new plugin for Ubiquiti UAP support

[rmorandell-pgum]

Community contributors

Description

New plugin for Ubiquiti access points "UAP"

Modes Available:

• cpu (standard)
• interfaces (standard)
• list-interfaces (standard)
• list-radios
• list-virtual-aps
• load (standard)
• memory (standard)
• radio-health
• uptime (standard)
• virtual-ap-health

Type of change

• Patch fixing an issue (non-breaking change)
• New functionality (non-breaking change)
• Functionality enhancement or optimization (non-breaking change)
• Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

UI-Combined-MIB.zip

ubiquiti-uap.github.snmpwalk.zip

Checklist

• I have followed the coding style guidelines provided by Centreon
• I have commented my code, especially hard-to-understand areas of the PR.
• I have rebased my development branch on the base branch (develop).
• I have provide data or shown output displaying the result of this code in the plugin area concerned.

---

Centreon team (internal PR)

Description

PLEASE MAKE SURE THAT THE BRANCH PR INCLUDES JIRA TICKET ID

Please include a short resume of the changes and what is the purpose of this pull request.
Any relevant information should be added to help reviewers to understand what are the stakes
of the pull request.

Fixes # (issue)
If you are fixing a github Issue already existing, mention it here.
If you are fixing one or more JIRA ticket, mention it here too.

Type of change

• Patch fixing an issue (non-breaking change)
• New functionality (non-breaking change)
• Functionality enhancement or optimization (non-breaking change)
• Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

Please describe the procedure to verify that the goal of the PR is matched.
Provide clear instructions so that it can be correctly tested.
Mention the automated tests included in this FOR (what they test like mode/option combinations).

Checklist

• I have followed the coding style guidelines provided by Centreon
• I have commented my code, especially hard-to-understand areas of the PR.
• I have rebased my development branch on the base branch (develop).
• In case of a new plugin, I have created the new packaging directory accordingly.
• I have implemented automated tests related to my commits.
  • Data used for automated tests are anonymized.
• I have reviewed all the help messages in all the .pm files I have modified.
  • All sentences begin with a capital letter.
  • All sentences end with a period.
  • I am able to understand all the help messages, if not, exchange with the PO or TW to rewrite them.
• After having created the PR, I will make sure that all the tests provided in this PR have run and passed.

Summary by Aikido

Security Issues: 0	🔍 Quality Issues: 7	Resolved Issues: 0

🚀 New Features

• Added new Ubiquiti UAP SNMP plugin with multiple monitoring modes.
• Implemented listing modes for radios and virtual access points.
• Implemented health modes for radios and virtual access points.

^{More info}

[aikido-pr-checks]

Directly interpolating --filter-name into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​The code is attempting to filter SNMP results using user-provided --filter-name, --filter-radio, and --filter-usage values by interpolating them directly into regex matches. This allows untrusted input to control the regex pattern, which can cause regex injection or catastrophic backtracking (ReDoS) and unintended matches. Escaping or validating the input before use or using safe matching APIs would reduce risk.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Directly interpolating --filter-radio into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​The code filters by radio using user-provided --filter-radio interpolated directly into a regex. This exposes the matching to attacker-controlled patterns (injection or ReDoS). Input should be validated or escaped before building regex patterns.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Directly interpolating --filter-usage into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​The code filters by usage using user-provided --filter-usage interpolated directly into a regex. This permits injection of arbitrary regex patterns and potential ReDoS. Use escaping or stricter validation to mitigate.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Directly interpolating --filter-name into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​In manage_selection the --filter_name option is applied by interpolating its value into a regex check against result->{name}. This exposes regex injection / ReDoS risks from untrusted user input. Escape or validate before use.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Directly interpolating --filter-name into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​User-provided --filter-name is used directly in a regex to filter radio names. Unvalidated input controlling regex can lead to injection or ReDoS. Prefer escaping or validating the provided pattern.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Directly interpolating --filter-radio into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​The code uses --filter-radio directly inside a regex match for radio values. This is user-controlled input used as a regex and can enable regex injection or ReDoS. Use escaping or restrict allowed characters/patterns.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Directly interpolating --filter-name into /.../ allows regex injection/ReDoS. Escape (quotemeta) or validate the filter before using it in a regex match.

Details

✨ AI Reasoning
​The code uses user-supplied --filter-name in a regex to filter VAP names without escaping. This could enable regex injection or ReDoS from crafted input. Input should be sanitized or escaped (e.g., quotemeta) before usage.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}