Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Fix: Sanitize and bind CALPI Centreon service class #11765

Merged
merged 2 commits into from
Sep 20, 2022
Merged

Fix: Sanitize and bind CALPI Centreon service class #11765

merged 2 commits into from
Sep 20, 2022

Conversation

emabassi-ext
Copy link
Contributor

Description

Queries should be sanitized (if possible) and bound using PDO statement to reduce attack surface and clean legacy code

in : www/class/centreon-clapi/centreonService.class.php
Line: 1672

Fixes # MON-14961

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

Target serie

  • 21.04.x
  • 21.10.x
  • 22.04.x
  • 22.10.x (master)

How this pull request can be tested ?

  1. Configure custom macros on a service using UI
  2. Export configuration using CLAPI
  3. centreon -u admin -p 'Centreon!2021' -o SERVICE -e
  4. check if custom macros have been exported, you must have lines like:

SERVICE;setmacro;centreon-central;Broker-Stats;filtername;toto;0;

Checklist

Community contributors & Centreon team

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (master, maintenance).

@emabassi-ext emabassi-ext self-assigned this Sep 15, 2022
@emabassi-ext emabassi-ext requested a review from a team September 15, 2022 09:33
@emabassi-ext @kduret
Update www/class/centreon-clapi/centreonService.class.php
29e01b1 
space added into query

Co-authored-by: Kevin Duret <kduret@centreon.com>
@sonarqube-decoration
Copy link

SonarQube Quality Gate

Quality Gate passed

Bug C 8 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots (100.0% 100.0% reviewed)
Code Smell A 2077 Code Smells

0.0% 0.0% Coverage
4.1% 4.1% Duplication

@emabassi-ext emabassi-ext merged commit 646d3b9 into develop Sep 20, 2022
@emabassi-ext emabassi-ext deleted the MON-14961-sanitize-and-bind-calpi-centreon-service-class branch September 20, 2022 11:44
emabassi-ext added a commit that referenced this pull request Sep 21, 2022
@emabassi-ext @kduret
Fix: Sanitize and bind CALPI Centreon service class (#11765)
aae38e0 
* sanitize and bine clapi centreon service class

* Update www/class/centreon-clapi/centreonService.class.php

space added into query

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>
emabassi-ext added a commit that referenced this pull request Sep 21, 2022
@emabassi-ext @kduret
Fix: Sanitize and bind CALPI Centreon service class (#11765)
134499b 
* sanitize and bine clapi centreon service class

* Update www/class/centreon-clapi/centreonService.class.php

space added into query

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kduret kduret kduret approved these changes

@callapa callapa callapa approved these changes

@jeremyjaouen jeremyjaouen Awaiting requested review from jeremyjaouen

@dmyios dmyios Awaiting requested review from dmyios

@wtermellil wtermellil Awaiting requested review from wtermellil

Assignees

@emabassi-ext emabassi-ext

Labels
area/backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@emabassi-ext @callapa @kduret