Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

fix(secu): remove unused http parameters in hostXML file #8079

Merged
merged 2 commits into from
Oct 31, 2019
Merged

fix(secu): remove unused http parameters in hostXML file #8079

merged 2 commits into from
Oct 31, 2019

Conversation

sc979
Copy link
Contributor

@sc979 sc979 commented Oct 31, 2019

Pull Request Template

Description

Remove or sanitize $_GET parameters to avoid SQL injection in:
hostXML file

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software
  • Updating documentation (missing information, typo...)

Target serie

  • 2.8.x
  • 18.10.x
  • 19.04.x
  • 19.10.x
  • 20.10.x (master)

How this pull request can be tested ?

please contact me.

Checklist

Community contributors & Centreon team

  • I followed the coding style guidelines provided by Centreon
  • I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have made corresponding changes to the documentation.
  • I have rebased my development branch on the base branch (master, maintenance).

Centreon team only

  • I have made sure that the unit tests related to the story are successful.
  • I have made sure that unit tests cover 80% of the code written for the story.
  • I have made sure that acceptance tests related to the story are successful (local and CI)

@sc979 sc979 self-assigned this Oct 31, 2019
@sc979 sc979 force-pushed the MON-4422-fix-master-sql-injections-in-monitoring-pages branch from c2b8539 to 765d415 Compare October 31, 2019 09:17
@sc979 sc979 force-pushed the MON-4431-for-master-unused-http-arguments-in-hostXML branch from 7e1b327 to 9cc1574 Compare October 31, 2019 10:02
@sc979 sc979 merged commit e567a41 into MON-4422-fix-master-sql-injections-in-monitoring-pages Oct 31, 2019
@sc979 sc979 deleted the MON-4431-for-master-unused-http-arguments-in-hostXML branch October 31, 2019 10:03
sc979 added a commit that referenced this pull request Nov 4, 2019
@sc979
fix(secu): remove unused http parameters in hostXML file (#8079)
c53e78e 
* style
* fix(secu): sanitize or remove unused params in hostXML file
@sc979 sc979 mentioned this pull request Nov 6, 2019
Merged
17 tasks
sc979 added a commit that referenced this pull request Nov 6, 2019
@sc979
fix(secu): remove unused http parameters in hostXML file (#8079)
9f431db 
* style
* fix(secu): sanitize or remove unused params in hostXML file
sc979 added a commit that referenced this pull request Nov 8, 2019
@sc979
fix(secu): remove unused http parameters in hostXML file (#8079)
34eb7db 
* style
* fix(secu): sanitize or remove unused params in hostXML file
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): remove unused http parameters in hostXML file (#8079)
51de910 
* style
* fix(secu): sanitize or remove unused params in hostXML file
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
9738668 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
88cc5ef 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
f738041 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
dd75b18 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@adr-mo adr-mo adr-mo approved these changes

@kduret kduret kduret approved these changes

@callapa callapa Awaiting requested review from callapa

@loiclau loiclau Awaiting requested review from loiclau

Assignees

@sc979 sc979

Labels
area/security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sc979 @kduret @adr-mo