From 9e4b2fa3a332a9565a933e0211eeba5702d8827c Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Tue, 27 Aug 2024 07:08:19 -0500
Subject: [PATCH] Reject API device_add that are missing snmp info (#16314)

---
 app/Models/Device.php               | 24 ++++++++++++++++++++++++
 includes/html/api_functions.inc.php |  6 +++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/app/Models/Device.php b/app/Models/Device.php
index c21279631f..842e5a7715 100644
--- a/app/Models/Device.php
+++ b/app/Models/Device.php
@@ -167,6 +167,30 @@ class Device extends BaseModel
         return null;
     }
 
+    public function hasSnmpInfo(): bool
+    {
+        if ($this->snmpver == 'v3') {
+            if ($this->authlevel == 'authNoPriv') {
+                return ! empty($this->authname) && ! empty($this->authpass);
+            }
+
+            if ($this->authlevel == 'authPriv') {
+                return ! empty($this->authname)
+                    && ! empty($this->authpass)
+                    && ! empty($this->cryptoalgo)
+                    && ! empty($this->cryptopass);
+            }
+
+            return $this->authlevel !== 'noAuthNoPriv'; // reject if not noAuthNoPriv
+        }
+
+        if ($this->snmpver == 'v2c' || $this->snmpver == 'v1') {
+            return ! empty($this->community);
+        }
+
+        return false; // no known snmpver
+    }
+
     /**
      * Get VRF contexts to poll.
      * If no contexts are found, return the default context ''
diff --git a/includes/html/api_functions.inc.php b/includes/html/api_functions.inc.php
index c8de477c4f..304101af87 100644
--- a/includes/html/api_functions.inc.php
+++ b/includes/html/api_functions.inc.php
@@ -437,14 +437,18 @@ function add_device(Illuminate\Http\Request $request)
             $device->snmpver = $data['version'];
         }
 
+        $force_add = ! empty($data['force_add']);
+
         if (! empty($data['snmp_disable'])) {
             $device->os = $data['os'] ?? 'ping';
             $device->sysName = $data['sysName'] ?? '';
             $device->hardware = $data['hardware'] ?? '';
             $device->snmp_disable = 1;
+        } elseif ($force_add && ! $device->hasSnmpInfo()) {
+            return api_error(400, 'SNMP information is required when force adding a device');
         }
 
-        (new ValidateDeviceAndCreate($device, ! empty($data['force_add']), ! empty($data['ping_fallback'])))->execute();
+        (new ValidateDeviceAndCreate($device, $force_add, ! empty($data['ping_fallback'])))->execute();
     } catch (Exception $e) {
         return api_error(500, $e->getMessage());
     }