From 66a7bdfc84f898e5b4eb3fd4765b70e963a2facb Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Tue, 22 Mar 2016 18:21:20 +0100 Subject: [PATCH] MonitoredObject: implement hideBlacklistedProperties() refs #10965 --- .../Monitoring/Object/MonitoredObject.php | 85 ++++++++++++++++++- 1 file changed, 84 insertions(+), 1 deletion(-) diff --git a/modules/monitoring/library/Monitoring/Object/MonitoredObject.php b/modules/monitoring/library/Monitoring/Object/MonitoredObject.php index ccd8f4b07..1f1ba7375 100644 --- a/modules/monitoring/library/Monitoring/Object/MonitoredObject.php +++ b/modules/monitoring/library/Monitoring/Object/MonitoredObject.php @@ -5,6 +5,7 @@ namespace Icinga\Module\Monitoring\Object; use stdClass; use InvalidArgumentException; +use Icinga\Authentication\Auth; use Icinga\Application\Config; use Icinga\Data\Filter\Filter; use Icinga\Data\Filterable; @@ -147,6 +148,13 @@ abstract class MonitoredObject implements Filterable */ protected $stats; + /** + * The properties to hide from the user + * + * @var array + */ + protected $blacklistedProperties = null; + /** * Create a monitored object, i.e. host or service * @@ -457,7 +465,9 @@ abstract class MonitoredObject implements Filterable $customvars = $this->hostVariables; } - $this->customvars = $this->obfuscateCustomVars($customvars, $blacklistPattern); + $this->customvars = $customvars; + $this->hideBlacklistedProperties(); + $this->customvars = $this->obfuscateCustomVars($this->customvars, $blacklistPattern); return $this; } @@ -485,6 +495,79 @@ abstract class MonitoredObject implements Filterable return $customvars instanceof stdClass ? (object) $obfuscatedCustomVars : $obfuscatedCustomVars; } + /** + * Hide all blacklisted properties from the user as restricted by monitoring/blacklist/properties + * + * Currently this only affects the custom variables + */ + protected function hideBlacklistedProperties() + { + if ($this->blacklistedProperties === null) { + $this->blacklistedProperties = array(); + foreach (Auth::getInstance()->getRestrictions('monitoring/blacklist/properties') as $patterns) { + foreach (explode(',', $patterns) as $pattern) { + $pattern = explode('.', $pattern); + foreach ($pattern as & $subPattern) { + $subPattern = explode('*', $subPattern); + foreach ($subPattern as & $subPatternPart) { + if ($subPatternPart !== '') { + $subPatternPart = preg_quote($subPatternPart, '/'); + } + unset($subPatternPart); + } + $subPattern = '/^' . implode('.*', $subPattern) . '$/'; + unset($subPattern); + } + + $this->blacklistedProperties[] = $pattern; + } + } + } + + $allProperties = array($this->type => array('vars' => $this->customvars)); + foreach ($this->blacklistedProperties as $blacklistedProperty) { + $allProperties = $this->hideBlacklistedPropertiesRecursive($allProperties, $blacklistedProperty); + } + $this->customvars = $allProperties[$this->type]['vars']; + } + + /** + * Helper method for hideBlacklistedProperties() + * + * @param stdClass|array $allProperties + * @param array $blacklistedProperty + * + * @return stdClass|array + */ + protected function hideBlacklistedPropertiesRecursive($allProperties, $blacklistedProperty) + { + $isObject = $allProperties instanceof stdClass; + if ($isObject || is_array($allProperties)) { + if ($isObject) { + $allProperties = (array) $allProperties; + } + + $currentLevel = $blacklistedProperty[0]; + $nextLevels = count($blacklistedProperty) === 1 ? null : array_slice($blacklistedProperty, 1); + foreach ($allProperties as $k => & $v) { + if (preg_match($currentLevel, (string) $k)) { + if ($nextLevels === null) { + unset($allProperties[$k]); + } else { + $v = $this->hideBlacklistedPropertiesRecursive($v, $nextLevels); + } + } + unset($v); + } + + if ($isObject) { + $allProperties = (object) $allProperties; + } + } + + return $allProperties; + } + /** * Fetch the host custom variables related to this object *