public function testPHPlogs() { global $CFG_GLPI, $PLUGIN_HOOKS; $_SESSION['glpi_use_mode'] = 2; $_SESSION["glpiID"] = 2; $_SESSION["glpiactiveentities_string"] = 0; $PLUGIN_HOOKS = plugin_init_monitoring(); plugin::load("monitoring"); $CFG_GLPI['root_doc'] = "http://127.0.0.1/fusion0.80/"; loadLanguage("en_GB"); $pmComponent = new PluginMonitoringComponent(); $pmComponentscatalog = new PluginMonitoringComponentscatalog(); $pmComponentscatalog_Component = new PluginMonitoringComponentscatalog_Component(); $pmComponentscatalog_rule = new PluginMonitoringComponentscatalog_rule(); $pmComponentscatalog_Host = new PluginMonitoringComponentscatalog_Host(); $pmService = new PluginMonitoringService(); $computer = new Computer(); // Add components $input = array(); $input['name'] = 'Host alive'; $input['plugin_monitoring_commands_id '] = '21'; $input['plugin_monitoring_checks_id'] = '1'; $input['calendars_id'] = '1'; $components_id = $pmComponent->add($input); // Add components catalog $input = array(); $input['name'] = 'linux servers'; $catalogs_id = $pmComponentscatalog->add($input); $input = array(); $input['plugin_monitoring_componentscalalog_id'] = $catalogs_id; $input['plugin_monitoring_components_id'] = $components_id; $pmComponentscatalog_Component->add($input); // Add Computer $input = array(); $input['name'] = 'pc1'; $input['entities_id'] = 0; $pc1 = $computer->add($input); // Check computer pc1 not added in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '0', '[f1] Computer in component cataglog and may not be'); $input = array(); $input['plugin_monitoring_componentscalalog_id'] = $catalogs_id; $input['name'] = 'all have name'; $input['itemtype'] = 'Computer'; $input['condition'] = '{"field":["1"],"searchtype":["contains"],"contains":["pc"],"itemtype":"Computer","start":"0"}'; $rules_id = $pmComponentscatalog_rule->add($input); // Check computer pc1 not added in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '1', '[f2] Computer may be in component catalog'); // Check service of this computer created $a_services = $pmService->find(); $this->assertEquals(count($a_services), '1', '[s2] One service may be created'); // Add Computer $input = array(); $input['name'] = 'pc2'; $input['entities_id'] = 0; $pc2 = $computer->add($input); // Check computer pc1 not added in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '2', '[f3] 2 computers may be in component catalog'); // Check service of this computer created $a_services = $pmService->find(); $this->assertEquals(count($a_services), '2', '[s3] 2 services may be created'); // Remove pc2 $computer->delete(array('id' => $pc2), 1); // Check computer pc1 added in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '1', '[f4] Computer may be unique in component catalog'); // Check service of this computer created $a_services = $pmService->find(); $this->assertEquals(count($a_services), '1', '[s4] One service may be created'); // Modify rule $input['id'] = $rules_id; $input['condition'] = '{"field":["1"],"searchtype":["contains"],"contains":["tc"],"itemtype":"Computer","start":"0"}'; $pmComponentscatalog_rule->update($input); // Check no computer in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '0', '[f5] Computer may be deleted on rule update'); // Check service $a_services = $pmService->find(); $this->assertEquals(count($a_services), '0', '[s5] No service may be created'); // Modify rule $input['id'] = $rules_id; $input['condition'] = '{"field":["1"],"searchtype":["contains"],"contains":["pc"],"itemtype":"Computer","start":"0"}'; $pmComponentscatalog_rule->update($input); // Check computer pc1 added in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '1', '[f6] Computer may be unique in component catalog'); // Delete rule $pmComponentscatalog_rule->delete(array('id' => $rules_id), 1); // Check not have computer in ressources $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'"); $this->assertEquals(count($a_hosts), '0', '[f7] must have no computer in component catalog'); // Check service $a_services = $pmService->find(); $this->assertEquals(count($a_services), '0', '[s7] No service may be created'); }
$computer = new Computer(); //Add a new computer if (isset($_POST["add"])) { $computer->check(-1, CREATE, $_POST); if ($newID = $computer->add($_POST)) { Event::log($newID, "computers", 4, "inventory", sprintf(__('%1$s adds the item %2$s'), $_SESSION["glpiname"], $_POST["name"])); if ($_SESSION['glpibackcreated']) { Html::redirect($computer->getFormURL() . "?id=" . $newID); } } Html::back(); // delete a computer } else { if (isset($_POST["delete"])) { $computer->check($_POST['id'], DELETE); $ok = $computer->delete($_POST); if ($ok) { Event::log($_POST["id"], "computers", 4, "inventory", sprintf(__('%s deletes an item'), $_SESSION["glpiname"])); } $computer->redirectToList(); } else { if (isset($_POST["restore"])) { $computer->check($_POST['id'], DELETE); if ($computer->restore($_POST)) { Event::log($_POST["id"], "computers", 4, "inventory", sprintf(__('%s restores an item'), $_SESSION["glpiname"])); } $computer->redirectToList(); } else { if (isset($_POST["purge"])) { $computer->check($_POST['id'], PURGE); if ($computer->delete($_POST, 1)) {
/** * Clean links between GLPI and OCS from a list. * * @param $plugin_ocsinventoryng_ocsservers_id int : id of ocs server in GLPI * @param $ocslinks_id array : ids of ocslinks to clean * * @return nothing **/ static function cleanLinksFromList($plugin_ocsinventoryng_ocsservers_id, $ocslinks_id) { global $DB; $cfg_ocs = self::getConfig($plugin_ocsinventoryng_ocsservers_id); foreach ($ocslinks_id as $key => $val) { $query = "SELECT*\n FROM `glpi_plugin_ocsinventoryng_ocslinks`\n WHERE `id` = '{$key}'\n AND `plugin_ocsinventoryng_ocsservers_id`\n = '{$plugin_ocsinventoryng_ocsservers_id}'"; if ($result = $DB->query($query)) { if ($DB->numrows($result) > 0) { $data = $DB->fetch_array($result); $comp = new Computer(); if ($cfg_ocs['deleted_behavior']) { if ($cfg_ocs['deleted_behavior'] == 1) { $comp->delete(array("id" => $data["computers_id"]), 0); } else { if (preg_match('/STATE_(.*)/', $cfg_ocs['deleted_behavior'], $results)) { $tmp['id'] = $data["computers_id"]; $tmp['states_id'] = $results[1]; $tmp['entities_id'] = $data['entities_id']; $tmp["_nolock"] = true; $comp->update($tmp); } } } //Add history to indicates that the machine was deleted from OCS $changes[0] = '0'; $changes[1] = $data["ocsid"]; $changes[2] = ""; PluginOcsinventoryngOcslink::history($data["computers_id"], $changes, PluginOcsinventoryngOcslink::HISTORY_OCS_DELETE); $query = "DELETE\n FROM `glpi_plugin_ocsinventoryng_ocslinks`\n WHERE `id` = '" . $data["id"] . "'"; $DB->query($query); } } } }
/** * @depends testInitSessionCredentials */ public function testInjection($session_token) { $res = $this->doHttpRequest('POST', 'Computer/', ['headers' => ['Session-Token' => $session_token], 'json' => ['input' => ['name' => "my computer', (SELECT `password` from `glpi_users` as `otherserial` WHERE `id`=2), '0 ' , '2016-10-26 00:00:00', '2016-10-26 00 :00 :00')#", 'otherserial' => "Not hacked"]]]); $body = $res->getBody(); $data = json_decode($body, true); $new_id = $data['id']; $computer = new Computer(); $computer_exists = $computer->getFromDB($new_id); $this->assertTrue((bool) $computer_exists, 'Computer does not exists :\'('); $is_password = $computer->fields['otherserial'] != 'Not hacked'; $this->assertFalse($is_password, 'Add SQL injection spotted!'); $res = $this->doHttpRequest('PUT', 'Computer/', ['headers' => ['Session-Token' => $session_token], 'json' => ['input' => ['id' => $new_id, 'serial' => "abcdef', `otherserial`='injected"]]]); $computer->getFromDB($new_id); $is_injected = $computer->fields['otherserial'] === 'injected'; $this->assertFalse($is_injected, 'Update SQL injection spotted!'); $computer = new Computer(); $computer->delete(['id' => $new_id], true); }