FIX(security): Sanitize queries in service category - Githubissues

centreon / centreon-archived

Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from Cloud to Edge.

https://www.centreon.com

GNU General Public License v2.0

578 stars 240 forks source link

FIX(security): Sanitize queries in service category #11990

Open emabassi-ext opened 1 year ago

emabassi-ext commented 1 year ago

Description

Queries should be sanitized (if possible) and bound using PDO statement to reduce attack surface and clean legacy code

Fixes # MON-15370

Type of change

[x] Patch fixing an issue (non-breaking change)
[ ] New functionality (non-breaking change)
[ ] Breaking change (patch or feature) that might cause side effects breaking part of the Software

Target serie

[ ] 21.04.x
[x] 21.10.x
[x] 22.04.x
[x] 22.10.x (master)

How this pull request can be tested ?

navigate to configuration -> Services -> Categories
try to duplicate a service category and see if it works and there is no errors in log

tail -f var/log/php-fpm/centreon-error.log

Checklist

Community contributors & Centreon team

[x] I have followed the coding style guidelines provided by Centreon
[ ] I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
[ ] I have commented my code, especially hard-to-understand areas of the PR.
[x] I have rebased my development branch on the base branch (master, maintenance).

sonarqube-decoration[bot] commented 1 year ago

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication