Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
[SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394)
Browse files Browse the repository at this point in the history 
* Sanitize and bind ACL host dependency queries

* fix issues
  • Loading branch information
@emabassi-ext
emabassi-ext authored Jul 29, 2022
1 parent 8a1d2b4 commit dedb0d9
Showing 1 changed file with 17 additions and 10 deletions.
27 changes: 17 additions & 10 deletions www/include/configuration/configObject/host_dependency/DB-Func.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,11 +123,14 @@ function multipleHostDependencyInDB($dependencies = array(), $nbrDup = array())
"WHERE dependency_dep_id = " . $key;
$dbResult = $pearDB->query($query);
$fields["dep_serviceChilds"] = "";
$statement = $pearDB->prepare("INSERT INTO dependency_serviceChild_relation " .
" VALUES (:max_dep_id, :service_id, :host_host_id)");
while ($service = $dbResult->fetch()) {
$query = "INSERT INTO dependency_serviceChild_relation VALUES ('" .
$maxId["MAX(dep_id)"] . "', '" . $service["service_service_id"] . "', '" .
$service["host_host_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':max_dep_id', (int)$maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':service_id', (int)$service["service_service_id"], \PDO::PARAM_INT);
$statement->bindValue(':host_host_id', (int)$service["host_host_id"], \PDO::PARAM_INT);
$statement->execute();

$fields["dep_serviceChilds"] .= $service["host_host_id"] .
'-' . $service["service_service_id"] . ",";
}
Expand All @@ -136,10 +139,12 @@ function multipleHostDependencyInDB($dependencies = array(), $nbrDup = array())
"WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_hostParents"] = "";
$statement = $pearDB->prepare("INSERT INTO dependency_hostParent_relation " .
"VALUES (:max_dep_id, :host_host_id)");
while ($host = $dbResult->fetch()) {
$query = "INSERT INTO dependency_hostParent_relation " .
"VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $host["host_host_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':max_dep_id', (int)$maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':host_host_id', (int)$host["host_host_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_hostParents"] .= $host["host_host_id"] . ",";
}
$fields["dep_hostParents"] = trim($fields["dep_hostParents"], ",");
Expand All @@ -148,10 +153,12 @@ function multipleHostDependencyInDB($dependencies = array(), $nbrDup = array())
"WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_hostChilds"] = "";
$statement = $pearDB->prepare("INSERT INTO dependency_hostChild_relation " .
"VALUES (:max_dep_id, :host_host_id)");
while ($host = $dbResult->fetch()) {
$query = "INSERT INTO dependency_hostChild_relation " .
"VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $host["host_host_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':max_dep_id', (int)$maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':host_host_id', (int)$host["host_host_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_hostChilds"] .= $host["host_host_id"] . ",";
}
$fields["dep_hostChilds"] = trim($fields["dep_hostChilds"], ",");
Expand Down

0 comments on commit dedb0d9

Please sign in to comment.