fix(secu): sanitize inputs, bindvalues and control format in ExportCSVServiceData #8765

adr-mo · 2020-06-03T15:17:39Z

Description

Security issues

Binding values for all the SQL requests
Sanitizing inputs
Controlling the variable format

Fixes # (issue)

Type of change

Patch fixing an issue (non-breaking change)
New functionality (non-breaking change)
Breaking change (patch or feature) that might cause side effects breaking part of the Software
Updating documentation (missing information, typo...)

Target serie

How this pull request can be tested ?

See related JIRA ticket for a test description.

Checklist

I followed the coding style guidelines provided by Centreon
I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
I have commented my code, especially hard-to-understand areas of the PR.
I have made corresponding changes to the documentation.
I have rebased my development branch on the base branch (master, maintenance).

…ol format

www/include/views/graphs/exportData/ExportCSVServiceData.php

Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>

www/include/views/graphs/exportData/ExportCSVServiceData.php

Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

www/include/views/graphs/exportData/ExportCSVServiceData.php

Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>

www/include/views/graphs/exportData/ExportCSVServiceData.php

Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

www/include/views/graphs/exportData/ExportCSVServiceData.php

adr-mo · 2020-06-10T08:40:13Z

@sc979 @jeremyjaouen done

www/include/views/graphs/exportData/ExportCSVServiceData.php

…VServiceData (#8765) * security(ExportCSVServiceData): sanitize inputs, bindvalues and control format * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com> * check consistency and definition of index * check start time and end time definition * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com> * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com> * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com> * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com> * rename variable from index_data to indexData * take feedbacks into account * centreon-bot: fix coding style * Update www/include/views/graphs/exportData/ExportCSVServiceData.php * Update www/include/views/graphs/exportData/ExportCSVServiceData.php Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * sc979: take feedbacks into account * sc979: take feedbacks into account * sc979: take feedbacks into account #2 * correct conditon Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

security(ExportCSVServiceData): sanitize inputs, bindvalues and contr…

9bff467

…ol format

adr-mo requested review from kduret and sc979 June 3, 2020 15:17

adr-mo added area/backend area/security labels Jun 3, 2020

adr-mo requested a review from callapa June 4, 2020 08:16

sc979 reviewed Jun 4, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979 reviewed Jun 4, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979 reviewed Jun 4, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979 reviewed Jun 4, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979 suggested changes Jun 4, 2020

View reviewed changes

adr-mo and others added 3 commits June 4, 2020 10:44

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

62f060f

Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>

check consistency and definition of index

c59db26

check start time and end time definition

7661c86

adr-mo requested review from sc979, jeremyjaouen and loiclau June 4, 2020 09:44

callapa suggested changes Jun 4, 2020

View reviewed changes

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

27283ec

Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

callapa previously approved these changes Jun 5, 2020

View reviewed changes

callapa self-requested a review June 5, 2020 14:55

jeremyjaouen previously approved these changes Jun 8, 2020

View reviewed changes

sc979 suggested changes Jun 8, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979 suggested changes Jun 8, 2020

View reviewed changes

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

51691b6

Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

adr-mo dismissed stale reviews from jeremyjaouen and callapa via 51691b6 June 9, 2020 08:19

adr-mo and others added 3 commits June 9, 2020 10:19

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

3990c68

Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

b50793c

Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

606ed91

Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

87b87c1

sc979 reviewed Jun 9, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

callapa previously approved these changes Jun 9, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

callapa changed the title ~~security(ExportCSVServiceData): sanitize inputs, bindvalues and contr…~~ security(ExportCSVServiceData): sanitize inputs, bindvalues and control format Jun 9, 2020

Update www/include/views/graphs/exportData/ExportCSVServiceData.php

fbc54ec

Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

adr-mo dismissed callapa’s stale review via fbc54ec June 10, 2020 07:37

adr-mo requested review from callapa and sc979 June 10, 2020 07:38

jeremyjaouen suggested changes Jun 10, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

adr-mo changed the title ~~security(ExportCSVServiceData): sanitize inputs, bindvalues and control format~~ fix(secu): sanitize inputs, bindvalues and control format in ExportCSVServiceData Jun 10, 2020

sc979: take feedbacks into account

912c843

adr-mo requested a review from jeremyjaouen June 10, 2020 08:40

sc979 reviewed Jun 10, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979: take feedbacks into account

d0ada3d

sc979 suggested changes Jun 10, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

sc979: take feedbacks into account #2

ce7eab3

sc979 previously approved these changes Jun 10, 2020

View reviewed changes

sc979 reviewed Jun 10, 2020

View reviewed changes

www/include/views/graphs/exportData/ExportCSVServiceData.php Outdated Show resolved Hide resolved

correct conditon

2aef253

sc979 dismissed their stale review via 2aef253 June 10, 2020 10:47

sc979 approved these changes Jun 10, 2020

View reviewed changes

callapa approved these changes Jun 10, 2020

View reviewed changes

Fxdpt approved these changes Jun 10, 2020

View reviewed changes

jeremyjaouen approved these changes Jun 10, 2020

View reviewed changes

adr-mo merged commit 3c4decb into master Jun 10, 2020

adr-mo deleted the MON-5517-sql-injection-graph-export branch June 10, 2020 12:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(secu): sanitize inputs, bindvalues and control format in ExportCSVServiceData #8765

fix(secu): sanitize inputs, bindvalues and control format in ExportCSVServiceData #8765

adr-mo commented Jun 3, 2020 •

edited by callapa

Loading

adr-mo commented Jun 10, 2020

fix(secu): sanitize inputs, bindvalues and control format in ExportCSVServiceData #8765

fix(secu): sanitize inputs, bindvalues and control format in ExportCSVServiceData #8765

Conversation

adr-mo commented Jun 3, 2020 • edited by callapa Loading

Description

Type of change

Target serie

How this pull request can be tested ?

Checklist

adr-mo commented Jun 10, 2020

adr-mo commented Jun 3, 2020 •

edited by callapa

Loading