chore(release): merge release 21.10.9 into 21.10.x (#11628)

* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <listas.vhs@gmail.com>

Co-authored-by: VHS <listas.vhs@gmail.com>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <sduret@centreon.com>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(install): Update version to 21.10.9

* fix(sql): fix query to select contact during ldap import (#11579)

Refs: MON-14263

* (fix)MON-14742 Escape database name in CentACL (#11602)

* fixed issue of using special chars in db names

* fix escape database name

* fixed security issue on sql requests

* fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619)

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>

.github/CODEOWNERS

@@ -1,12 +1,15 @@
-/.github/       @centreon/centreon-ci
-/.git*          @centreon/centreon-ci
-/.project       @centreon/centreon-ci
-/Jenkinsfile    @centreon/centreon-ci
-/selinux/       @centreon/centreon-ci
-/project/       @centreon/centreon-ci
-*.sh            @centreon/centreon-ci
+/.github/       @centreon/centreon-devops
+/.git*          @centreon/centreon-devops
+/.project       @centreon/centreon-devops
+/Jenkinsfile    @centreon/centreon-devops
+/selinux/       @centreon/centreon-devops
+/project/       @centreon/centreon-devops
+*.sh            @centreon/centreon-devops
 
-*.po            @ghost
+/.snyk				@centreon/centreon-security
+/sonar-project.properties	@centreon/centreon-security
+
+*.po            @centreon/centreon-documentation
 
 /src/                  @centreon/centreon-php
 /config/               @centreon/centreon-php

Jenkinsfile

@@ -461,6 +461,4 @@ try {
             "*COMMIT*: <https://github.com/centreon/centreon/commit/${source.COMMIT}|here> by ${source.COMMITTER}\n" +
             "*INFO*: ${e}"
   }
-
-  currentBuild.result = 'FAILURE'
 }

SECURITY_ACK.md

@@ -14,6 +14,7 @@ Centreon reserves the right to make final decisions regarding publishing acknowl
 
 <h3> 2022 </h3>
 
+* 2022/05/23 - Lucas Carmo and Daniel França Lima from [Hakaï Security](https://www.hakaioffensivesecurity.com/)
 * 2022/02/16 - Anonymous working with Trend Micro Zero Day Initiative
 
 <h3> 2021 </h3>

composer.json

@@ -7,6 +7,9 @@
         "secure-http": false,
         "platform": {
             "php": "8.0"
+        },
+        "allow-plugins": {
+            "symfony/flex": true
         }
     },
     "require-dev": {
@@ -15,7 +18,7 @@
         "behat/mink": "dev-master#a534fe7dac9525e8e10ca68e737c3d7e5058ec83",
         "behat/mink-extension": "^2.3",
         "behat/mink-selenium2-driver": "^1.4",
-        "centreon/centreon-test-lib": "dev-master",
+        "centreon/centreon-test-lib": "21.10.x-dev",
         "phpstan/phpstan": "^0.12.59",
         "phpstan/phpstan-beberlei-assert": "^0.12",
         "phpunit/phpunit": "^9.5",
@@ -26,7 +29,7 @@
         "symfony/twig-bundle": "^4.4",
         "symfony/var-dumper": "4.4.*",
         "symfony/web-profiler-bundle": "^4.4",
-        "twig/twig": "^2.0",
+        "twig/twig": "2.*",
         "webmozart/assert": "^1.8",
         "zircote/swagger-php": "^3.0"
     },
@@ -51,7 +54,7 @@
         "phpdocumentor/reflection-docblock": "^5.2",
         "pimple/pimple": "^3.2",
         "sensio/framework-extra-bundle": "^5.3",
-        "smarty/smarty": "^3.1",
+        "smarty/smarty": "3.*",
         "smarty-gettext/smarty-gettext": "^1.6",
         "symfony/console": "4.4.*",
         "symfony/dotenv": "4.4.*",

cron/centAcl.php

@@ -172,15 +172,15 @@
      * Remove data from old groups (deleted groups)
      */
     $aclGroupToDelete = "SELECT DISTINCT acl_group_id
-        FROM " . $centreonDbName . ".acl_groups WHERE acl_group_activate = '1'";
-    $aclGroupToDelete2 = "SELECT DISTINCT acl_group_id FROM " . $centreonDbName . ".acl_res_group_relations";
-    $pearDB->beginTransaction();
+        FROM `" . $centreonDbName . "`.acl_groups WHERE acl_group_activate = '1'";
+    $aclGroupToDelete2 = "SELECT DISTINCT acl_group_id FROM `" . $centreonDbName . "`.acl_res_group_relations";
+    $pearDBO->beginTransaction();
     try {
         $pearDBO->query("DELETE FROM centreon_acl WHERE group_id NOT IN (" . $aclGroupToDelete . ")");
         $pearDBO->query("DELETE FROM centreon_acl WHERE group_id NOT IN (" . $aclGroupToDelete2 . ")");
-        $pearDB->commit();
+        $pearDBO->commit();
     } catch (\PDOException $e) {
-        $pearDB->rollBack();
+        $pearDBO->rollBack();
         $centreonLog->insertLog(
             2,
             "CentACL CRON: failed to delete old groups relations"

features/VirtualMetricHandle.feature

@@ -5,16 +5,16 @@ Feature: Virtual Metric Handle
 
     Background:
         Given I am logged in a Centreon server with configured metrics
-   
+
     Scenario: Create a virtual metric
         When I add a virtual metric
         Then all properties are saved
-        
+
     Scenario: Duplicate a virtual metric
         Given an existing virtual metric
         When I duplicate a virtual metric
         Then all properties are copied except the name
-        
+
     Scenario: Delete a virtual metric
         Given an existing virtual metric
         When I delete a virtual metric

features/bootstrap/VirtualMetricHandleContext.php

@@ -24,7 +24,8 @@ public function iAddAVirtualMetric()
         $this->page = new MetricsConfigurationPage($this);
         $this->page->setProperties(array(
             'name' => $this->vmName,
-            'linked-host_services' => $this->host . ' - ' . $this->hostService
+            'linked-host_services' => $this->host . ' - ' . $this->hostService,
+            'known_metrics' => $this->functionRPN,
         ));
         $this->page->setProperties(array('function' => $this->functionRPN));
         $this->page->save();

lang/es_ES.UTF-8/LC_MESSAGES/messages.po

@@ -9079,10 +9079,6 @@ msgstr "Compruebe si el servicio está parado"
 msgid "Preexec definition"
 msgstr "Definiendo el comando PREEXEC"
 
-#: centreon-web/www/include/configuration/configObject/traps/formTraps.php:360
-msgid "The same OID element already exists"
-msgstr "El mismo OID ya existe."
-
 #: centreon-web/www/include/configuration/configObject/traps/formTraps.php:368
 msgid "Advanced matching rules"
 msgstr "Reglas de correspondencia avanzadas"
@@ -14745,7 +14741,7 @@ msgid "Clear filter"
 msgstr ""
 
 msgid "Last check with OK status"
-msgstr "" 
+msgstr ""
 
 # msgid "Status type"
 # msgstr ""
@@ -14757,4 +14753,7 @@ msgstr ""
 # msgstr ""
 
 # msgid "Force active checks"
-# msgstr ""
+# msgstr ""
+
+#  msgid "Warning, maximum size exceeded for input '%s' (max: %d), it will be truncated upon saving"
+#  msgstr ""

lang/fr_FR.UTF-8/LC_MESSAGES/messages.po

@@ -9564,10 +9564,6 @@ msgstr "Contrôle si le service est en plage de maintenance"
 msgid "Preexec definition"
 msgstr "Définition de la commande PREEXEC"
 
-#: centreon-web/www/include/configuration/configObject/traps/formTraps.php:360
-msgid "The same OID element already exists"
-msgstr "Le même OID existe déjà"
-
 #: centreon-web/www/include/configuration/configObject/traps/formTraps.php:368
 msgid "Advanced matching rules"
 msgstr "Règles de correspondance avancées"
@@ -16325,4 +16321,7 @@ msgid "Your new password and autologin key must be different"
 msgstr "Votre nouveau mot de passe et votre clé d'autologin doivent être différents"
 
 # msgid "Force active checks"
-# msgstr "Forcer les contrôles actif"
+# msgstr "Forcer les contrôles actif"
+
+msgid "Warning, maximum size exceeded for input '%s' (max: %d), it will be truncated upon saving"
+msgstr "Attention, taille maximale dépassée pour le champ '%s' (max: %d), il sera tronqué à l'enregistrement"

lang/pt_BR.UTF-8/LC_MESSAGES/messages.po

@@ -10237,10 +10237,6 @@ msgstr "Checagem de Manutenção"
 msgid "Preexec definition"
 msgstr "Definição de pré-execução"
 
-#: centreon-web/www/include/configuration/configObject/traps/formTraps.php:376
-msgid "The same OID element already exists"
-msgstr "O mesmo OID já existe"
-
 #: centreon-web/www/include/configuration/configObject/traps/formTraps.php:384
 msgid "Advanced matching rules"
 msgstr "Regras de correspondencia avançada"
@@ -15208,4 +15204,7 @@ msgstr ""
 # msgstr ""
 
 # msgid "Force active checks"
-# msgstr ""
+# msgstr ""
+
+#  msgid "Warning, maximum size exceeded for input '%s' (max: %d), it will be truncated upon saving"
+#  msgstr ""