From fb438e6aaf133cc5f9d25130653ba8fdc6ecf51f Mon Sep 17 00:00:00 2001 From: Maximilien Bersoult Date: Wed, 2 May 2018 14:05:57 +0200 Subject: [PATCH] fix(sec): Fix execution command by rrdtool command line * Fix execution command by rrdtool command line in Virtual Metrics * Fix execution command by rrdtool command line in graph images --- www/class/centreonGraph.class.php | 88 +++++++++++++++++-------------- 1 file changed, 47 insertions(+), 41 deletions(-) diff --git a/www/class/centreonGraph.class.php b/www/class/centreonGraph.class.php index e0c3e1898ba..e7cceeb385d 100644 --- a/www/class/centreonGraph.class.php +++ b/www/class/centreonGraph.class.php @@ -134,7 +134,7 @@ public function __construct($user_id, $index = null, $debug = 0, $compress = nul } (!isset($compress)) ? $this->compress = 1 : $this->compress = $compress; - + /* * User ID / Contact ID */ @@ -749,10 +749,8 @@ public function initCurveList() $this->RRDoptions["upper-limit"] ); } - $this->addArgument( - "DEF:vi" . $cpt . "=" . $this->dbPath . $key . ".rrd:value:AVERAGE CDEF:v" . $cpt . - "=vi" . $cpt . ",-1,*" - ); + $this->addArgument('DEF:vi' . $cpt . '=' . $this->dbPath . $key . '.rrd:value:AVERAGE'); + $this->addArgument('CDEF:v' . $cpt . '=vi' . $cpt . ',-1,*'); if (isset($tm["warn"]) && $tm["warn"] != 0) { $tm["warn"] *= -1; } @@ -841,7 +839,7 @@ public function createLegend() "Crit"=>"#F91D05", "Unk"=>"#2AD1D4", "In_Use"=>"#13EB3A", "Max_Used"=>"#F91D05", "Total_Available"=>"#2AD1D4" ); - + $cpt = 0; $rpn_values = ""; $rpn_expr = ""; @@ -849,7 +847,7 @@ public function createLegend() if (in_array($tm['metric'], $currentColors)) { $tm["ds_color_line"] = $currentColors[$tm['metric']]; } - + if (isset($tm["need"]) && $tm["need"] == 1) { continue; } @@ -880,7 +878,14 @@ public function createLegend() } $rpn_values .= $this->vname[$tm["metric"]] . ",UN,0," . $this->vname[$tm["metric"]] . ",IF,"; $rpn_expr .= ",+"; - $this->addArgument($arg); + if (strpos($arg, ' ') === false) { + $this->addArgument($arg); + } else { + $args = explode(' ', $arg); + foreach ($args as $arg2) { + $this->addArgument($arg2); + } + } if ($this->onecurve && isset($tm["warn"]) && $tm["warn"] != 0 && isset($tm["crit"]) && $tm["crit"] != 0) { $this->addArgument("AREA:ow" . $nb . $tm["ds_color_area_warn"] . "CF::STACK"); @@ -888,13 +893,13 @@ public function createLegend() } } - + if (!isset($tm["ds_stack"]) || !$tm["ds_stack"] || $cpt == 0) { $arg = "LINE" . $tm["ds_tickness"] . ":" . $this->vname[$tm["metric"]]; } else { $arg = "LINE" . $tm["ds_tickness"] . ":vc" . $cpt; } - $arg .= $tm["ds_color_line"] . ":'"; + $arg .= $tm["ds_color_line"] . ":"; } if (!$this->checkcurve) { @@ -906,44 +911,48 @@ public function createLegend() if (!$this->onecurve && isset($tm["ds_hidecurve"]) && $tm["ds_hidecurve"] == 1) { $arg .= " "; } - $arg .= "'"; $this->addArgument($arg); - $vdefs = ""; - $prints = ""; - - + $vdefs = array(); + $prints = array(); + + foreach (array("last" => "LAST", "min" => "MINIMUM", "max" => "MAXIMUM", "average" => "AVERAGE", "total" => "TOTAL") as $name => $cf) { if (!$tm["ds_" . $name]) { continue; } $dispname = ucfirst($name); - $vdefs .= "VDEF:" . $this->vname[$tm["metric"]] . $dispname . "=" . - $this->vname[$tm["metric"]] . "," . $cf . " "; + $vdefs[] = "VDEF:" . $this->vname[$tm["metric"]] . $dispname . "=" . + $this->vname[$tm["metric"]] . "," . $cf; if (($name == "min" || $name == "max") && (isset($tm['ds_minmax_int']) && $tm['ds_minmax_int'])) { $displayformat = "%7.0lf"; } else { $displayformat = "%7.2lf"; } - $prints .= "GPRINT:" . $this->vname[$tm["metric"]] . $dispname.":\"" . - $dispname . "\:" . $displayformat . ($this->gprintScaleOption) . "\" "; + $prints[] = "GPRINT:" . $this->vname[$tm["metric"]] . $dispname.":" . + $dispname . "\:" . $displayformat . ($this->gprintScaleOption); + } + foreach ($vdefs as $vdef) { + $this->addArgument($vdef); + } + foreach ($prints as $print) { + $this->addArgument($print); } - $this->addArgument($vdefs); - $this->addArgument($prints . "COMMENT:\"\\l\""); + $this->addArgument("COMMENT:\\l"); if ($this->onecurve) { if (isset($tm["warn"]) && !empty($tm["warn"]) && $tm["warn"] != 0) { $this->addArgument( - "HRULE:" . $tm["warn"] . $tm["ds_color_area_warn"] . ":\"Warning \: " . - $this->humanReadable($tm["warn"], $tm["unit"]) . "\\l\" " + "HRULE:" . $tm["warn"] . $tm["ds_color_area_warn"] . ":Warning \: " . + $this->humanReadable($tm["warn"], $tm["unit"]) . "\\l " ); } if (isset($tm["crit"]) && !empty($tm["crit"]) && $tm["crit"] != 0) { $this->addArgument( - "HRULE:" . $tm["crit"] . $tm["ds_color_area_crit"] . ":\"Critical \: " . - $this->humanReadable($tm["crit"], $tm["unit"]) . "\"" + "HRULE:" . $tm["crit"] . $tm["ds_color_area_crit"] . ":Critical \: " . + $this->humanReadable($tm["crit"], $tm["unit"]) ); } } @@ -953,7 +962,7 @@ public function createLegend() $tm["ds_jumpline"] = 0; } while ($cline < $tm["ds_jumpline"]) { - $this->addArgument("COMMENT:\"\\c\""); + $this->addArgument("COMMENT:\\c"); $cline++; } } @@ -982,7 +991,7 @@ private function humanReadable($l_value = null, $l_unit = null) } else { $l_base = 1000; } - + $l_px = array( "8" => array( "1000" => "Y", @@ -1257,9 +1266,6 @@ public function setColor($name, $value) */ public function setRRDOption($name, $value = null) { - if (strpos($value, " ")!==false) { - $value = "'".$value."'"; - } $this->RRDoptions[$name] = $value; } @@ -1366,17 +1372,17 @@ public function displayImageFlow() } foreach ($this->RRDoptions as $key => $value) { - $commandLine .= "--".$key; + $commandLine .= '--' . $key; if (isset($value)) { - $commandLine .= "=".$value; + $commandLine .= '=' . escapeshellarg($value); } - $commandLine .= " "; + $commandLine .= ' '; } foreach ($this->colors as $key => $value) { - $commandLine .= "--color ".$key.$value." "; + $commandLine .= '--color ' . escapeshellarg($key . $value) . ' '; } foreach ($this->fonts as $key => $value) { - $commandLine .= "--font ".$key.$value." "; + $commandLine .= '--font ' . escapeshellarg($key . $value) . ' '; } /* @@ -1387,10 +1393,10 @@ public function displayImageFlow() $rrd_time = str_replace(":", "\:", $rrd_time); $rrd_time2 = addslashes($this->GMT->getDate("Y\/m\/d G:i", $this->RRDoptions["end"])) ; $rrd_time2 = str_replace(":", "\:", $rrd_time2); - $commandLine .= " COMMENT:\" From $rrd_time to $rrd_time2 \\c\" "; + $commandLine .= escapeshellarg('COMMENT: From ' . $rrd_time . ' to ' . $rrd_time2 . ' \\c'); } foreach ($this->arguments as $arg) { - $commandLine .= " ".$arg." "; + $commandLine .= ' ' . escapeshellarg($arg) . ' '; } $gmt_export = ""; $commandLine = preg_replace("/(\\\$|`)/", "", $commandLine); @@ -1652,7 +1658,7 @@ private function manageVMetric($vId, $vName, $indexId) $l_mlist = preg_split("/\,/", $lVmetric["rpn_function"]); foreach ($l_mlist as $l_mnane) { /* - * Check for a real metric + * Check for a real metric */ $l_poqy = $this->DBC->query( "SELECT host_id, service_id, metric_id, metric_name, unit_name, @@ -1814,7 +1820,7 @@ protected function flushRrdcached($metricsId) @fclose($sock); return true; } - + /** * Returns index data id * @@ -1824,7 +1830,7 @@ protected function flushRrdcached($metricsId) */ public function getIndexDataId($hostId, $serviceId) { - $sql = "SELECT id FROM index_data + $sql = "SELECT id FROM index_data WHERE host_id = " . $this->DBC->escape($hostId) . " AND service_id = " . $this->DBC->escape($serviceId); $res = $this->DBC->query($sql); @@ -1834,7 +1840,7 @@ public function getIndexDataId($hostId, $serviceId) } return 0; } - + /** * Returns true if status graph exists *