Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
Snyk: Sanitize and bind ACL service dependency queries (#11387)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hyahiaoui-ext
hyahiaoui-ext committed Jul 29, 2022
1 parent 35967db commit d18c878
Showing 1 changed file with 27 additions and 10 deletions.
37 changes: 27 additions & 10 deletions www/include/configuration/configObject/service_dependency/DB-Func.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,32 +127,49 @@ function multipleServiceDependencyInDB($dependencies = array(), $nbrDup = array(
$query = "SELECT * FROM dependency_hostChild_relation WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_hostPar"] = "";
$query = "INSERT INTO dependency_hostChild_relation VALUES (:dep_id, :host_host_id)";
$statement = $pearDB->prepare($query);
while ($host = $dbResult->fetch()) {
$query = "INSERT INTO dependency_hostChild_relation VALUES ('" . $maxId["MAX(dep_id)"] .
"', '" . $host["host_host_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':host_host_id', (int) $host["host_host_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_hostPar"] .= $host["host_host_id"] . ",";
}
$fields["dep_hostPar"] = trim($fields["dep_hostPar"], ",");

$query = "SELECT * FROM dependency_serviceParent_relation WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_hSvPar"] = "";
$query = "INSERT INTO dependency_serviceParent_relation
VALUES (:dep_id, :service_service_id, :host_host_id)";
$statement = $pearDB->prepare($query);
while ($service = $dbResult->fetch()) {
$query = "INSERT INTO dependency_serviceParent_relation VALUES ('" .
$maxId["MAX(dep_id)"] . "', '" . $service["service_service_id"] . "', '" .
$service["host_host_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(
':service_service_id',
(int) $service["service_service_id"],
\PDO::PARAM_INT
);
$statement->bindValue(':host_host_id', (int) $service["host_host_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_hSvPar"] .= $service["service_service_id"] . ",";
}
$fields["dep_hSvPar"] = trim($fields["dep_hSvPar"], ",");
$query = "SELECT * FROM dependency_serviceChild_relation WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_hSvChi"] = "";
$query = "INSERT INTO dependency_serviceChild_relation
VALUES (:dep_id, :service_service_id, :host_host_id)";
$statement = $pearDB->prepare($query);
while ($service = $dbResult->fetch()) {
$query = "INSERT INTO dependency_serviceChild_relation VALUES ('" . $maxId["MAX(dep_id)"] .
"', '" . $service["service_service_id"] . "', '" . $service["host_host_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(
':service_service_id',
(int) $service["service_service_id"],
\PDO::PARAM_INT
);
$statement->bindValue(':host_host_id', (int) $service["host_host_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_hSvChi"] .= $service["service_service_id"] . ",";
}
$fields["dep_hSvChi"] = trim($fields["dep_hSvChi"], ",");
Expand Down

0 comments on commit d18c878

Please sign in to comment.