Skip to content
This repository was archived by the owner on Dec 13, 2022. It is now read-only.

fix(secu) remove unused params or sanitize them in service by hostgroup #8030

Merged
merged 5 commits into from
Oct 23, 2019
Merged

fix(secu) remove unused params or sanitize them in service by hostgroup #8030

merged 5 commits into from
Oct 23, 2019

Conversation

@sc979
Copy link
Contributor

@sc979 sc979 commented Oct 22, 2019
edited
Loading

Pull Request Template

Description

Security fix which remove unused http parameters (eg: $_GET) or sanitize them in service by hostgroup
Fixes # (none)

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software
  • Updating documentation (missing information, typo...)

Target serie

  • 2.8.x
  • 18.10.x
  • 19.04.x
  • 19.10.x (master)

How this pull request can be tested ?

please contact me

Checklist

Community contributors & Centreon team

  • I followed the coding style guidelines provided by Centreon
  • I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have made corresponding changes to the documentation.
  • I have rebased my development branch on the base branch (master, maintenance).

Centreon team only

  • I have made sure that the unit tests related to the story are successful.
  • I have made sure that unit tests cover 80% of the code written for the story.
  • I have made sure that acceptance tests related to the story are successful (local and CI)

@sc979 sc979 requested review from callapa, kduret and loiclau October 22, 2019 12:53
@sc979 sc979 self-assigned this Oct 22, 2019
kduret
kduret suggested changes Oct 22, 2019
View reviewed changes
kduret
kduret approved these changes Oct 22, 2019
View reviewed changes
@sc979 sc979 force-pushed the MON-4328-fix-2-8-remove-params-in-service-by-hostgroup branch from bccb99e to 64b2963 Compare October 23, 2019 07:15
@sc979 sc979 force-pushed the MON-4187-fix-2-8-sql-injections-in-monitoring-pages branch 2 times, most recently from cf4a9ee to adc6dcb Compare October 23, 2019 07:27
@sc979 sc979 force-pushed the MON-4328-fix-2-8-remove-params-in-service-by-hostgroup branch from 64b2963 to 14937d5 Compare October 23, 2019 07:28
@sc979 sc979 force-pushed the MON-4328-fix-2-8-remove-params-in-service-by-hostgroup branch from 7a0d210 to 07ff275 Compare October 23, 2019 14:23
@sc979 sc979 merged commit 3528c8d into MON-4187-fix-2-8-sql-injections-in-monitoring-pages Oct 23, 2019
@sc979 sc979 deleted the MON-4328-fix-2-8-remove-params-in-service-by-hostgroup branch October 23, 2019 14:24
@sc979 sc979 mentioned this pull request Oct 24, 2019
Merged
16 tasks
sc979 added a commit that referenced this pull request Oct 31, 2019
@sc979
fix(secu) remove unused params or sanitize them in service by hostgro…
4f74b4c 
…up (#8030)

* fix(secu): remove or sanitize http variables

* replace order whitelist with regex
sc979 added a commit that referenced this pull request Nov 5, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for 2.8 (
6be2527 
#8029)

* style and cleaning

* enh(BE): use constants, style and replace filter parameter

* enh(BE): convert function to static

* fix(BE): fix broken query in serviceXML.php

* fix(BE): restore old topcounter file

* fix(BE): correct severity filter

* fix(secu): remove unused http parameters in hostXML.php file for PHP5 (#8013)

* fix(secu): protect from SQL injections hostXML.php for 2.8 (#8014)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused params or sanitize them in service by hostgroup (#8030)

* fix(secu): remove or sanitize http variables

* fix(secu) remove unused params or sanitize them in service by SG pages (#8043)

* fix(secu): remove unused http parameters in serviceGridBySGXML file

* fix(secu): remove unused http parameters in serviceSummaryBySGXML file

* fix(secu): remove unused params or sanitize them in hostgroups page (#8038)

* fix(secu): remove unused http parameters in hostgroups page

* fix(secu): remove unused XML template file (#8051)

* fix(secu): remove unused params or sanitize them in service pages (#8040)

* fix(secu): remove unused http parameters in service summary page

* fix(secu): remove unused http parameters in service grid page

* fix(secu): remove unused http parameters in service list page

* fix(secu): protect from SQL injections serviceGridXML.php for 2.8 (#8056)

* fix(secu): avoid SQL injection in serviceGridXML.php

* fix(secu): remove unused http parameters in serviceXML.php file for 2.8 (#8060)

* fix(secu): remove unused http parameters in serviceXML.php file

* fix(secu): avoid SQL injection in hostgroupXML.php (#8058)

* fix(secu): avoid SQL injection in serviceSummaryXML.php (#8057)

* fix(secu): protect from SQL injections in service by serviceGroups XML files for 2.8 (#8059)

* fix(secu): avoid SQL injection in serviceGridBySGXML.php

* fix(secu): avoid SQL injection in serviceSummaryBySGXML.php
callapa pushed a commit that referenced this pull request Nov 12, 2019
@sc979 @callapa
fix(secu): Avoid SQL injections in multiple monitoring pages - for 2.8 (
78b9d30 
#8029)

* style and cleaning

* enh(BE): use constants, style and replace filter parameter

* enh(BE): convert function to static

* fix(BE): fix broken query in serviceXML.php

* fix(BE): restore old topcounter file

* fix(BE): correct severity filter

* fix(secu): remove unused http parameters in hostXML.php file for PHP5 (#8013)

* fix(secu): protect from SQL injections hostXML.php for 2.8 (#8014)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused params or sanitize them in service by hostgroup (#8030)

* fix(secu): remove or sanitize http variables

* fix(secu) remove unused params or sanitize them in service by SG pages (#8043)

* fix(secu): remove unused http parameters in serviceGridBySGXML file

* fix(secu): remove unused http parameters in serviceSummaryBySGXML file

* fix(secu): remove unused params or sanitize them in hostgroups page (#8038)

* fix(secu): remove unused http parameters in hostgroups page

* fix(secu): remove unused XML template file (#8051)

* fix(secu): remove unused params or sanitize them in service pages (#8040)

* fix(secu): remove unused http parameters in service summary page

* fix(secu): remove unused http parameters in service grid page

* fix(secu): remove unused http parameters in service list page

* fix(secu): protect from SQL injections serviceGridXML.php for 2.8 (#8056)

* fix(secu): avoid SQL injection in serviceGridXML.php

* fix(secu): remove unused http parameters in serviceXML.php file for 2.8 (#8060)

* fix(secu): remove unused http parameters in serviceXML.php file

* fix(secu): avoid SQL injection in hostgroupXML.php (#8058)

* fix(secu): avoid SQL injection in serviceSummaryXML.php (#8057)

* fix(secu): protect from SQL injections in service by serviceGroups XML files for 2.8 (#8059)

* fix(secu): avoid SQL injection in serviceGridBySGXML.php

* fix(secu): avoid SQL injection in serviceSummaryBySGXML.php
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@callapa callapa Awaiting requested review from callapa

2 more reviewers

@loiclau loiclau loiclau approved these changes

@kduret kduret kduret approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@sc979 sc979

Labels

area/security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sc979 @loiclau @kduret