* Fix XSS in default example plugin
on* html fields are hard to escape properly, avoid putting user input there
* Apply fixes from StyleCI
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Disable GET login by default
GET login allows users to put username and password in the url, this is helpful for displays where you cannot login interactively.
Unfortunately, the plaintext password will be in the access logs.
GET login also allows brute force attacks against your install.
* Apply fixes from StyleCI
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* New report:devices command
Print out a list of devices with user specified fields, optionally in csv format
* Polish
* Apply fixes from StyleCI
* Use spaces instead of tab for none type
* Fix method call
* other commands use whereDeviceSpec
* Apply fixes from StyleCI
* update command help and back to tab for separator
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Menu and title use displayname
* Fix empty strings
* Fix array creation
* Use groupby instead of loop
* Change one forgotten var
* Revert to working simple changes
* Change test data to include displayname
* Fix bad copy paste in test data
* Plugin update (breaking)
A couple breaking changes regarding property types and method arguments.
Add a setting to allow plugin errors to be shown instead of automatically disabling the plugin.
All default hooks now use Dependency Injection to make it easy to get access to whatever you need (such as settings)
Add a ton of comments and examples in the PHP code.
Expand a bit on the documentation, it could still use more help
Fix a bug in the settings and page view where the included blade file was output before the page headers, etc
* Apply fixes from StyleCI
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Only update last_polled if polled
Because availability now runs always, we need to check if we ran any other modules successfully, if so, we can update last_polled
* Tally results and act accordingly
* Apply fixes from StyleCI
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Agent: Packages fixes
Don't try to save invalid packages, probably due to script failure on device.
Add pacman support
* Apply fixes from StyleCI
* Add version
* cast to number
* Update includes/polling/unix-agent/packages.inc.php
Co-authored-by: Jellyfrog <Jellyfrog@users.noreply.github.com>
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
Co-authored-by: Jellyfrog <Jellyfrog@users.noreply.github.com>
* Error Reporting: Log instead of dump
When dumping all errors, log them instead so it doesn't break the webui and we can get reports more reliably
* Apply fixes from StyleCI
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Refactor MAC utils to a new utility class
* Apply fixes from StyleCI
* Inline functions
Add tests
Handle bridgeid format
* Apply fixes from StyleCI
* Dedicated code path for stp bridge parsing, and improve STP output a bit
* Correctly parse dot1dBaseBridgeAddress and don't store int in bool field
* trim any unexpected character from bridge addresses, add extra test data.
* better comment
* barsBridge can handle dot1dBaseBridgeAddress correctly now
* parseBridge, check for properly formatted mac first.
* update test data, empty data = empty mac
* Fix new usage after rebase
* import
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Show which host marked a device as down.
One of my pollers can't reach a device, it'd be nice to know which one is causing the issue.
* Only show the actor in a distributed setup
* Use distributed poller name as its now ensured
* Use node_id
* Change to avoid extra dns lookups
* Update DeviceObserver.php
* Update DeviceObserver.php
---------
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Vmware vminfo
Remove legacy file and migrate to OS discovery
* tighter
* ios_stp-vlans working correctly now
* Make vmwVmGuestOS nullable
* Discover os info too
* VM Info module
* Apply fixes from StyleCI
* Fix log severity
* Fix log severity (more)
* VM Info module
* Poll with ESXi too because it is lightweight
add test data
* poller data now too
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Throttle error reporting
Sets how frequently errors can be reported (across all pollers)
Also has the side effect of at most 1 error reported per run
To disable, set reporting.throttle to 0 (for development and testing purposes)
* Don't crash if Cache provider is unavailable, refactor
* Refactor poller to allow modules to run even if the device is down
Include core in config (but not webui) to avoid silly shenanigans
Inject datastore into polling
* Needed to split datastore interface
* Cleanup some data_udpate() references
* Apply fixes from StyleCI
* Fix legacy poller :D
* Output to the correct stream
* Fix lint issues
* Apply fixes from StyleCI
* Fix discovery not including core and submodule handling
* Use whereRaw
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Fix alerting find owner contacts on old SQL server versions
Older SQL server versions had a bug where they didn't accept parenthesis around the first query of a union statement.
It was difficult to remove these parenthesis, so use whereHas instead.
* Fix style
* add the softdeletes migrations for applications
* add working migration file
* add deleted_at to db schema.yaml for applications
* update includes/html/forms/application-update.inc.php to work with softdeletes
* update includes/html/pages/device/edit/apps.inc.php for softdelete
* update includes/discovery/applications.inc.php to work with softdelete
* minor updates to application-update.inc.php for disabling
* style cleanup
* set discovered when running discovery
* update application tests to include deleted_at
* add deleted_at to a missed test
* a few more tweaks for opensips
* add a missing deleted_at for linux_suricata_extract-v1
* fix fillable for Application model
* massive cleanup of the application update widget thingy
* improve the code for discovery and using Laravel
* add a missing line to app/Models/Application
* add a missing include to app/Models/Application.php
* record includes for Application model
* remove apps from the applications table when a device is deleted
* revert to using upcert and where for discovery to fix CI
* make discovered fillable and set it when running discovery... convert back to firstOrNew
* clean up application discovery a bit and use observer
* style fix
* spelling fix... disablaed -> disabled
* rever removal to just use where
* cleanup app removal on delete
* add restored to ModuleModelObserver
* delete -> forcedelete fix
* apply the suggested changes
* use murrants other suggestion
* style fix
* Adding a NAC global port page
* style
* filter_menu_entry
* typo
* ->when()
* device_id always returned
* use request
* laravel conversion, let see how it goes
* styleci
* ->with('device') to avoid 1 query per item processed
* and rewrote on @murrant advice
* any -> get
Suggested by @murrant
Co-authored-by: Tony Murray <murraytony@gmail.com>
* @push('scripts')
* style
* @endpush
---------
Co-authored-by: Tony Murray <murraytony@gmail.com>
