mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security fix: unauthorized access (#10091)

Browse Source 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
2019-04-11 23:26:42 -05:00
committed by GitHub
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
includes/html/reports/alert-log.pdf.inc.php Normal file
View File

@@ -0,0 +1,108 @@
<?php
use LibreNMS\Authentication\LegacyAuth;
$pdf->AddPage('L');
$where = '1';
if (is_numeric($_GET['device_id'])) {
$where .= ' AND E.device_id = ?';
$param[] = $_GET['device_id'];
}
if ($_GET['string']) {
$where .= ' AND R.rule LIKE ?';
$param[] = '%'.$_GET['string'].'%';
}
if (LegacyAuth::user()->hasGlobalRead()) {
$query = " FROM `alert_log` AS E LEFT JOIN devices AS D ON E.device_id=D.device_id RIGHT JOIN alert_rules AS R ON E.rule_id=R.id WHERE $where ORDER BY `humandate` DESC";
} else {
$query = " FROM `alert_log` AS E LEFT JOIN devices AS D ON E.device_id=D.device_id RIGHT JOIN alert_rules AS R ON E.rule_id=R.id RIGHT JOIN devices_perms AS P ON E.device_id = P.device_id WHERE $where AND P.user_id = ? ORDER BY `humandate` DESC";
$param[] = LegacyAuth::id();
}
if (isset($_GET['start']) && is_numeric($_GET['start'])) {
$start = mres($_GET['start']);
} else {
$start = 0;
}
if (isset($_GET['results']) && is_numeric($_GET['results'])) {
$numresults = mres($_GET['results']);
} else {
$numresults = 250;
}
$full_query = "SELECT D.device_id,name,state,time_logged,DATE_FORMAT(time_logged, '".$config['dateformat']['mysql']['compact']."') as humandate $query LIMIT $start,$numresults";
foreach (dbFetchRows($full_query, $param) as $alert_entry) {
$hostname = gethostbyid(mres($alert_entry['device_id']));
$alert_state = $alert_entry['state'];
if ($alert_state != '') {
if ($alert_state == '0') {
$glyph_color = 'green';
$text = 'Ok';
} elseif ($alert_state == '1') {
$glyph_color = 'red';
$text = 'Alert';
} elseif ($alert_state == '2') {
$glyph_color = 'lightgrey';
$text = 'Ack';
} elseif ($alert_state == '3') {
$glyph_color = 'orange';
$text = 'Worse';
} elseif ($alert_state == '4') {
$glyph_color = 'khaki';
$text = 'Better';
}
$data[] = array(
$alert_entry['time_logged'],
$hostname,
htmlspecialchars($alert_entry['name']),
$text,
);
}//end if
}//end foreach
$header = array(
'Datetime',
'Device',
'Log',
'Status',
);
$table = <<<EOD
<table border="1" cellpadding="0" cellspacing="0" align="center">
<tr nobr="true" bgcolor="#92b7d3">
<th>Datetime</th>
<th>Device</th>
<th>Log</th>
<th>Status</th>
</tr>
EOD;
foreach ($data as $log) {
if ($log[3] == 'Alert') {
$tr_col = '#d39392';
} else {
$tr_col = '#bbd392';
}
$table .= '
<tr nobr="true" bgcolor="'.$tr_col.'">
<td>'.$log[0].'</td>
<td>'.$log[1].'</td>
<td>'.$log[2].'</td>
<td>'.$log[3].'</td>
</tr>
';
}
$table .= <<<EOD
</table>
EOD;
$pdf->writeHTML($table, true, false, false, false, '');

4
includes/html/reports/example.pdf.inc.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
$pdf->AddPage();
$pdf->writeHTMLCell(0, 0, '', '', 'yeah', 0, 1, 0, true, '', true);

171
includes/html/reports/ports.csv.inc.php Normal file
View File

@@ -0,0 +1,171 @@
<?php
$param = array();
if (!isset($vars['ignore'])) {
$vars['ignore'] = '0';
}
if (!isset($vars['disabled'])) {
$vars['disabled'] = '0';
}
if (!isset($vars['deleted'])) {
$vars['deleted'] = '0';
}
$where = '';
foreach ($vars as $var => $value) {
if ($value != '') {
switch ($var) {
case 'hostname':
$where .= ' AND D.hostname LIKE ?';
$param[] = '%'.$value.'%';
break;
case 'location':
$where .= ' AND D.location LIKE ?';
$param[] = '%'.$value.'%';
break;
case 'device_id':
$where .= ' AND D.device_id = ?';
$param[] = $value;
break;
case 'deleted':
case 'ignore':
if ($value == 1) {
$where .= ' AND (I.ignore = 1 OR D.ignore = 1) AND I.deleted = 0';
}
break;
case 'disable':
case 'ifSpeed':
if (is_numeric($value)) {
$where .= " AND I.$var = ?";
$param[] = $value;
}
break;
case 'ifType':
$where .= " AND I.$var = ?";
$param[] = $value;
break;
case 'ifAlias':
case 'port_descr_type':
$where .= " AND I.$var LIKE ?";
$param[] = '%'.$value.'%';
break;
case 'errors':
if ($value == 1) {
$where .= " AND (I.`ifInErrors_delta` > '0' OR I.`ifOutErrors_delta` > '0')";
}
break;
case 'state':
if ($value == 'down') {
$where .= 'AND I.ifAdminStatus = ? AND I.ifOperStatus = ?';
$param[] = 'up';
$param[] = 'down';
} elseif ($value == 'up') {
$where .= "AND I.ifAdminStatus = ? AND I.ifOperStatus = ? AND I.ignore = '0' AND D.ignore='0' AND I.deleted='0'";
$param[] = 'up';
$param[] = 'up';
} elseif ($value == 'admindown') {
$where .= 'AND I.ifAdminStatus = ? AND D.ignore = 0';
$param[] = 'down';
}
break;
}//end switch
}//end if
}//end foreach
$query = 'SELECT * FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id '.$where.' '.$query_sort;
$row = 1;
list($format, $subformat) = explode('_', $vars['format']);
$ports = dbFetchRows($query, $param);
switch ($vars['sort']) {
case 'traffic':
$ports = array_sort_by_column($ports, 'ifOctets_rate', SORT_DESC);
break;
case 'traffic_in':
$ports = array_sort_by_column($ports, 'ifInOctets_rate', SORT_DESC);
break;
case 'traffic_out':
$ports = array_sort_by_column($ports, 'ifOutOctets_rate', SORT_DESC);
break;
case 'packets':
$ports = array_sort_by_column($ports, 'ifUcastPkts_rate', SORT_DESC);
break;
case 'packets_in':
$ports = array_sort_by_column($ports, 'ifInUcastOctets_rate', SORT_DESC);
break;
case 'packets_out':
$ports = array_sort_by_column($ports, 'ifOutUcastOctets_rate', SORT_DESC);
break;
case 'errors':
$ports = array_sort_by_column($ports, 'ifErrors_rate', SORT_DESC);
break;
case 'speed':
$ports = array_sort_by_column($ports, 'ifSpeed', SORT_DESC);
break;
case 'port':
$ports = array_sort_by_column($ports, 'ifDescr', SORT_ASC);
break;
case 'media':
$ports = array_sort_by_column($ports, 'ifType', SORT_ASC);
break;
case 'descr':
$ports = array_sort_by_column($ports, 'ifAlias', SORT_ASC);
break;
case 'device':
default:
$ports = array_sort_by_column($ports, 'hostname', SORT_ASC);
}//end switch
$csv[] = array(
'Device',
'Port',
'Speed',
'Down',
'Up',
'Media',
'Description',
);
foreach ($ports as $port) {
if (port_permitted($port['port_id'], $port['device_id'])) {
$speed = humanspeed($port['ifSpeed']);
$type = humanmedia($port['ifType']);
$port['in_rate'] = formatRates(($port['ifInOctets_rate'] * 8));
$port['out_rate'] = formatRates(($port['ifOutOctets_rate'] * 8));
$port = cleanPort($port, $device);
$csv[] = array(
format_hostname($port, $port['hostname']),
fixIfName($port['label']),
$speed,
$port['in_rate'],
$port['out_rate'],
$type,
display($port['ifAlias']),
);
}
}