Fix(security): Sanitize queries in the list of service groups - Githubissues

centreon / centreon-archived

Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from Cloud to Edge.

https://www.centreon.com

GNU General Public License v2.0

578 stars 240 forks source link

Fix(security): Sanitize queries in the list of service groups #12007

Open emabassi-ext opened 1 year ago

emabassi-ext commented 1 year ago

Description

Queries should be sanitized (if possible) and bound using PDO statement to reduce attack surface and clean legacy code

Fixes # MON-15379

Type of change

[x] Patch fixing an issue (non-breaking change)
[ ] New functionality (non-breaking change)
[ ] Breaking change (patch or feature) that might cause side effects breaking part of the Software

Target serie

[ ] 21.04.x
[x] 21.10.x
[x] 22.04.x
[x] 22.10.x (master)

How this pull request can be tested ?

navigate to service groups listing page
add multiple sgroups
check if sgroups are still visible for both (admin and non admin user)
check if there is no error in log file
Checklist

Community contributors & Centreon team

[x] I have followed the coding style guidelines provided by Centreon
[ ] I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
[ ] I have commented my code, especially hard-to-understand areas of the PR.
[x] I have rebased my development branch on the base branch (master, maintenance).

sonarqube-decoration[bot] commented 1 year ago

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
10 Code Smells

No Coverage information
0.0% Duplication