Example #1
0
 public function testPHPlogs()
 {
     global $CFG_GLPI, $PLUGIN_HOOKS;
     $_SESSION['glpi_use_mode'] = 2;
     $_SESSION["glpiID"] = 2;
     $_SESSION["glpiactiveentities_string"] = 0;
     $PLUGIN_HOOKS = plugin_init_monitoring();
     plugin::load("monitoring");
     $CFG_GLPI['root_doc'] = "http://127.0.0.1/fusion0.80/";
     loadLanguage("en_GB");
     $pmComponent = new PluginMonitoringComponent();
     $pmComponentscatalog = new PluginMonitoringComponentscatalog();
     $pmComponentscatalog_Component = new PluginMonitoringComponentscatalog_Component();
     $pmComponentscatalog_rule = new PluginMonitoringComponentscatalog_rule();
     $pmComponentscatalog_Host = new PluginMonitoringComponentscatalog_Host();
     $pmService = new PluginMonitoringService();
     $computer = new Computer();
     // Add components
     $input = array();
     $input['name'] = 'Host alive';
     $input['plugin_monitoring_commands_id '] = '21';
     $input['plugin_monitoring_checks_id'] = '1';
     $input['calendars_id'] = '1';
     $components_id = $pmComponent->add($input);
     // Add components catalog
     $input = array();
     $input['name'] = 'linux servers';
     $catalogs_id = $pmComponentscatalog->add($input);
     $input = array();
     $input['plugin_monitoring_componentscalalog_id'] = $catalogs_id;
     $input['plugin_monitoring_components_id'] = $components_id;
     $pmComponentscatalog_Component->add($input);
     // Add Computer
     $input = array();
     $input['name'] = 'pc1';
     $input['entities_id'] = 0;
     $pc1 = $computer->add($input);
     // Check computer pc1 not added in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '0', '[f1] Computer in component cataglog and may not be');
     $input = array();
     $input['plugin_monitoring_componentscalalog_id'] = $catalogs_id;
     $input['name'] = 'all have name';
     $input['itemtype'] = 'Computer';
     $input['condition'] = '{"field":["1"],"searchtype":["contains"],"contains":["pc"],"itemtype":"Computer","start":"0"}';
     $rules_id = $pmComponentscatalog_rule->add($input);
     // Check computer pc1 not added in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '1', '[f2] Computer may be in component catalog');
     // Check service of this computer created
     $a_services = $pmService->find();
     $this->assertEquals(count($a_services), '1', '[s2] One service may be created');
     // Add Computer
     $input = array();
     $input['name'] = 'pc2';
     $input['entities_id'] = 0;
     $pc2 = $computer->add($input);
     // Check computer pc1 not added in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '2', '[f3] 2 computers may be in component catalog');
     // Check service of this computer created
     $a_services = $pmService->find();
     $this->assertEquals(count($a_services), '2', '[s3] 2 services may be created');
     // Remove pc2
     $computer->delete(array('id' => $pc2), 1);
     // Check computer pc1 added in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '1', '[f4] Computer may be unique in component catalog');
     // Check service of this computer created
     $a_services = $pmService->find();
     $this->assertEquals(count($a_services), '1', '[s4] One service may be created');
     // Modify rule
     $input['id'] = $rules_id;
     $input['condition'] = '{"field":["1"],"searchtype":["contains"],"contains":["tc"],"itemtype":"Computer","start":"0"}';
     $pmComponentscatalog_rule->update($input);
     // Check no computer in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '0', '[f5] Computer may be deleted on rule update');
     // Check service
     $a_services = $pmService->find();
     $this->assertEquals(count($a_services), '0', '[s5] No service may be created');
     // Modify rule
     $input['id'] = $rules_id;
     $input['condition'] = '{"field":["1"],"searchtype":["contains"],"contains":["pc"],"itemtype":"Computer","start":"0"}';
     $pmComponentscatalog_rule->update($input);
     // Check computer pc1 added in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '1', '[f6] Computer may be unique in component catalog');
     // Delete rule
     $pmComponentscatalog_rule->delete(array('id' => $rules_id), 1);
     // Check not have computer in ressources
     $a_hosts = $pmComponentscatalog_Host->find("`plugin_monitoring_componentscalalog_id`='" . $catalogs_id . "'");
     $this->assertEquals(count($a_hosts), '0', '[f7] must have no computer in component catalog');
     // Check service
     $a_services = $pmService->find();
     $this->assertEquals(count($a_services), '0', '[s7] No service may be created');
 }
Example #2
0
$computer = new Computer();
//Add a new computer
if (isset($_POST["add"])) {
    $computer->check(-1, CREATE, $_POST);
    if ($newID = $computer->add($_POST)) {
        Event::log($newID, "computers", 4, "inventory", sprintf(__('%1$s adds the item %2$s'), $_SESSION["glpiname"], $_POST["name"]));
        if ($_SESSION['glpibackcreated']) {
            Html::redirect($computer->getFormURL() . "?id=" . $newID);
        }
    }
    Html::back();
    // delete a computer
} else {
    if (isset($_POST["delete"])) {
        $computer->check($_POST['id'], DELETE);
        $ok = $computer->delete($_POST);
        if ($ok) {
            Event::log($_POST["id"], "computers", 4, "inventory", sprintf(__('%s deletes an item'), $_SESSION["glpiname"]));
        }
        $computer->redirectToList();
    } else {
        if (isset($_POST["restore"])) {
            $computer->check($_POST['id'], DELETE);
            if ($computer->restore($_POST)) {
                Event::log($_POST["id"], "computers", 4, "inventory", sprintf(__('%s restores an item'), $_SESSION["glpiname"]));
            }
            $computer->redirectToList();
        } else {
            if (isset($_POST["purge"])) {
                $computer->check($_POST['id'], PURGE);
                if ($computer->delete($_POST, 1)) {
Example #3
0
 /**
  * Clean links between GLPI and OCS from a list.
  *
  * @param $plugin_ocsinventoryng_ocsservers_id int : id of ocs server in GLPI
  * @param $ocslinks_id array : ids of ocslinks to clean
  *
  * @return nothing
  **/
 static function cleanLinksFromList($plugin_ocsinventoryng_ocsservers_id, $ocslinks_id)
 {
     global $DB;
     $cfg_ocs = self::getConfig($plugin_ocsinventoryng_ocsservers_id);
     foreach ($ocslinks_id as $key => $val) {
         $query = "SELECT*\n                   FROM `glpi_plugin_ocsinventoryng_ocslinks`\n                   WHERE `id` = '{$key}'\n                         AND `plugin_ocsinventoryng_ocsservers_id`\n                                 = '{$plugin_ocsinventoryng_ocsservers_id}'";
         if ($result = $DB->query($query)) {
             if ($DB->numrows($result) > 0) {
                 $data = $DB->fetch_array($result);
                 $comp = new Computer();
                 if ($cfg_ocs['deleted_behavior']) {
                     if ($cfg_ocs['deleted_behavior'] == 1) {
                         $comp->delete(array("id" => $data["computers_id"]), 0);
                     } else {
                         if (preg_match('/STATE_(.*)/', $cfg_ocs['deleted_behavior'], $results)) {
                             $tmp['id'] = $data["computers_id"];
                             $tmp['states_id'] = $results[1];
                             $tmp['entities_id'] = $data['entities_id'];
                             $tmp["_nolock"] = true;
                             $comp->update($tmp);
                         }
                     }
                 }
                 //Add history to indicates that the machine was deleted from OCS
                 $changes[0] = '0';
                 $changes[1] = $data["ocsid"];
                 $changes[2] = "";
                 PluginOcsinventoryngOcslink::history($data["computers_id"], $changes, PluginOcsinventoryngOcslink::HISTORY_OCS_DELETE);
                 $query = "DELETE\n                         FROM `glpi_plugin_ocsinventoryng_ocslinks`\n                         WHERE `id` = '" . $data["id"] . "'";
                 $DB->query($query);
             }
         }
     }
 }
Example #4
0
 /**
  * @depends testInitSessionCredentials
  */
 public function testInjection($session_token)
 {
     $res = $this->doHttpRequest('POST', 'Computer/', ['headers' => ['Session-Token' => $session_token], 'json' => ['input' => ['name' => "my computer', (SELECT `password` from `glpi_users` as `otherserial` WHERE `id`=2), '0 ' , '2016-10-26 00:00:00', '2016-10-26 00 :00 :00')#", 'otherserial' => "Not hacked"]]]);
     $body = $res->getBody();
     $data = json_decode($body, true);
     $new_id = $data['id'];
     $computer = new Computer();
     $computer_exists = $computer->getFromDB($new_id);
     $this->assertTrue((bool) $computer_exists, 'Computer does not exists :\'(');
     $is_password = $computer->fields['otherserial'] != 'Not hacked';
     $this->assertFalse($is_password, 'Add SQL injection spotted!');
     $res = $this->doHttpRequest('PUT', 'Computer/', ['headers' => ['Session-Token' => $session_token], 'json' => ['input' => ['id' => $new_id, 'serial' => "abcdef', `otherserial`='injected"]]]);
     $computer->getFromDB($new_id);
     $is_injected = $computer->fields['otherserial'] === 'injected';
     $this->assertFalse($is_injected, 'Update SQL injection spotted!');
     $computer = new Computer();
     $computer->delete(['id' => $new_id], true);
 }