Project

General

Profile

Actions

Bug #12257

closed

Route data collection method on ``diag_routes.php`` has multiple issues

Added by Jim Pingle over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Routing
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

The way that route data is collected for presentation in the GUI on diag_routes.php has multiple problems, including:

  • The use of sed appears to be unnecessary, and using sed in this way without severely limiting the filtering character set is a security issue as sed commands can be used which can perform unintended actions such as overwriting files or changing the output of the command in other problematic ways
  • The AJAX request uses POST but the code allows parameters to be sent via GET instead which is unnecessary and potentially problematic (see previous point).
  • The AJAX request to fetch route data runs every 5 seconds, which seems too frequent since the route table rarely changes that fast, and the user can click the 'Update' button to trigger a manual refresh. 15 seconds seems more reasonable.
  • The data returned by AJAX includes the headers of netstat output and draws the table dynamically. As a consequence these headers lack gettext() translations, and some of the values are not ideal (e.g. output has "Mtu" instead of "MTU")
  • The table contains only some of the necessary attributes to be sortable, so sorting doesn't work as the specification is not complete.
Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle over 2 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions #4

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

This has been working well, and the changes have been reviewed by the original reporter of the problem as well. See also: #12265

Actions #5

Updated by Jim Pingle about 2 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF