Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
chore(release): merge release-21.10.next into 21.10.x (#11820)
Browse files Browse the repository at this point in the history
* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <[email protected]>

Co-authored-by: VHS <[email protected]>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <[email protected]>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <[email protected]>

Co-authored-by: Kevin Duret <[email protected]>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629)

* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <[email protected]>

Co-authored-by: VHS <[email protected]>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <[email protected]>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <[email protected]>

Co-authored-by: Kevin Duret <[email protected]>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(install): Update version to 21.10.9

* fix(sql): fix query to select contact during ldap import (#11579)

Refs: MON-14263

* (fix)MON-14742 Escape database name in CentACL (#11602)

* fixed issue of using special chars in db names

* fix escape database name

* fixed security issue on sql requests

* fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619)

Co-authored-by: Kevin Duret <[email protected]>
Co-authored-by: Elmahdi ABBASSI <[email protected]>
Co-authored-by: VHS <[email protected]>
Co-authored-by: hyahiaoui-ext <[email protected]>
Co-authored-by: jeremyjaouen <[email protected]>
Co-authored-by: Stéphane Chapron <[email protected]>
Co-authored-by: Stéphane Duret <[email protected]>
Co-authored-by: alaunois <[email protected]>
Co-authored-by: Dmytro Iosypenko <[email protected]>

Co-authored-by: Kevin Duret <[email protected]>
Co-authored-by: Elmahdi ABBASSI <[email protected]>
Co-authored-by: VHS <[email protected]>
Co-authored-by: hyahiaoui-ext <[email protected]>
Co-authored-by: jeremyjaouen <[email protected]>
Co-authored-by: Stéphane Chapron <[email protected]>
Co-authored-by: Stéphane Duret <[email protected]>
Co-authored-by: alaunois <[email protected]>
Co-authored-by: Dmytro Iosypenko <[email protected]>

* query sanitized in listServiceCategoriesà (#11597) (#11633)

* Sanitize and bind listVirtualMetrics queries (#11648)

* sanitize insrert queries in db-func (#11651)

MON-14667

* Sanitized and bound queries in service argumentsXml file  (#11654)

MON-14669

* sanitize and bind host categories query (#11644)

* Fix encoding issue on status serviceXML (#11582)

* sanitize and bind in centreon connector query (#11636)

* chore(git): update codeowners (#11593)

* fix(conf) fix parent template display in service template listing (#11671) (#11677)

* fix(poller): fix remote server duplication (#11552) (#11675)

Refs: MON-14579

* fix(clapi): Check that user is admin to use clapi (#11631) (#11639)

* Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666)

* fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699)

Refs: MON-14919

* Fix: In Acces group the second select not working [ACL] 21.10.x (#11710)

* fix second select not working

* applying suggested changes

* fix(details): remove dead code (#11672) (#11685)

* fix(details): second part of code cleanup for "tools" (#11718) (#11722)

* FIX: Sanitize and bind graph configuration queries 21.10.x (#11730)

* Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732)

* sanitize and bind CLAPI poller config

* remove unecessary comment

* revert deleted imports

* FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734)

* sanitize and bind meta service config

* applying suggested changes

* [Fix]:Sanitize and bind queries in template of service listing (#11745)

* fix(resource): Fix bad SQL request (#11702) (#11750)

* FIX: Sanitize and bind command configuration queries 21.10.x (#11755)

Co-authored-by: Kevin Duret <[email protected]>
Co-authored-by: Elmahdi ABBASSI <[email protected]>
Co-authored-by: VHS <[email protected]>
Co-authored-by: hyahiaoui-ext <[email protected]>
Co-authored-by: jeremyjaouen <[email protected]>
Co-authored-by: Stéphane Chapron <[email protected]>
Co-authored-by: Stéphane Duret <[email protected]>
Co-authored-by: alaunois <[email protected]>
Co-authored-by: Charles Gautier <[email protected]>
Co-authored-by: Dmytro Iosypenko <[email protected]>
Co-authored-by: TamazC <[email protected]>
Co-authored-by: Adrien Morais-Mestre <[email protected]>
Co-authored-by: Laurent Calvet <[email protected]>
  • Loading branch information
14 people authored Sep 21, 2022
1 parent a63aa87 commit 640435a
Show file tree
Hide file tree
Showing 48 changed files with 551 additions and 351 deletions.
3 changes: 0 additions & 3 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@
/project/ @centreon/centreon-devops
*.sh @centreon/centreon-devops

/.snyk @centreon/centreon-security
/sonar-project.properties @centreon/centreon-security

*.po @centreon/centreon-documentation

/src/ @centreon/centreon-php
Expand Down
2 changes: 1 addition & 1 deletion bin/registerServerTopology.sh
Original file line number Diff line number Diff line change
Expand Up @@ -431,7 +431,7 @@ function request_to_remote() {
fi

# Prepare Remote Payload
REMOTE_PAYLOAD='{"isRemote":true,"platformName":"'"${CURRENT_NODE_NAME}"'","centralServerAddress":"'"${PARSED_URL[HOST]}"'","apiUsername":"'"${API_USERNAME}"'","apiCredentials":"'"${API_TARGET_PASSWORD}"'","apiScheme":"'"${PARSED_URL[SCHEME]}"'","apiPort":'"${PARSED_URL[PORT]}"',"apiPath":"'"${CENTREON_BASE_URI}"'",'"${PEER_VALIDATION}"
REMOTE_PAYLOAD='{"isRemote":true,"address":"'${PARSED_CURRENT_NODE_URL[HOST]}'","platformName":"'"${CURRENT_NODE_NAME}"'","centralServerAddress":"'"${PARSED_URL[HOST]}"'","apiUsername":"'"${API_USERNAME}"'","apiCredentials":"'"${API_TARGET_PASSWORD}"'","apiScheme":"'"${PARSED_URL[SCHEME]}"'","apiPort":'"${PARSED_URL[PORT]}"',"apiPath":"'"${CENTREON_BASE_URI}"'",'"${PEER_VALIDATION}"
if [[ -n PROXY_PAYLOAD ]]; then
REMOTE_PAYLOAD="${REMOTE_PAYLOAD}""${PROXY_PAYLOAD}"
fi
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
"isRemote": {
"type": "boolean"
},
"address": {
"type": "string"
},
"centralServerAddress": {
"type": "string"
},
Expand Down
4 changes: 4 additions & 0 deletions doc/API/centreon-api-v21.10.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5993,6 +5993,10 @@ components:
type: boolean
example: true
description: "Platform is a remote server"
address:
type: string
example: "10.0.0.1"
description: "The address of the platform"
centralServerAddress:
type: string
example: "192.168.0.1"
Expand Down
10 changes: 5 additions & 5 deletions src/Centreon/Application/ApiPlatform.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,27 +28,27 @@
class ApiPlatform
{
/**
* @var float
* @var string
*/
private $version;

/**
* Get the API version
*
* @return float
* @return string
*/
public function getVersion(): float
public function getVersion(): string
{
return $this->version;
}

/**
* Set the API version
*
* @param float $version
* @param string $version
* @return $this
*/
public function setVersion(float $version): self
public function setVersion(string $version): self
{
$this->version = $version;
return $this;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ class PlatformInformation
*/
private $platformName;

/**
* @var string server address
*/
private string $address = '127.0.0.1';

/**
* @var string|null central's address
*/
Expand Down Expand Up @@ -126,6 +131,25 @@ public function setPlatformName(?string $name): self
return $this;
}

/**
* @return string
*/
public function getAddress(): string
{
return $this->address;
}

/**
* @param string $address
* @return $this
*/
public function setAddress(string $address): self
{
$this->address = $address;

return $this;
}

/**
* @return string|null
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ public function createRemoteInformation(array $information): PlatformInformation
$platformInformation = new PlatformInformation($isRemote);
foreach ($information as $key => $value) {
switch ($key) {
case 'address':
$platformInformation->setAddress($value);
break;
case 'centralServerAddress':
$platformInformation->setCentralServerAddress($value);
break;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,7 @@ private function convertCentralToRemote(
$platformInformationToUpdate,
$currentPlatformInformation
);

$this->remoteServerService->convertCentralToRemote(
$platformInformationToUpdate
);
Expand Down
14 changes: 6 additions & 8 deletions src/Centreon/Domain/PlatformTopology/Model/PlatformPending.php
Original file line number Diff line number Diff line change
Expand Up @@ -196,13 +196,11 @@ private function checkIpAddress(?string $address): ?string
{
// Check for valid IPv4 or IPv6 IP
// or not sent address (in the case of Central's "parent_address")
if (null === $address || false !== filter_var($address, FILTER_VALIDATE_IP)) {
return $address;
}

// check for DNS to be resolved
$addressResolved = filter_var(gethostbyname($address), FILTER_VALIDATE_IP);
if (false === $addressResolved) {
if (
$address !== null
&& ! filter_var($address, FILTER_VALIDATE_IP)
&& ! filter_var($address, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)
) {
throw new \InvalidArgumentException(
sprintf(
_("The address '%s' of '%s' is not valid or not resolvable"),
Expand All @@ -212,7 +210,7 @@ private function checkIpAddress(?string $address): ?string
);
}

return $addressResolved;
return $address;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -194,14 +194,11 @@ public function setHostname(?string $hostname): PlatformInterface
*/
private function checkIpAddress(?string $address): ?string
{
// Check for valid IPv4 or IPv6 IP
// or not sent address (in the case of Central's "parent_address")
if (null === $address || false !== filter_var($address, FILTER_VALIDATE_IP)) {
return $address;
}

// check for DNS to be resolved
if (false === filter_var(gethostbyname($address), FILTER_VALIDATE_IP)) {
if (
$address !== null
&& ! filter_var($address, FILTER_VALIDATE_IP)
&& ! filter_var($address, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)
) {
throw new \InvalidArgumentException(
sprintf(
_("The address '%s' of '%s' is not valid or not resolvable"),
Expand Down
14 changes: 10 additions & 4 deletions src/Centreon/Domain/PlatformTopology/PlatformTopologyService.php
Original file line number Diff line number Diff line change
Expand Up @@ -482,9 +482,14 @@ private function findParentPlatform(PlatformInterface $platform): ?PlatformInter
return null;
}

$registeredParentInTopology = $this->platformTopologyRepository->findPlatformByAddress(
$platform->getParentAddress()
);
if ($platform->getType() === PlatformPending::TYPE_REMOTE) {
$registeredParentInTopology = $this->platformTopologyRepository->findTopLevelPlatform();
} else {
$registeredParentInTopology = $this->platformTopologyRepository->findPlatformByAddress(
$platform->getParentAddress()
);
}

if (null === $registeredParentInTopology) {
throw new EntityNotFoundException(
sprintf(
Expand Down Expand Up @@ -553,6 +558,7 @@ public function getPlatformTopology(): array
);
if (null !== $platformParent) {
$platform->setParentAddress($platformParent->getAddress());
$platform->setParentId($platformParent->getId());
}
}

Expand Down Expand Up @@ -614,7 +620,7 @@ public function deletePlatformAndReallocateChildren(int $serverId): void
*/
if ($deletedPlatform->getServerId() !== null) {
if ($deletedPlatform->getType() === PlatformPending::TYPE_REMOTE) {
$this->remoteServerRepository->deleteRemoteServerByAddress($deletedPlatform->getAddress());
$this->remoteServerRepository->deleteRemoteServerByServerId($deletedPlatform->getServerId());
$this->remoteServerRepository->deleteAdditionalRemoteServer($deletedPlatform->getServerId());
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ interface RemoteServerRepositoryInterface
/**
* Delete a Remote Server.
*
* @param string $address
* @param int $serverId
*/
public function deleteRemoteServerByAddress(string $address): void;
public function deleteRemoteServerByServerId(int $serverId): void;

/**
* Delete an Additional Remote Server, for pollers linked to multiple Remote Servers.
Expand Down
4 changes: 4 additions & 0 deletions src/Centreon/Domain/RemoteServer/RemoteServerService.php
Original file line number Diff line number Diff line change
Expand Up @@ -138,16 +138,20 @@ public function convertCentralToRemote(PlatformInformation $platformInformation)
if ($platformInformation->getPlatformName() !== null) {
$topLevelPlatform->setName($platformInformation->getPlatformName());
}
$topLevelPlatform->setAddress($platformInformation->getAddress());

/**
* Find any children platform and forward them to Central Parent.
*/
$platforms = $this->platformTopologyRepository->findChildrenPlatformsByParentId(
$topLevelPlatform->getId()
);

/**
* Insert the Top Level Platform at the beginning of array, as it need to be registered first.
*/
array_unshift($platforms, $topLevelPlatform);

/**
* Register the platforms on the Parent Central
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,12 @@ public function __construct(DatabaseConnection $db)
/**
* @inheritDoc
*/
public function deleteRemoteServerByAddress(string $address): void
public function deleteRemoteServerByServerId(int $serverId): void
{
$statement = $this->db->prepare($this->translateDbName("DELETE FROM remote_servers WHERE ip = :address"));
$statement->bindValue(':address', $address, \PDO::PARAM_STR);
$statement = $this->db->prepare(
$this->translateDbName("DELETE FROM remote_servers WHERE server_id = :server_id")
);
$statement->bindValue(':server_id', $serverId, \PDO::PARAM_INT);
$statement->execute();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ public function getList(): array
public function postGetRemotesList(): array
{
$query = 'SELECT ns.id, ns.ns_ip_address as ip, ns.name FROM nagios_server as ns ' .
'JOIN remote_servers as rs ON rs.ip = ns.ns_ip_address ' .
'JOIN remote_servers as rs ON rs.server_id = ns.id ' .
'WHERE rs.is_connected = 1';
$statement = $this->pearDB->query($query);

Expand Down Expand Up @@ -469,6 +469,7 @@ public function postLinkCentreonRemoteServer(): array

// add server to the list of remote servers in database (table remote_servers)
$this->addServerToListOfRemotes(
(int) $serverId,
$serverIP,
$centreonPath,
$httpMethod,
Expand Down Expand Up @@ -532,6 +533,7 @@ public function authorize($action, $user, $isInternal = false)
/**
* Add server ip in table of remote servers
*
* @param int $serverId the poller id
* @param string $serverIP the IP of the server
* @param string $centreonPath the path to access to Centreon
* @param string $httpMethod the method to access to server (HTTP/HTTPS)
Expand All @@ -540,42 +542,54 @@ public function authorize($action, $user, $isInternal = false)
* @param bool $noProxy to do not use configured proxy
*/
private function addServerToListOfRemotes(
int $serverId,
string $serverIP,
string $centreonPath,
string $httpMethod,
string $httpPort,
bool $noCheckCertificate,
bool $noProxy
): void {
$dbAdapter = $this->getDi()[\Centreon\ServiceProvider::CENTREON_DB_MANAGER]->getAdapter('configuration_db');
$date = date('Y-m-d H:i:s');

$sql = 'SELECT * FROM `remote_servers` WHERE `ip` = ?';
$dbAdapter->query($sql, [$serverIP]);
$hasIpInTable = (bool)$dbAdapter->count();
$currentDate = date('Y-m-d H:i:s');

if ($hasIpInTable) {
$sql = 'UPDATE `remote_servers` SET
`is_connected` = ?, `connected_at` = ?, `centreon_path` = ?,
`no_check_certificate` = ?, `no_proxy` = ?
WHERE `ip` = ?';
$data = ['1', $date, $centreonPath, ($noCheckCertificate ?: 0), ($noProxy ?: 0), $serverIP];
$dbAdapter->query($sql, $data);
$statement = $this->pearDB->prepare('SELECT 1 FROM `remote_servers` WHERE `server_id` = :server_id');
$statement->bindValue(':server_id', $serverId, \PDO::PARAM_INT);
$statement->execute();
$remoteAlreadyExists = (bool) $statement->rowCount();

if ($remoteAlreadyExists) {
$updateStatement = $this->pearDB->prepare(
'UPDATE `remote_servers` SET
`is_connected` = 1, `connected_at` = :connected_at, `centreon_path` = :centreon_path,
`no_check_certificate` = :no_check_certificate, `no_proxy` = :no_proxy, `ip_address` = :ip_address
WHERE `server_id` = :server_id'
);
$updateStatement->bindValue(':connected_at', $currentDate, \PDO::PARAM_STR);
$updateStatement->bindValue(':centreon_path', $centreonPath, \PDO::PARAM_STR);
$updateStatement->bindValue(':no_check_certificate', $noCheckCertificate ? '1' : '0', \PDO::PARAM_STR);
$updateStatement->bindValue(':no_proxy', $noProxy ? '1' : '0', \PDO::PARAM_STR);
$updateStatement->bindValue(':ip_address', $serverIP, \PDO::PARAM_STR);
$updateStatement->bindValue(':server_id', $serverId, \PDO::PARAM_INT);
$updateStatement->execute();
} else {
$data = [
'ip' => $serverIP,
'app_key' => '',
'version' => '',
'is_connected' => '1',
'created_at' => $date,
'connected_at' => $date,
'centreon_path' => $centreonPath,
'http_method' => $httpMethod,
'http_port' => $httpPort ?: null,
'no_check_certificate' => $noCheckCertificate ?: 0,
'no_proxy' => $noProxy ?: 0
];
$dbAdapter->insert('remote_servers', $data);
$insertStatement = $this->pearDB->prepare(
'INSERT INTO `remote_servers`
(`ip`, `app_key`, `version`, `is_connected`, `created_at`, `connected_at`, `centreon_path`,
`http_method`, `http_port`, `no_check_certificate`, `no_proxy`, `server_id`)
VALUES
(:ip_address, "", "", 1, :created_at, :connected_at, :centreon_path, :http_method, :http_port,
:no_check_certificate, :no_proxy, :server_id)'
);
$insertStatement->bindValue(':ip_address', $serverIP, \PDO::PARAM_STR);
$insertStatement->bindValue(':created_at', $currentDate, \PDO::PARAM_STR);
$insertStatement->bindValue(':connected_at', $currentDate, \PDO::PARAM_STR);
$insertStatement->bindValue(':centreon_path', $centreonPath, \PDO::PARAM_STR);
$insertStatement->bindValue(':http_method', $httpMethod, \PDO::PARAM_STR);
$insertStatement->bindValue(':http_port', $httpPort ?: null, \PDO::PARAM_INT);
$insertStatement->bindValue(':no_check_certificate', $noCheckCertificate ? '1' : '0', \PDO::PARAM_STR);
$insertStatement->bindValue(':no_proxy', $noProxy ? '1' : '0', \PDO::PARAM_STR);
$insertStatement->bindValue(':server_id', $serverId, \PDO::PARAM_INT);
$insertStatement->execute();
}
}

Expand Down
Loading

0 comments on commit 640435a

Please sign in to comment.