Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

fix(secu): prevent from sql injections in services pages #8082

Merged
merged 10 commits into from
Nov 6, 2019
Merged

fix(secu): prevent from sql injections in services pages #8082

merged 10 commits into from
Nov 6, 2019

Conversation

sc979
Copy link
Contributor

@sc979 sc979 commented Oct 31, 2019

Pull Request Template

Description

  • avoid SQL injection in monitoring services page
  • clean code

Fixes # (issue)

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software
  • Updating documentation (missing information, typo...)

Target serie

  • 2.8.x
  • 18.10.x
  • 19.04.x
  • 19.10.x (master)

How this pull request can be tested ?

please contact me

Checklist

Community contributors & Centreon team

  • I followed the coding style guidelines provided by Centreon
  • I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have made corresponding changes to the documentation.
  • I have rebased my development branch on the base branch (master, maintenance).

Centreon team only

  • I have made sure that the unit tests related to the story are successful.
  • I have made sure that unit tests cover 80% of the code written for the story.
  • I have made sure that acceptance tests related to the story are successful (local and CI)

@sc979 sc979 self-assigned this Oct 31, 2019
@sc979 sc979 force-pushed the MON-4422-fix-master-sql-injections-in-monitoring-pages branch from e567a41 to c53e78e Compare November 4, 2019 08:10
@sc979 sc979 mentioned this pull request Nov 6, 2019
Merged
17 tasks
@sc979 sc979 force-pushed the MON-4422-fix-master-sql-injections-in-monitoring-pages branch from c53e78e to 9f431db Compare November 6, 2019 10:14
@sc979 sc979 force-pushed the MON-4425-fix-master-sql-injections-in-services-pages branch from adbb33a to d9db841 Compare November 6, 2019 10:21
@sc979 sc979 force-pushed the MON-4425-fix-master-sql-injections-in-services-pages branch from 77c58d8 to 7a9237b Compare November 6, 2019 10:53
@sc979 sc979 merged commit f692b39 into MON-4422-fix-master-sql-injections-in-monitoring-pages Nov 6, 2019
@sc979 sc979 deleted the MON-4425-fix-master-sql-injections-in-services-pages branch November 6, 2019 10:54
sc979 added a commit that referenced this pull request Nov 8, 2019
@sc979
fix(secu): prevent from sql injections in services pages (#8082)
3da46c7 
* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* style
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): prevent from sql injections in services pages (#8082)
ff6d949 
* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* style
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
9738668 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
88cc5ef 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
f738041 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
sc979 added a commit that referenced this pull request Nov 12, 2019
@sc979
fix(secu): Avoid SQL injections in multiple monitoring pages - for ma…
dd75b18 
…ster (#8063)

* fix(secu): remove unused topCounter files and folders (#8007)

* fix(secu): remove unused http parameters in service by servicegroup summary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary

* fix(secu): Avoid SQL injections in service by servicegroup pages (#8065)

* fix(secu): avoid SQL injection in serviceByServicegroupGridXML.php file

* fix(secu): avoid SQL injection in serviceByServicegroupSummaryXML.php file

* fix(secu): remove or sanitize unused https arguments in service by servicegroup GRID (#8066)

* fix(secu): remove unused http parameters in services by hostgroup files (#8074)

* fix(secu): sanitize or remove unused params in serviceSummaryBYHGXML file

* fix(secu): sanitize or remove unused params in serviceGridBYHGXML file

* fix(secu): remove unused http parameters in hostgroup xml.php (#8073)

* fix(secu): remove unused http parameters in hostgroupXML.php file

* fix(secu): remove unused http parameters in services files (#8078)

* fix(secu): sanitize makeXMLForOneHost.php

* fix(secu): sanitize makeXMLForOneService.php

* fix(secu): better hadling session check

* fix(secu): sanitize or remove unused params in serviceXML file

* fix(secu): sanitize serviceGridXML.php

* fix(secu): sanitize serviceSummaryXML.php

* fix(secu): remove unused http parameters in hostXML file (#8079)

* fix(secu): sanitize or remove unused params in hostXML file

* fix(secu): prevent from sql injections in host page (#8087)

* prevent sql injection in hostXML.php

* replace uppercase table alias by lowercase

* delete case duplicating the default case

* replace array() with []

* fix(secu): prevent from sql injections from common xml model (#8083)

* fix(secu): prevent from sql injections in services pages (#8082)

* prevent sql injection in makeXMLForOneHostXML.php

* prevent sql injection in makeXMLForOneServiceXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceGridXML.php

* prevent sql injection in serviceXML.php

* prevent sql injection in serviceSummaryXML.php

* remove debug and prepare second query

* fix(secu): prevent from sql injections in hostgroupXML file (#8081)

* fix(secu): avoid sql injections in hostgroupXML file

* fix(UI): add the order param to the request

* remove useless declarations

* replace regexp with whitelist

* add missing array declaration

* fix(CI): sonar coding style issue
@snyk-bot snyk-bot mentioned this pull request Feb 22, 2020
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@loiclau loiclau loiclau approved these changes

@callapa callapa Awaiting requested review from callapa

@kduret kduret Awaiting requested review from kduret

@adr-mo adr-mo Awaiting requested review from adr-mo

Assignees

@sc979 sc979

Labels
area/security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sc979 @loiclau