tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,008 Commits 120 Branches 71 Tags 80 MiB
Commit Graph

14008 Commits

Author SHA1 Message Date
Johannes Meyer c027282d8c Test: Load a module's composer autoloader 2023-08-31 10:18:37 +02:00
Sukhwinder Dhillon 3c3437dafa Github Actions: Do not cancel further tests if one fails 2023-08-30 16:25:32 +02:00
Sukhwinder Dhillon f283c81ed2 ActionController: Always read icingaweb config for csp 
Method `$this->Config()` returns config based of current module.
 2023-08-30 10:04:46 +02:00
Johannes Meyer c3b1ad12ab loader.js: Don't update history for redirects 
A redirect now also does NOT:

* Remove `.impact` from the container
* Try to set a menu item active..

fixes #4879
 2023-08-29 15:02:44 +02:00
Johannes Meyer b201b030b2
Fix CSP violations (#5060) 2023-08-28 17:15:39 +02:00
raviks789 35b2145754 Workflow: Setup `ipl/web` dependency for unit test 2023-08-28 17:06:20 +02:00
raviks789 75c409703d Ignore phpstan errors related to `DOMDocument` or `DOMElement` 2023-08-28 17:06:15 +02:00
raviks789 d2a40e088d `FormTest`: Remove mocke `Icinga\Web\Session` in test `testWhetherACsrfCounterMeasureIsBeingAdded()` 
Since a fake session is already being instantiated in `BaseTestCase` there is no need to mock the class `Icinga\Web\Session`.
 2023-08-28 16:56:51 +02:00
raviks789 33b6c01fe2 Create fake session to write csp nonces to it 
`Csp::createnonces()` writes to a window aware session and hence a fake base session
is created in `BaseTestCase::setUp()` method
 2023-08-28 16:56:51 +02:00
raviks789 282b4d564a Add `style` element to SVGs 
The ruleset returned by `Styleable::getStyle()` is added to the SVG.
 2023-08-28 16:56:51 +02:00
raviks789 97a14d7b18 Modify `Styleable` to avoid using static inline styles 
To prevent CSP violation the following changes has been made in `Styleable::class`:
1) `Styleable::getStyle()` method is modified to return `ipl\Web\Style::class`
2) `Styleable::additionalStyle` property type is changed to array
3) `Styleable::setAdditionalStyle()` parameter type is changed to array
 2023-08-28 16:56:49 +02:00
raviks789 4e8107c231 RoleForm: Replace static inline styles with css class 
The static inline style for resetriction text element is replaced with css class `role-restriction-text`
to avoid Content-Security-Policy violations.
 2023-08-28 16:40:37 +02:00
raviks789 afd2a65df6 Add `nonce` attribute to `<style>` elements 
`nonce` attribute needs to be set on the style elements to avoid CSP violations.
 2023-08-28 16:40:37 +02:00
raviks789 da1bf7048d Remove inline scripts 
Remove inline scripts present in `layout.phtml` and `logout.phtml` to prevent CSP violation.
 2023-08-28 16:40:37 +02:00
raviks789 33a5f765b9 Use `style` element to create css class for dynamic inline style 
The `style` element with `nonce` attribute is used to create css classes for
inline styles that are not static. This prevents Content-Security-Policy violations.
 2023-08-28 16:40:33 +02:00
raviks789 459f4198c3 Replace static inline styles with css class 
The static inline styles are replaced with css class to avoid Content-Security-Policy violations.
 2023-08-28 16:30:12 +02:00
Johannes Meyer 511f507c60
Allow Enabling Strict Content Security Policy (CSP) (#5059) 2023-08-28 16:15:09 +02:00
Yonas Habteab 6f39194b0c Add `CSP` documentation 2023-08-28 16:01:52 +02:00
Yonas Habteab 3b7f054534 Initiate full page reload upon `CSP` config change 2023-08-28 12:42:32 +02:00
Johannes Meyer e3ebe109eb Enable strict CSP if configured 2023-08-28 12:42:32 +02:00
Eric Lippmann 1cd1b500b3 Add helper to enable strict CSP 2023-08-28 12:42:32 +02:00
Eric Lippmann 0bac6cfe07 Config: Add setting to enable strict CSP 2023-08-24 16:02:06 +02:00
Johannes Meyer 6c68578a6c
Github Actions: Add PhpStan (#5040) 
Blocked by: #5061 
closes #5052, https://github.com/Icinga/icingaweb2/pull/4920,
https://github.com/Icinga/icingaweb2/pull/5003
 2023-08-23 11:53:21 +02:00
Sukhwinder Dhillon 2818757bc6 phpstan: Ignore `LdapCapabilities/LdapConnection` errors 
- ldap_connect() returns `LDAP\Connection` in php >= 81
 2023-08-23 11:37:00 +02:00
Sukhwinder Dhillon fe24d7809f Phpstan: Set level to max and add baseline file 
- Remove already default flags in `max` level
- Don't ingnore Zend_* errors explicitly (added to baseline)
 2023-08-23 11:37:00 +02:00
Sukhwinder Dhillon 3f3f0a1f67 GlobFilter::__construct(): Add possible param type hint 2023-08-23 11:37:00 +02:00
Sukhwinder Dhillon 0cf97d5825 Workflow: clone the remote `head`, regardless of the branch name 2023-08-23 11:36:30 +02:00
raviks789 9887a2d622 `ConfigTest`: Define property `$oldConfigDir` 
Use of dynamic property is deprecated since PHP 8.2
 2023-08-23 10:53:15 +02:00
Yonas Habteab a82e3b2320 Stylable: Fix `strokeWidth` type hint declaration 2023-08-23 10:53:15 +02:00
Yonas Habteab 55b4a5eb63 StaticController: Pass only strings to `str_pad` as first argument 2023-08-23 10:53:15 +02:00
Yonas Habteab a965b5c44b Fix argument type hints 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon ffe84507f9 Host/Servie::getDataView(): Fix return class name case 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 2fa9aaedb0 (Host/Service)status: Fix class name case 2023-08-23 10:53:15 +02:00
raviks789 19151763af `UrlParams`: Fix parameter types of `addValues()` method 2023-08-23 10:53:15 +02:00
raviks789 eed1b0a680 `Url`: Fix type of parameter `$values` of `with()` method 2023-08-23 10:53:15 +02:00
raviks789 6353f79528 `VersionCommand`: Avoid using deprecated `${}` string interpolation 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon fd984c5798 Loader: Fix `Variable '$obj' is probably undefined` 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 17c2a19e28 ObjectList: Pass the correct value to `unset()` 
- $featureStatus is an associative array
 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon e3ce1c4b2d (Hosts/Services)Controller: Cannot check `ObjectList` instance with `! empty()` 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 5d5b767afe Setup Module (finish.phtml): Add empty array if $report is null 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 6f04c54f3c ListController::createTabs(): Add missing return statement 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 907486ccac NavigationItemRenderer::setOptions(): Add missing return statement 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 66c4fc404e LocalFileStorage::create(): Add missing return statement 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon ee9d139a3a PhpDoc: Fix incorrect `@param` and `@return` type hints 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon 8d55385e38 HealthController: Add return statement in new line because `render()` returns nothing 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon 63556849c9 HostnotificationQuery: Fix `Variable '$$concattedContacts' is probably undefined` 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon 8960324fcd ResourceStep: Fix `Variable '$dbHtml, $ldapHtml' are probably undefined` 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon e5981ed2b5 GeneralConfigStep: Fix `Variable '$typeDescription, $typeSpecificHtml' are probably undefined` 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon 07e272f3cc RequirementsRenderer: Add `$tags` explicitly as non-dynamic property 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon 8cfc40affe RequirementSet: Fix `sprintf` args 2023-08-23 10:53:14 +02:00