Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix(security): Sanitize queries in the list of trap groups #138

Merged
merged 1 commit into from
Dec 12, 2022
Merged

Fix(security): Sanitize queries in the list of trap groups #138

merged 1 commit into from
Dec 12, 2022

Conversation

kduret
Copy link
Contributor

@kduret kduret commented Nov 8, 2022

Description

Fix XSS security vulnerabilities
Fixes # MON-15375

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

Target serie

  • 21.04.x
  • 21.10.x
  • 22.04.x
  • 22.10.x (master)

How this pull request can be tested ?

  1. Configure LDAP authentication
  2. Click on “Import users” (Configuration > Users > contact / Users)
  3. Click on “Search”

You must still see results

Checklist

Community contributors & Centreon team

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (master, maintenance).

@kduret
Copy link
Contributor Author

kduret commented Nov 8, 2022

migrated from https://github.com/centreon/centreon/pull/12022

@kduret kduret mentioned this pull request Nov 8, 2022
Open
11 tasks
@emabassi-ext emabassi-ext force-pushed the MON-migration-MON-15375-fix-xss-security-vulnerabilities-in-ajaxldapsearch.js branch from d806f6c to 0b8d757 Compare November 16, 2022 09:59
@emabassi-ext emabassi-ext requested review from a team and a-launois and removed request for a team November 16, 2022 09:59
@emabassi-ext emabassi-ext merged commit 310129e into develop Dec 12, 2022
@emabassi-ext emabassi-ext deleted the MON-migration-MON-15375-fix-xss-security-vulnerabilities-in-ajaxldapsearch.js branch December 12, 2022 11:11
sc979 added a commit to sc979/centreon that referenced this pull request Dec 12, 2022
@tuntoja @jeremyjaouen
@zguennoune02 @adr-mo @sc979 @chgautier @ataghzout @lpinsivy @lgcosta @hyahiaoui-ext
Rebase dev 22.04.x onto 22.04.x (centreon#147)
c4fb34c 
* chore(php version): fix warning (centreon#112)

* new workflow

* hotfixing jenkinsfile

* fix(comments): display correctly last comments (centreon#115)

* enh(chore): automate dependabot ticket creation (centreon#116)

* fix(chore): old dependabot's PR ticket creation (centreon#117)

* enh(feature-switch): fully manage feature switch (centreon#114)

* enh(feature-switch): fully manage feature switch

* fix(index): wrong variable used

* fix qabranch variable

* enh(chore): issueType, feature_team and issue description

* chore(version): prepare 22.04 serie (centreon#120)

* chore(version): prepare 22.04 serie

* Update Jenkinsfile

* fix(secu): add SQ pipeline timeout (centreon#128)

* fix(chore): use github action env usage (centreon#129)

* fix(build): disable centos8 packaging (centreon#130)

* fix(chore): dependabot github automation (centreon#131)

* alma8 enabled (centreon#132)

* feat(ui): Apply dark mode for widget host monitoring  (centreon#136)

* fix(css): fix ccs import (centreon#138)

* chore(version): prepare 22.04.next (centreon#140)

* Merge release-debian-22.04.0 into 22.04.x (centreon#145)

* fix debian

* Update Jenkinsfile

* Update Jenkinsfile

* add version check version of dependency and remove unused file

Co-authored-by: Zakaria GUENNOUNE <zguennoune@centreon.com>
Co-authored-by: Luiz Costa <me@luizgustavo.pro.br>

* enh(secu): update GPG key (centreon#126)

* fix(secu): change fingerprint key (centreon#127)

* Add configuration to build DEB package (centreon#137)

* add deb package

* fix project name

* fix package name

* fix package name

* add delivery

* fix : Issue with cross databases query when the name contains some characters (centreon#144)

Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Zakaria Guennoune <zguennoune@centreon.com>
Co-authored-by: Adrien Morais <31647811+adr-mo@users.noreply.github.com>
Co-authored-by: sc979 <34628915+sc979@users.noreply.github.com>
Co-authored-by: schapron <schapron@centreon.com>
Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com>
Co-authored-by: ataghzout <97593248+ataghzout@users.noreply.github.com>
Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com>
Co-authored-by: Luiz Costa <me@luizgustavo.pro.br>
Co-authored-by: Zakaria Guennoune <83596451+zguennoune02@users.noreply.github.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
emabassi-ext added a commit that referenced this pull request Dec 12, 2022
@kduret @emabassi-ext
Fix(security): Sanitize queries in the list of trap groups (#138)
7737b4d 
Co-authored-by: elmahdiabbassi <emabbassi-ext@centreon.com>
emabassi-ext added a commit that referenced this pull request Dec 12, 2022
@kduret @emabassi-ext
Fix(security): Sanitize queries in the list of trap groups (#138)
4bd9c53 
Co-authored-by: elmahdiabbassi <emabbassi-ext@centreon.com>
emabassi-ext added a commit that referenced this pull request Dec 12, 2022
@kduret @emabassi-ext
Fix(security): Sanitize queries in the list of trap groups (#138)
bdeb114 
Co-authored-by: elmahdiabbassi <emabbassi-ext@centreon.com>
sc979 added a commit to sc979/centreon that referenced this pull request Dec 12, 2022
@sc979
Revert "Fix(security): Sanitize queries in the list of trap groups (c…
383b0e3 
…entreon#138)"

This reverts commit 310129e.
emabassi-ext added a commit that referenced this pull request Dec 16, 2022
@kduret @emabassi-ext
Fix(security): Sanitize queries in the list of trap groups (#138)
e68e73f 
Co-authored-by: elmahdiabbassi <emabbassi-ext@centreon.com>
emabassi-ext added a commit that referenced this pull request Dec 16, 2022
@kduret @emabassi-ext
Fix(security): Sanitize queries in the list of trap groups (#138)
4313ef6 
Co-authored-by: elmahdiabbassi <emabbassi-ext@centreon.com>
tuntoja pushed a commit that referenced this pull request Jan 4, 2023
@lpinsivy
fix(css): fix ccs import (#138)
b921467
sc979 added a commit to sc979/centreon that referenced this pull request Jan 19, 2023
@sc979
Revert "Fix(security): Sanitize queries in the list of trap groups (c…
d9d4b2f 
…entreon#138)"

This reverts commit 310129e.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmyios dmyios dmyios approved these changes

@a-launois a-launois Awaiting requested review from a-launois

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kduret @dmyios @emabassi-ext