] = "badge service_warning"; } } - if (isset($arryFromJson['status']) && $arryFromJson['status']) { - $io[_('Status')] = array('value' => $arryFromJson['status'], 'isTimestamp' => false); + if (isset($arrayFromJson['status']) && $arrayFromJson['status']) { + $io[_('Status')] = array('value' => $arrayFromJson['status'], 'isTimestamp' => false); } - if (isset($arryFromJson['last_event_at']) && $arryFromJson['last_event_at'] != -1) { - $io[_('Last event at')] = array('value' => $arryFromJson['last_event_at'], 'isTimestamp' => true); + if (isset($arrayFromJson['last_event_at']) && $arrayFromJson['last_event_at'] != -1) { + $io[_('Last event at')] = array('value' => $arrayFromJson['last_event_at'], 'isTimestamp' => true); } - if (isset($arryFromJson['last_connection_attempt']) && $arryFromJson['last_connection_attempt'] != -1) { - $io[_('Last connection attempt')] = array('value' => $arryFromJson['last_connection_attempt'], 'isTimestamp' => true); + if (isset($arrayFromJson['last_connection_attempt']) && $arrayFromJson['last_connection_attempt'] != -1) { + $io[_('Last connection attempt')] = array( + 'value' => $arrayFromJson['last_connection_attempt'], + 'isTimestamp' => true + ); } - if (isset($arryFromJson['last_connection_success']) && $arryFromJson['last_connection_success'] != -1) { - $io[_('Last connection success')] = array('value' => $arryFromJson['last_connection_success'], 'isTimestamp' => true); - ; + if (isset($arrayFromJson['last_connection_success']) && $arrayFromJson['last_connection_success'] != -1) { + $io[_('Last connection success')] = array( + 'value' => $arrayFromJson['last_connection_success'], + 'isTimestamp' => true + ); } - if (isset($arryFromJson['one_peer_retention_mode'])) { - $io[_('One peer retention mode')] = array('value' => $arryFromJson['one_peer_retention_mode'], 'isTimestamp' => false); + if (isset($arrayFromJson['one_peer_retention_mode'])) { + $io[_('One peer retention mode')] = array( + 'value' => $arrayFromJson['one_peer_retention_mode'], + 'isTimestamp' => false + ); } - if (isset($arryFromJson['event_processing_speed'])) { - $io[_('Event processing speed')] = array('value' => sprintf("%.2f events/s", $arryFromJson['event_processing_speed']), 'isTimestamp' => false); + if (isset($arrayFromJson['event_processing_speed'])) { + $io[_('Event processing speed')] = array( + 'value' => sprintf("%.2f events/s", $arrayFromJson['event_processing_speed']), + 'isTimestamp' => false + ); } - if (isset($arryFromJson['queue file']) && isset($arryFromJson['queue file enabled']) && $arryFromJson['queue file enabled'] != "no") { - $io[_('Queue file')] = array('value' => $arryFromJson['queue file'], 'isTimestamp' => false); + if ( + isset($arrayFromJson['queue file']) + && isset($arrayFromJson['queue file enabled']) + && $arrayFromJson['queue file enabled'] != "no" + ) { + $io[_('Queue file')] = array( + 'value' => $arrayFromJson['queue file'], + 'isTimestamp' => false + ); } - if (isset($arryFromJson['queue file enabled'])) { - $io[_('Queued file enabled')] = array('value' => $arryFromJson['queue file enabled'], 'isTimestamp' => false); + if (isset($arrayFromJson['queue file enabled'])) { + $io[_('Queued file enabled')] = array('value' => $arrayFromJson['queue file enabled'], 'isTimestamp' => false); } - if (isset($arryFromJson['queued_events'])) { - $io[_('Queued events')] = array('value' => $arryFromJson['queued_events'], 'isTimestamp' => false); + if (isset($arrayFromJson['queued_events'])) { + $io[_('Queued events')] = array('value' => $arrayFromJson['queued_events'], 'isTimestamp' => false); } - if (isset($arryFromJson['memory file'])) { - $io[_('Memory file')] = array('value' => $arryFromJson['memory file'], 'isTimestamp' => false); + if (isset($arrayFromJson['memory file'])) { + $io[_('Memory file')] = array('value' => $arrayFromJson['memory file'], 'isTimestamp' => false); } - if (isset($arryFromJson['read_filters']) && $arryFromJson['read_filters']) { - if ($arryFromJson['read_filters'] != 'all') { - $io[_('Input accepted events type')] = array('value' => substr($arryFromJson['read_filters'], 22), 'isTimestamp' => false); + if (isset($arrayFromJson['read_filters']) && $arrayFromJson['read_filters']) { + if ($arrayFromJson['read_filters'] != 'all') { + $io[_('Input accepted events type')] = array( + 'value' => substr($arrayFromJson['read_filters'], 22), + 'isTimestamp' => false + ); } else { - $io[_('Input accepted events type')] = array('value' => $arryFromJson['read_filters'], 'isTimestamp' => false); + $io[_('Input accepted events type')] = array( + 'value' => $arrayFromJson['read_filters'], + 'isTimestamp' => false + ); } } - if (isset($arryFromJson['write_filters']) && $arryFromJson['write_filters']) { - if ($arryFromJson['write_filters'] != 'all') { - $io[_('Output accepted events type')] = array('value' => substr($arryFromJson['write_filters'], 2), 'isTimestamp' => false); + if (isset($arrayFromJson['write_filters']) && $arrayFromJson['write_filters']) { + if ($arrayFromJson['write_filters'] != 'all') { + $io[_('Output accepted events type')] = array( + 'value' => substr($arrayFromJson['write_filters'], 2), + 'isTimestamp' => false + ); } else { - $io[_('Output accepted events type')] = array('value' => $arryFromJson['write_filters'], 'isTimestamp' => false); + $io[_('Output accepted events type')] = array( + 'value' => $arrayFromJson['write_filters'], + 'isTimestamp' => false + ); } } @@ -136,7 +170,10 @@ function parseStatsFile($statfile) $matches[1] = "external-commands"; } - if ((preg_match('/.*external commands.*/', $key) && $json_stats[$key]['state'] != "disconnected") || (!preg_match('/.*external commands.*/', $key))) { + if ( + (preg_match('/.*external commands.*/', $key) && $json_stats[$key]['state'] != "disconnected") + || !preg_match('/.*external commands.*/', $key) + ) { $keySepByDash = explode('-', $key); $keySepBySpace = explode(' ', $key); $result['io'][$matches[1]] = createArrayStats($json_stats[$key]); @@ -148,7 +185,12 @@ function parseStatsFile($statfile) /* force type of io */ if (preg_match('/.*external commands.*/', $key)) { $result['io'][$matches[1]]['type'] = 'input'; - } elseif (preg_match('/.*(central-broker-master-sql|centreon-broker-master-rrd|central-broker-master-perfdata).*/', $key)) { + } elseif ( + preg_match( + '/.*(central-broker-master-sql|centreon-broker-master-rrd|central-broker-master-perfdata).*/', + $key + ) + ) { $result['io'][$matches[1]]['type'] = 'output'; } elseif (preg_match('/.*(centreon-bam-monitoring|centreon-bam-reporting).*/', $key)) { $result['io'][$matches[1]]['type'] = 'output'; @@ -211,7 +253,9 @@ function parseStatsFile($statfile) /* * Get poller ID */ -isset($_POST['pollers']) && $_POST['pollers'] != "" ? $selectedPoller = $_POST['pollers'] : $selectedPoller = $defaultPoller; +isset($_POST['pollers']) && $_POST['pollers'] != "" + ? $selectedPoller = $_POST['pollers'] + : $selectedPoller = $defaultPoller; if (!isset($selectedPoller)) { $tmpKeys = array_keys($pollerList); $selectedPoller = $tmpKeys[0]; @@ -267,7 +311,15 @@ function parseStatsFile($statfile) if ($defaultPoller != $selectedPoller) { $statsfile = _CENTREON_VARLIB_ . '/broker-stats/broker-stats-' . $selectedPoller . '.dat'; } - if (!file_exists($statsfile) || !is_readable($statsfile)) { + + /** + * check if file exists, is readable and inside proper folder + */ + if ( + !file_exists($statsfile) + || !is_readable($statsfile) + || (substr(realpath($statsfile), 0, strlen(_CENTREON_VARLIB_)) !== _CENTREON_VARLIB_ ) + ) { $perf_err[$row['config_name']] = _('Cannot open statistics file'); } else { $perf_info[$row['config_name']] = parseStatsFile($statsfile);