Skip to content

CTOR-2244 [apps::atlassian::statuspage] - new plugin#6073

Open
garnier-quentin wants to merge 19 commits intocentreon:developfrom
garnier-quentin:CTOR-2244-atlassian-statuspage
Open

CTOR-2244 [apps::atlassian::statuspage] - new plugin#6073
garnier-quentin wants to merge 19 commits intocentreon:developfrom
garnier-quentin:CTOR-2244-atlassian-statuspage

Conversation

@garnier-quentin
Copy link
Copy Markdown
Contributor

@garnier-quentin garnier-quentin commented Mar 26, 2026
edited by aikido-pr-checks bot
Loading

Community contributors

Description

New plugin to Atlassian statuspage with json public files

CTOR-2244

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Functionality enhancement or optimization (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

$ perl centreon_plugins.pl --plugin=apps::atlassian::statuspage::plugin --mode=components --hostname='status.api.video' --verbose
OK: All components are ok
Component 'Video On Demand' status: operational
Component 'Live Streaming' status: operational
Component 'User space' status: operational
Component 'Web services' status: operational
Component 'Video Player' status: operational

Checklist

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (develop).
  • I have provide data or shown output displaying the result of this code in the plugin area concerned.

Summary by Aikido

Security Issues: 0 🔍 Quality Issues: 1 Resolved Issues: 0

🚀 New Features

  • Added Centreon plugin for Atlassian Statuspage with components and packaging

More info

omercier and others added 19 commits March 20, 2025 16:36
@omercier
fix(ci): add missing image + fix path for tests on noble
4909454
@omercier
fix(ci): add missing image + fix path for tests on noble (centreon#5516)
9274e64 
Refs: CTOR-1451
@garnier-quentin
Merge branch 'centreon:develop' into develop
e74825a
@garnier-quentin
Merge branch 'centreon:develop' into develop
75a686f
@garnier-quentin
Merge branch 'centreon:develop' into develop
06d9cca
@garnier-quentin
Merge branch 'centreon:develop' into develop
a655ae5
@garnier-quentin
Merge branch 'centreon:develop' into develop
0e2a2c2
@garnier-quentin
Merge branch 'centreon:develop' into develop
868a37b
@garnier-quentin
Merge branch 'centreon:develop' into develop
6fd626e
@garnier-quentin
Merge branch 'centreon:develop' into develop
cf2d401
@garnier-quentin
Merge branch 'centreon:develop' into develop
7930cbe
@garnier-quentin
Merge branch 'centreon:develop' into develop
7ef7c1c
@garnier-quentin
Merge branch 'centreon:develop' into develop
adbb960
@garnier-quentin
Merge branch 'centreon:develop' into develop
4b45367
@garnier-quentin
Merge branch 'centreon:develop' into develop
dc85ae4
@garnier-quentin
Merge branch 'centreon:develop' into develop
4243e13
@garnier-quentin
Merge branch 'centreon:develop' into develop
b6020da
@garnier-quentin
Merge branch 'centreon:develop' into develop
339e322
@garnier-quentin
wip
55acdb5
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Mar 26, 2026
View reviewed changes
src/apps/atlassian/statuspage/mode/components.pm
foreach (@{$results->{components}}) {
next if (defined($self->{option_results}->{filter_component_id}) && $self->{option_results}->{filter_component_id} ne '' &&
$_->{id} !~ /$self->{option_results}->{filter_component_id}/);
next if (defined($self->{option_results}->{filter_component_name}) && $self->{option_results}->{filter_component_name} ne '' &&
Copy link
Copy Markdown

@aikido-pr-checks aikido-pr-checks bot Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

User-supplied --filter-component-name is interpolated directly into a regex ( $_->{name} !~ /$self->{option_results}->{filter_component_name}/ ). Validate or escape the input before using it in a regex to avoid regex injection/DoS.

Details

✨ AI Reasoning
​The code builds regular expressions directly from values that can be provided by users (CLI options). Direct interpolation into regex literals can allow crafted input to change matching behavior, cause runtime errors, or trigger catastrophic backtracking. The problematic expressions are used for filtering and are not sanitized or validated. This was introduced by the new component filtering logic that applies these option values directly into regex matches.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Copy link
Copy Markdown
Contributor Author

@garnier-quentin garnier-quentin Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal of that option is to used regexp. If we escape regexp, we cant use regexp. That alert is not very smart in our context i think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

external

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@garnier-quentin @omercier