centreon · vhr · Mar 25, 2020 · Mar 20, 2020 · Mar 20, 2020 · Mar 20, 2020
diff --git a/src/Centreon/Domain/Monitoring/Exception/ResourceException.php b/src/Centreon/Domain/Monitoring/Exception/ResourceException.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * Copyright 2005 - 2020 Centreon (https://www.centreon.com/)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * For more information : contact@centreon.com
+ *
+ */
+declare(strict_types=1);
+
+namespace Centreon\Domain\Monitoring\Exception;
+
+class ResourceException extends \Exception
+{
+}
diff --git a/src/Centreon/Domain/Monitoring/Interfaces/ResourceRepositoryInterface.php b/src/Centreon/Domain/Monitoring/Interfaces/ResourceRepositoryInterface.php
@@ -40,4 +40,12 @@ public function findResources(ResourceFilter $filter): array;
      * @return ResourceRepositoryInterface
      */
     public function setContact(ContactInterface $contact): self;
+
+    /**
+     * Sets the access groups that will be used to filter services and the host.
+     *
+     * @param \Centreon\Domain\Security\AccessGroup[]|null $accessGroups
+     * @return ResourceRepositoryInterface
+     */
+    public function filterByAccessGroups(?array $accessGroups): ResourceRepositoryInterface;
 }
diff --git a/src/Centreon/Domain/Monitoring/Interfaces/ResourceServiceInterface.php b/src/Centreon/Domain/Monitoring/Interfaces/ResourceServiceInterface.php
@@ -104,4 +104,15 @@ interface ResourceServiceInterface
      * @throws \Exception
      */
     public function findResources(ResourceFilter $filter): array;
+
+    /**
+     * Used to filter requests according to a contact.
+     * If the filter is defined, all requests will use the ACL of the contact
+     * to fetch data.
+     *
+     * @param mixed $contact Contact to use as a ACL filter
+     * @return ResourceServiceInterface
+     * @throws \Exception
+     */
+    public function filterByContact($contact);
 }
diff --git a/src/Centreon/Domain/Monitoring/ResourceService.php b/src/Centreon/Domain/Monitoring/ResourceService.php
@@ -22,6 +22,7 @@
 
 namespace Centreon\Domain\Monitoring;
 
+use Centreon\Domain\Monitoring\Exception\ResourceException;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Centreon\Domain\Monitoring\Interfaces\ResourceServiceInterface;
 use Centreon\Domain\Monitoring\Interfaces\ResourceRepositoryInterface;
@@ -87,7 +88,12 @@ public function filterByContact($contact): self
      */
     public function findResources(ResourceFilter $filter): array
     {
-        $list = $this->resourceRepository->findResources($filter);
+        // try to avoid exception from the regexp bad syntax in search criteria
+        try {
+            $list = $this->resourceRepository->findResources($filter);
+        } catch (\Exception $ex) {
+            throw new ResourceException('Error while searching for resources', 0, $ex);
+        }
 
         // set paths to endpoints
         foreach ($list as $resource) {

diff --git a/src/Centreon/Infrastructure/Monitoring/ResourceRepositoryRDB.php b/src/Centreon/Infrastructure/Monitoring/ResourceRepositoryRDB.php
@@ -37,7 +37,6 @@
 use Centreon\Infrastructure\DatabaseConnection;
 use Centreon\Infrastructure\RequestParameters\SqlRequestParametersTranslator;
 use Centreon\Infrastructure\CentreonLegacyDB\StatementCollector;
-use CentreonDuration;
 use PDO;
 
 /**
@@ -131,9 +130,9 @@ public function setSqlRequestTranslator(SqlRequestParametersTranslator $sqlReque
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
-    public function filterByAccessGroups(?array $accessGroups): self
+    public function filterByAccessGroups(?array $accessGroups): ResourceRepositoryInterface
     {
         $this->accessGroups = $accessGroups;
 

diff --git a/src/Centreon/Infrastructure/RequestParameters/SqlRequestParametersTranslator.php b/src/Centreon/Infrastructure/RequestParameters/SqlRequestParametersTranslator.php
@@ -255,6 +255,18 @@ private function createQueryOnKeyValue(string $key, $valueOrArray): string
             || $searchOperator === RequestParameters::OPERATOR_NOT_LIKE
             || $searchOperator === RequestParameters::OPERATOR_REGEXP
         ) {
+            // We check the regex
+            if ($searchOperator === RequestParameters::OPERATOR_REGEXP) {
+                try {
+                    preg_match('/' . $mixedValue . '/', '');
+                } catch (\Throwable $ex) {
+                    // No exception in prod environment
+                    throw new RequestParametersTranslatorException('Bad regex format \'' . $mixedValue . '\'', 0, $ex);
+                }
+                if (preg_last_error() !== PREG_NO_ERROR) {
+                    throw new RequestParametersTranslatorException('Bad regex format \'' . $mixedValue . '\'', 0);
+                }
+            }
             $type = \PDO::PARAM_STR;
             $bindKey = ':value_' . (count($this->searchValues) + 1);
             $this->searchValues[$bindKey] = [$type => $mixedValue];