Mon 170625 cma handle tokens allow tls connections with empty tokens #2401

sechkem · 2025-05-28T06:51:52Z

Allow tls connections with empty tokens
REFS: MON-170625

coderabbitai · 2025-05-28T06:51:58Z

Important

Review skipped

Auto reviews are limited to specific labels.

🏷️ Labels to auto review (1)

coderabbit

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

… configuration

github-actions · 2025-05-28T08:19:45Z

Checkmarx One – Scan Summary & Details – 5ddfcab4-8584-48e0-96ef-0255615a757b

New Issues (35)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
Absolute_Path_Traversal	/deps.go: 46	details Method findIncludes at line 46 of /deps.go gets dynamic data from the Text element. This element’s value then flows through the code and is event... `ID: RK2%2BLb98Oswu4gYmI142jVeF2eU%3D` Attack Vector
Relative_Path_Traversal	/deps.go: 46	details Method findIncludes at line 46 of /deps.go gets dynamic data from the Text element. This element’s value then flows through the code and is event... `ID: dPsEiuDBbbdm5J8qyNCnhRhc1hM%3D` Attack Vector
Relative_Path_Traversal	/deps.go: 46	details Method findIncludes at line 46 of /deps.go gets dynamic data from the Text element. This element’s value then flows through the code and is event... `ID: NfqcE75sLnSSGfdgtw8BNpKCEKU%3D` Attack Vector
Buffer_Overflow_AddressOfLocalVarReturned	/inc/com/centreon/engine/string.hh: 46	details The pointer buf at /inc/com/centreon/engine/string.hh in line 46 is being used after it has been freed. `ID: 8oIf%2Bds9YcvteNr8rooP9YHbar8%3D` Attack Vector
Dangerous_Functions	/inc/com/centreon/engine/string.hh: 67	details The dangerous function, strcpy, was found in use at line 67 in /inc/com/centreon/engine/string.hh file. Such functions may expose information and... `ID: I1iiDlyYAGsX9GK2UMvXhr8SRNU%3D` Attack Vector
Dangerous_Functions	/inc/com/centreon/engine/string.hh: 58	details The dangerous function, strcpy, was found in use at line 58 in /inc/com/centreon/engine/string.hh file. Such functions may expose information and... `ID: KM5GMagCVWF2DDb9bog4LA%2BILUU%3D` Attack Vector
Dangerous_Functions	/inc/com/centreon/engine/string.hh: 53	details The dangerous function, strcpy, was found in use at line 53 in /inc/com/centreon/engine/string.hh file. Such functions may expose information and... `ID: zuI0ySBIcfmHg72fpk9Vv6duRHM%3D` Attack Vector
Dangerous_Functions	/inc/com/centreon/engine/string.hh: 52	details The dangerous function, strlen, was found in use at line 52 in /inc/com/centreon/engine/string.hh file. Such functions may expose information and... `ID: g3GuU7lJ%2BgBJceKXPSa7%2Fy7EBII%3D` Attack Vector
Dangerous_Functions	/inc/com/centreon/engine/string.hh: 45	details The dangerous function, strlen, was found in use at line 45 in /inc/com/centreon/engine/string.hh file. Such functions may expose information and... `ID: BimjmDk20b%2BsDmM24ituLHh26SQ%3D` Attack Vector
Dangerous_Functions	/src/retention/contact.cc: 136	details The dangerous function, strlen, was found in use at line 136 in /src/retention/contact.cc file. Such functions may expose information and allow a... `ID: 4MVS6kcM7%2FiDVuwGfiIZX82ChUY%3D` Attack Vector
Dangerous_Functions	/src/logging/broker.cc: 100	details The dangerous function, strncpy, was found in use at line 100 in /src/logging/broker.cc file. Such functions may expose information and allow an ... `ID: g3Iu2AcmXnQN8GZA2yxratd990M%3D` Attack Vector
Dangerous_Functions	/src/exceptions/error.cc: 102	details The dangerous function, strlen, was found in use at line 102 in /src/exceptions/error.cc file. Such functions may expose information and allow an... `ID: f%2Bd6nrUwiY7qE7F4cKpkc8PL%2B8g%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 74	details The dangerous function, strlen, was found in use at line 74 in /src/commands/environment.cc file. Such functions may expose information and allow... `ID: 1sx5%2BPZJrDFDEeK3D1W2WmGeSZM%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 48	details The dangerous function, strlen, was found in use at line 48 in /src/commands/environment.cc file. Such functions may expose information and allow... `ID: Llwfw5wNL%2BCDka835ZByykGHirU%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 47	details The dangerous function, strlen, was found in use at line 47 in /src/commands/environment.cc file. Such functions may expose information and allow... `ID: razwdWkxCwYxvohX90qxjlXECDs%3D` Attack Vector
Dangerous_Functions	/src/compatibility/mmap.cc: 116	details The dangerous function, memcpy, was found in use at line 116 in /src/compatibility/mmap.cc file. Such functions may expose information and allow ... `ID: bQ8x9BHOlswSZlHl1c1Q0dBIqA4%3D` Attack Vector
Dangerous_Functions	/src/exceptions/error.cc: 108	details The dangerous function, memcpy, was found in use at line 108 in /src/exceptions/error.cc file. Such functions may expose information and allow an... `ID: %2BOZsR0tbPdI34vMjBbIaH4g%2BJrA%3D` Attack Vector
Dangerous_Functions	/src/exceptions/error.cc: 71	details The dangerous function, memcpy, was found in use at line 71 in /src/exceptions/error.cc file. Such functions may expose information and allow an ... `ID: QVCsPGCfBRhoyUXiHlRCg2Brz1E%3D` Attack Vector
Dangerous_Functions	/src/exceptions/error.cc: 53	details The dangerous function, memcpy, was found in use at line 53 in /src/exceptions/error.cc file. Such functions may expose information and allow an ... `ID: %2BPZ%2B0blMSi7ZPtxjgRqyxACvHXU%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 179	details The dangerous function, memcpy, was found in use at line 179 in /src/commands/environment.cc file. Such functions may expose information and allo... `ID: fUagmgpAndTY36zxhHIIu3KpAag%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 160	details The dangerous function, memcpy, was found in use at line 160 in /src/commands/environment.cc file. Such functions may expose information and allo... `ID: %2FB9JRllLiCqonXOxrVEBUmNVpKw%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 132	details The dangerous function, memcpy, was found in use at line 132 in /src/commands/environment.cc file. Such functions may expose information and allo... `ID: PpyHDj%2FYlGFQx1OTW2rhtmFoafs%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 130	details The dangerous function, memcpy, was found in use at line 130 in /src/commands/environment.cc file. Such functions may expose information and allo... `ID: 1VwxqSdaLpTHqSxdcWBfThlaCEM%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 105	details The dangerous function, memcpy, was found in use at line 105 in /src/commands/environment.cc file. Such functions may expose information and allo... `ID: 4z3oTNJ7UlZ0h5WyRUYm5kIAV7Q%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 82	details The dangerous function, memcpy, was found in use at line 82 in /src/commands/environment.cc file. Such functions may expose information and allow... `ID: yVLvoz9%2BUAlUMzNzX4xhro1jpu4%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 58	details The dangerous function, memcpy, was found in use at line 58 in /src/commands/environment.cc file. Such functions may expose information and allow... `ID: hKP3Szt3EA%2F%2BSWmZ%2FMSV1bqad1Q%3D` Attack Vector
Dangerous_Functions	/src/commands/environment.cc: 56	details The dangerous function, memcpy, was found in use at line 56 in /src/commands/environment.cc file. Such functions may expose information and allow... `ID: 0w5EGSRlgjryTrkJWdr9qBXbsJE%3D` Attack Vector
Dangerous_Functions	/src/shared.cc: 257	details The dangerous function, memcpy, was found in use at line 257 in /src/shared.cc file. Such functions may expose information and allow an attacker ... `ID: rvccbWDeDABedRUi6S9C%2BdKH010%3D` Attack Vector
Dangerous_Functions	/src/utils.cc: 117	details The dangerous function, strlen, was found in use at line 117 in /src/utils.cc file. Such functions may expose information and allow an attacker t... `ID: qKHGt5iJDPAgklGN3IYhT2vObrE%3D` Attack Vector
Dangerous_Functions	/src/configuration/applier/macros.cc: 41	details The dangerous function, strlen, was found in use at line 41 in /src/configuration/applier/macros.cc file. Such functions may expose information a... `ID: 1Xigj02GREvFH2jCuBVJUNeiAew%3D` Attack Vector
Denial_Of_Service_Resource_Exhaustion	/deps.go: 46	details The resource Text allocated by findIncludes in the file /deps.go at line 46 is prone to resource exhaustion when used by main in the file /deps.g... `ID: E3vCOMD5l1Xkqqxa1qGrYM2YuXk%3D` Attack Vector
Denial_Of_Service_Resource_Exhaustion	/deps.go: 46	details The resource Text allocated by findIncludes in the file /deps.go at line 46 is prone to resource exhaustion when used by findIncludes in the file ... `ID: EMg9XhskDW6O2FlSCherWBg7Lpg%3D` Attack Vector
Denial_Of_Service_Resource_Exhaustion	/deps.go: 46	details The resource Text allocated by findIncludes in the file /deps.go at line 46 is prone to resource exhaustion when used by findIncludes in the file ... `ID: lt6OgBs9K9DjBcbLNr7x%2FtuZWNk%3D` Attack Vector
Denial_Of_Service_Resource_Exhaustion	/deps.go: 46	details The resource Text allocated by findIncludes in the file /deps.go at line 46 is prone to resource exhaustion when used by unique in the file /deps... `ID: uox7RMIkgbUFoiSorv7KBHZfzZM%3D` Attack Vector
Denial_Of_Service_Resource_Exhaustion	/deps.go: 46	details The resource Text allocated by findIncludes in the file /deps.go at line 46 is prone to resource exhaustion when used by findIncludes in the file ... `ID: HR9h5UyR2Jui1yGrmqIl6MNNrDU%3D` Attack Vector

…2401) * fix(engine): for encryption , make sure to test the metadata client * fix(grpc): validate certificate and key presence for encrypted server configuration * feat(engine): add connection without trusted token * fix(test): encryption to full * fix(test): for tls the cert/key are mandatory * fix(test): disable test missing header for windows

…2401) (#2414) * feat(engine): add connection without trusted token REFS: MON-170625

…2401) * fix(engine): for encryption , make sure to test the metadata client * fix(grpc): validate certificate and key presence for encrypted server configuration * feat(engine): add connection without trusted token * fix(test): encryption to full * fix(test): for tls the cert/key are mandatory * fix(test): disable test missing header for windows

* Mon 170625 cma handle tokens allow tls connections with empty tokens (#2401) REFS: MON-170625

sechkem self-assigned this May 28, 2025

sechkem requested review from a team as code owners May 28, 2025 06:51

sechkem requested review from omercier and jean-christophe81 and removed request for a team May 28, 2025 06:51

sechkem added 3 commits May 28, 2025 07:52

fix(engine): for encryption , make sure to test the metadata client

cc429bd

fix(grpc): validate certificate and key presence for encrypted server…

d2c4763

… configuration

feat(engine): add connection without trusted token

7b35b5f

sechkem force-pushed the MON-170625-cma-handle-tokens-allow-tls-connections-with-empty-tokens branch from a17a625 to 7b35b5f Compare May 28, 2025 06:52

github-actions bot added skip-workflow-centreon-collect skip-workflow-monitoring-agent labels May 28, 2025

github-actions bot added the skip-workflow-engine-analysis label May 28, 2025

sechkem added 2 commits May 28, 2025 12:04

fix(test): encryption to full

479d7b5

fix(test): for tls the cert/key are mandatory

fc6dd3f

github-actions bot added skip-workflow-engine-analysis and removed skip-workflow-engine-analysis labels May 28, 2025

fix(test): disable test missing header for windows

5ac1ebd

github-actions bot added skip-workflow-engine-analysis and removed skip-workflow-engine-analysis labels May 28, 2025

sechkem added skip-cherry-pick and removed skip-cherry-pick labels Jun 2, 2025

jean-christophe81 approved these changes Jun 2, 2025

View reviewed changes

pkippes merged commit 0950f36 into release-25.05-next Jun 2, 2025
48 of 54 checks passed

pkippes deleted the MON-170625-cma-handle-tokens-allow-tls-connections-with-empty-tokens branch June 2, 2025 12:49

sechkem added a commit that referenced this pull request Jun 5, 2025

Mon 170625 cma handle tokens allow tls connections with empty tokens (#…

18fd47d

…2401) (#2414) * feat(engine): add connection without trusted token REFS: MON-170625

sechkem added a commit that referenced this pull request Jun 9, 2025

refactor(engine/agent): allow tls connections with empty tokens (#2431)

aeb851d

* Mon 170625 cma handle tokens allow tls connections with empty tokens (#2401) REFS: MON-170625

bouda1 pushed a commit that referenced this pull request Jun 27, 2025

refactor(engine/agent): allow tls connections with empty tokens (#2431)

cacd772

* Mon 170625 cma handle tokens allow tls connections with empty tokens (#2401) REFS: MON-170625

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Mon 170625 cma handle tokens allow tls connections with empty tokens #2401

Mon 170625 cma handle tokens allow tls connections with empty tokens #2401

Uh oh!

Uh oh!

Review skipped

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (`.coderabbit.yaml`)

Documentation and Community

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Mon 170625 cma handle tokens allow tls connections with empty tokens #2401

Mon 170625 cma handle tokens allow tls connections with empty tokens #2401

Uh oh!

Conversation

Uh oh!

Review skipped

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

CodeRabbit Configuration File (`.coderabbit.yaml`)