harden CSV encoding and process execution handling#7196
Open
somethingwithproof wants to merge 4 commits into
Open
harden CSV encoding and process execution handling#7196somethingwithproof wants to merge 4 commits into
somethingwithproof wants to merge 4 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR focuses on hardening command execution, SQL construction, and CSV/HTML output handling to reduce injection risk and improve robustness when external processes fail to spawn.
Changes:
- Add safer escaping/casting for shell commands and improve handling of
proc_open()/popen()failures. - Introduce CSV cell encoding to mitigate spreadsheet formula injection and apply it across exports.
- Add SQL helpers/quoting to reduce injection risk in query filters and
IN (...)clauses.
Reviewed changes
Copilot reviewed 25 out of 25 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| script_server.php | Casts Windows PID to int before using it in TASKLIST command. |
| remote_agent.php | Avoids reading from pipes when proc_open() fails; adds fallback logging. |
| lib/spikekill.php | Uses stronger randomness for temp naming; logs RRDtool dump failures. |
| lib/snmpagent.php | Builds snmptrap args as tokens (array) to reduce shell-splitting/injection risk. |
| lib/snmp.php | Captures exec() return code to detect SNMP failures beyond “Timeout” text. |
| lib/rrdcheck.php | Guards against proc_open() failure before using pipes. |
| lib/rrd.php | Logs RRDtool launch failures when popen() returns false. |
| lib/reports.php | Escapes report runner command before execution. |
| lib/html_graph.php | Quotes regex filter and uses a safe IN-clause helper. |
| lib/html.php | Integer-coerces graph template ids and DB-derived template ids. |
| lib/graph_variables.php | Skips non-finite datapoints in summation; avoids undefined percentile index. |
| lib/functions.php | Extends exec_into_array() to return exit code; adds cacti_csv_cell(). |
| lib/dsstats.php | Guards against proc_open() failure before using pipes. |
| lib/database.php | Adds db_in_clause() helper for safer IN (...) predicates. |
| lib/boost.php | Escapes configured PHP binary path before building command line. |
| lib/auth.php | Skips empty/invalid CSV mapping lines when resolving basic auth usernames. |
| install/functions.php | Uses CSV parsing for color import; uses parameter binding consistently for read_only. |
| host.php | Adds CSV formula-trigger prefixing to exported host fields. |
| graph_xport.php | Uses cacti_csv_cell() for CSV export; HTML-escapes table headers/unexpected values. |
| color.php | Uses cacti_csv_cell() in color CSV export. |
| cmd_realtime.php | Adds proc_open() failure handling before reading pipes. |
| cmd.php | Adds proc_open() failure handling before reading pipes; logs fallback. |
| cli/splice_rrd.php | Escapes RRDtool command and arguments passed to shell_exec(). |
| cli/migrate_poller.php | Removes separate rollback CSV output; updates messages/help to reflect new behavior. |
| automation_devices.php | Uses cacti_csv_cell() throughout discovery results CSV export. |
somethingwithproof
force-pushed
the
harden/csv-process-defensive
branch
from
dd81bf6 to
c992520
Compare
Route CSV export cells through a shared cacti_csv_cell() helper so values with quotes, commas, or leading formula characters round-trip correctly, and add defensive guards on shell construction, unchecked proc_open handles, discarded exec exit codes, and gap values in nth-percentile fetch math. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
force-pushed
the
harden/csv-process-defensive
branch
2 times, most recently
from
a0932d7 to
3ec0827
Compare
- escape poller_id in cmd_realtime proc_open command to match remote_agent Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
force-pushed
the
harden/csv-process-defensive
branch
from
3ec0827 to
ae74853
Compare
…rocess failures - exempt numeric values from the CSV formula-injection prefix and preserve empty snmptrap positions while bailing out when the RRDtool process fails to spawn Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Clears the level 6 alreadyNarrowedType error on lib/data_query.php:2591 that develop currently emits, matching the sibling narrowing identifiers already ignored. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Routes CSV export cells through a shared
cacti_csv_cell()helper so values containing quotes, commas, or leading formula characters round-trip correctly across the graph, color, device, and discovery exporters.Adds defensive guards on the process-execution paths:
is_resource()checks before readingproc_openpipes (cmd, cmd_realtime, remote_agent, dsstats, rrdcheck), falling back to the existing direct path on spawn failureexec_into_arrayexec_background) and the rrdtool CLI dump pathsNo functional change to success paths. All touched files pass
php -l.