vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
4,929 Commits 8 Branches 55 Tags
7015ba2f8656386252ea8143e18cdf36a353a829
Commit Graph

4929 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Adam Outler
a7f5eebd26 Make it easier to find the corresponding files 2025-09-19 14:32:17 -04:00
jokob-sk
75904848f5 Merge branch 'main' of https://github.com/jokob-sk/NetAlertX 2025-09-18 16:00:11 +10:00
Claude Code
874b9b070e Security: Fix SQL injection vulnerabilities (Issue #1179) 
This commit addresses multiple SQL injection vulnerabilities identified in the NetAlertX codebase:

1. **Primary Fix - reporting.py datetime injection**:
   - Fixed f-string SQL injection in down_devices section (line 98)
   - Replaced direct interpolation with validated integer casting
   - Added proper timezone offset handling

2. **Code Quality Improvements**:
   - Fixed type hint error in helper.py (datetime.datetime vs datetime)
   - Added security documentation and comments
   - Created comprehensive security test suite

3. **Security Enhancements**:
   - Documented remaining condition-based injection risks
   - Added input validation for numeric parameters
   - Implemented security testing framework

**Impact**: Prevents SQL injection attacks through datetime parameters
**Testing**: All security tests pass, including syntax validation
**Compliance**: Addresses security scan findings (Ruff S608)

Fixes #1179

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-17 22:26:47 -07:00
Jokob @NetAlertX
d58471f713 Merge pull request #1176 from ingoratsdorf/plugin_events-fix
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
clearPluginEvents
 2025-09-18 08:37:34 +10:00
Ingo Ratsdorf
a51d0e72c7 DRY fix 
avoiding repeat code in notification_instance.
Still a refactor would be great as the plugins_events table is getting filled in plugin.py and thus should be cleared in there.
 2025-09-17 08:58:02 +12:00
jokob-sk
94254a14eb Merge branch 'main' of https://github.com/jokob-sk/NetAlertX 2025-09-16 07:20:16 +10:00
jokob-sk
ddfa69a3ae OMADA superseded message 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-09-16 07:20:05 +10:00
jokob-sk
14f40099c3 install 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-09-16 07:19:45 +10:00
Jokob @NetAlertX
e492ba27a4 Merge pull request #1177 from adamoutler/patch-2
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
provide more descriptive reason for failure
 2025-09-16 06:37:44 +10:00
Adam Outler
a478ab69e6 provide more descriptive reason for failure 2025-09-15 15:59:40 -04:00
Ingo Ratsdorf
8cbfd04db6 Renamed sub for readability 2025-09-16 07:49:17 +12:00
Ingo Ratsdorf
750fb33e1c clearPluginObjects 
added sub to be called during main loop to clear plugins_objects table
 2025-09-15 15:54:51 +12:00
Ingo Ratsdorf
a20058a884 Merge branch 'jokob-sk:main' into mqtt-optimisations 2025-09-15 15:24:56 +12:00
jokob-sk
f8eaec091c Merge branch 'main' of https://github.com/jokob-sk/NetAlertX 2025-09-14 10:51:26 +10:00
jokob-sk
67e89b55a7 install 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-09-14 10:51:21 +10:00
Jokob @NetAlertX
aee93c0e24 Merge pull request #1174 from ingoratsdorf/installer-rework
Some checks failed
Deploy MkDocs / deploy (push) Has been cancelled
Details
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details 
Installer rework
 2025-09-14 10:16:38 +10:00
Ingo Ratsdorf
3a4235a661 Merge branch 'installer-rework' of https://github.com/ingoratsdorf/NetAlertX into installer-rework 2025-09-13 18:25:27 +12:00
Ingo Ratsdorf
2762e8a30d fixing out of memory issues 
TMPFS runs out of memory, so removing size limits.
Fixing some order of execution
 2025-09-13 18:25:22 +12:00
Ingo Ratsdorf
e6daa33bca Fixes and tidy-ups 
Some Flak8 fixes, some adjustments to logging levels, ie warnings and errors
 2025-09-13 18:19:10 +12:00
Jokob @NetAlertX
9482e7a720 Merge pull request #1173 from ingoratsdorf/installer-rework
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Bare metal Installer rework
 2025-09-12 16:04:22 +10:00
Ingo Ratsdorf
8f00a28454 Numbering sequence corrected 2025-09-12 15:40:51 +12:00
Ingo Ratsdorf
e00f26658b CodeRabbit suggestions 2025-09-12 15:16:25 +12:00
Ingo Ratsdorf
9943c98055 DOC updates 2025-09-12 14:55:30 +12:00
Jokob @NetAlertX
1601c10025 Merge pull request #1170 from cvc90/NetAlertX-Changing-absolute-path-url-to-relative-path-url-in-deviceDetailsTools-php
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Changing absolute path URL to relative path URL in deviceDetailsTools.php
 2025-09-12 08:09:39 +10:00
Carlos V.
3298f79c44 Merge branch 'jokob-sk:main' into NetAlertX-Changing-absolute-path-url-to-relative-path-url-in-deviceDetailsTools-php 2025-09-11 23:22:29 +02:00
Jokob @NetAlertX
6c79c04e9c Merge pull request #1169 from ingoratsdorf/db-caching 
DB functions tidyup and streamlining
 2025-09-12 05:59:57 +10:00
Jokob @NetAlertX
ad9babd349 Merge pull request #1171 from cvc90/NetAlertX-Adding-user-agent-header-in-website_monitor-script-py 
Add custom User-Agent header to requests in website monitor script
 2025-09-12 05:59:28 +10:00
Ingo Ratsdorf
e0ffe8b424 Delete old Debian12 files 2025-09-11 21:11:04 +12:00
Ingo Ratsdorf
db42d7f577 Installer-rework 
split installer structure into systems, updated non-functional Debian12 installer with some minor fixes to Ubuntu24 installer.
Updated docs.
 2025-09-11 21:07:18 +12:00
Ingo Ratsdorf
786ae9305d Merge branch 'jokob-sk:main' into db-caching 2025-09-11 16:59:31 +12:00
Carlos V.
a823301862 Update script.py 
Added user-agent header
 2025-09-11 03:58:52 +02:00
Carlos V.
de20a2621c Update deviceDetailsTools.php 
Change static route to relative route in URL for proper proxy operation
 2025-09-11 03:38:25 +02:00
Ingo Ratsdorf
1874a5e641 CodeRabbit suggestionns 
Added some of the hand picked suggestions, including some outside of the previous changes.
Some will improve documentation, some readability and some will affect performance.
 2025-09-11 10:24:55 +12:00
Jokob @NetAlertX
3653d2efd0 Merge pull request #1166 from ingoratsdorf/ubuntu
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Ubuntu installer
 2025-09-11 07:04:36 +10:00
Ingo Ratsdorf
f1e9ca2540 Merge branch 'jokob-sk:main' into db-caching 2025-09-11 07:24:18 +12:00
Ingo Ratsdorf
3390384ce3 DB functions tidyup 
Added PRAGMAs for better DB performance on open. Integrated some Fake8 comments and eliminated some looping with more efficient pyton functions.
 2025-09-10 18:22:05 +12:00
Jokob @NetAlertX
cb63dd1765 Merge pull request #1167 from ingoratsdorf/db-work
Some checks failed
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details
Code checks / check-url-paths (push) Has been cancelled
Details 
DB result iteration fix on empty result
 2025-09-10 12:15:33 +10:00
Ingo Ratsdorf
ccec89f419 Final fix 2025-09-10 12:38:33 +12:00
Ingo Ratsdorf
7f7b0a328f Another fix to get_table_json 
IIteration error is not a SQL error, so gotta catch generic errors, too
 2025-09-10 12:32:23 +12:00
Ingo Ratsdorf
24eaf1e143 fixed get_table_json 
This would throw a subsequent error
['[Database] - get_table_as_json ERROR:', TypeError("'NoneType' object is not iterable")]
 2025-09-10 12:25:30 +12:00
Ingo Ratsdorf
99981754c9 Some more fixes 2025-09-10 11:54:05 +12:00
Ingo Ratsdorf
d31af28f08 Minor updates 
Fixes typo in start.ubuntu.sh
Redirects output of python server to /dev/null
to avoid I/O errors if started from SSH for example
 2025-09-10 11:44:41 +12:00
Ingo Ratsdorf
2836996a21 Update server/db/db_helper.py 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-10 10:21:32 +12:00
Ingo Ratsdorf
db43ab9cf6 Fixes 
Removed 'sudo' from all calls as the script already needs to run as sudo so it's pointless
 2025-09-10 10:19:30 +12:00
Ingo Ratsdorf
a94c6a291e DB result iteration fix on empty result 
get_table_json would throw exceptions when trying to iterate over a NONE result, ie SQL query returned empty result.
 2025-09-10 09:28:45 +12:00
Ingo Ratsdorf
c6f0614570 Update install/ubuntu/start.ubuntu.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-10 09:11:04 +12:00
Ingo Ratsdorf
f64cd9ea28 Update install/ubuntu/start.ubuntu.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-10 08:57:56 +12:00
Ingo Ratsdorf
2482289ad6 Update install/ubuntu/start.ubuntu.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-10 08:57:08 +12:00
Ingo Ratsdorf
7863ab3b03 Update install/ubuntu/start.ubuntu.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-10 08:52:14 +12:00
Ingo Ratsdorf
b0d117c3b8 Update install/ubuntu/install.ubuntu.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-10 08:49:48 +12:00