harden(mactrack): validate AJAX inputs and escape shell args in subprocess dispatch#334
Open
somethingwithproof wants to merge 6 commits into
Open
harden(mactrack): validate AJAX inputs and escape shell args in subprocess dispatch#334somethingwithproof wants to merge 6 commits into
somethingwithproof wants to merge 6 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the mactrack plugin’s AJAX-triggered scanner dispatch by validating request inputs, shell-escaping subprocess arguments, and reporting subprocess failures back in the JSON response.
Changes:
- Added request filtering (
get_filter_request_var()) fordevice_id/ifIndex/site_idprior to use in the AJAX rescan/site-scan handlers. - Escaped PHP binary path, script path, and DB-derived IDs via
cacti_escapeshellarg()before invokingpassthru(). - Captured
passthru()exit codes and added anerrorfield to the JSON payload on non-zero exit.
Comments suppressed due to low confidence (1)
lib/mactrack_functions.php:3194
- Same as
mactrack_rescan():erroris populated in the JSON response, but the current caller only displaysdata.content. If the subprocess exits non-zero with no output, users may still get an empty dialog; consider rendering the error intocontentor updating the JS client to handledata.error.
$data['content'] = ob_get_clean();
if ($exit_code !== 0) {
$data['error'] = 'site_scan process exited with code ' . intval($exit_code);
}
This was referenced May 17, 2026
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…code Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…emove global clobber Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…cti#327 - db_fetch_assoc_prepared for interfaces query in mactrack_functions.php - db_fetch_row_prepared for host/mt_device lookups in mactrack_actions.php - html_escape device_name/hostname in mactrack_devices.php - unserialize allowed_classes guard + html_escape in mactrack_view_macs.php Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…or surfacing Make --web conditional on $web param in mactrack_site_scan (was always added). Append subprocess exit-code errors to data['content'] so the AJAX client shows failures rather than an empty dialog. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
force-pushed
the
hardening/mactrack
branch
from
2fb9d14 to
0c45b3e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
get_filter_request_var()beforeget_request_var()inmactrack_rescan()andmactrack_site_scan()to enforce the Cacti input-validation contract at AJAX shell-dispatch entry points$webfromglobal $config, $web;inmactrack_site_scan()to prevent the parameter from being silently clobbered by the global scope valuecacti_escapeshellarg()to all three argument positions in the passthru command: PHP binary path, script path, and DB-sourced ID tokenspassthru()exit code and propagate subprocess failures into the JSON error payload instead of returning ambiguous empty contentTest plan
mactrack_rescan()andmactrack_site_scan()execute correctly when called with a validdevice_id/site_iddevice_idresults in validation rejection before DB lookup and subprocess launcherrorkey appears in JSON responsemactrack_site_scan(true)correctly passes--webflag to the subprocess after removing theglobal $webclobber🤖 Generated with Claude Code