• Joshua Tauberer's avatar
    simplify how munin-cgi-graph is called to reduce the attack surface area · 35a360ef
    Joshua Tauberer authored
    Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
    
    Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
    35a360ef
Name
Last commit
Last update
..
templates Loading commit data...
auth.py Loading commit data...
backup.py Loading commit data...
csr_country_codes.tsv Loading commit data...
daemon.py Loading commit data...
daily_tasks.sh Loading commit data...
dns_update.py Loading commit data...
email_administrator.py Loading commit data...
mail_log.py Loading commit data...
mailconfig.py Loading commit data...
ssl_certificates.py Loading commit data...
status_checks.py Loading commit data...
utils.py Loading commit data...
web_update.py Loading commit data...