system: audit staticroute' config access for #10027

2026-05-28 04:34:51 -04:00 · 2026-04-07 16:34:27 +02:00 · 2026-04-07 16:34:27 +02:00 · faa7dab419
commit faa7dab419
parent 700d6a00d2
4 changed files with 4 additions and 8 deletions
--- a/src/etc/inc/plugins.inc.d/pf.inc
+++ b/src/etc/inc/plugins.inc.d/pf.inc
@ -125,10 +125,7 @@ function pf_firewall($fw)
     *  interface in question to avoid problems with complicated routing
     *  topologies
     */
-    if (
-        isset($config['filter']['bypassstaticroutes']) && isset($config['staticroutes']['route']) &&
-        count($config['staticroutes']['route'])
-    ) {
+    if (isset($config['filter']['bypassstaticroutes']) && count(config_read_array('staticroutes', 'route', false))) {
        $ifdetails = $fw->getIfconfigDetails();
        $GatewaysList = $fw->getGateways()->gatewaysIndexedByName(false, true);

--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@ -1158,11 +1158,10 @@ function is_URL($url)

 function get_staticroutes($returnsubnetsonly = false)
 {
-    global $aliastable;
-
    $allstaticroutes = [];
    $allsubnets = [];
-    foreach (config_read_array('staticroutes', 'route') as $route) {
+
+    foreach (config_read_array('staticroutes', 'route', false) as $route) {
        if (is_subnet($route['network'])) {
            $allstaticroutes[] = $route;
            $allsubnets[] = $route['network'];
--- a/src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php
@ -193,6 +193,7 @@ class SettingsController extends ApiMutableModelControllerBase
        return $this->addBase("gateway_item", "gateway_item");
    }

+    /* XXX consider removing $cfg use -- everything should have a model now */
    public function delGatewayAction($uuid)
    {
        $result = ["result" => "failed"];
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
@ -126,7 +126,6 @@ class Alias extends BaseModel
        $sources[] = [['nat', 'outbound', 'rule'], ['destination', 'network']];
        $sources[] = [['nat', 'outbound', 'rule'], ['dstport']];
        $sources[] = [['nat', 'outbound', 'rule'], ['target']];
-        $sources[] = [['staticroutes', 'route'], ['network']];
        $sources[] = [['OPNsense', 'Firewall', 'Filter', 'onetoone', 'rule'], ['source_net']];
        $sources[] = [['OPNsense', 'Firewall', 'Filter', 'onetoone', 'rule'], ['destination_net']];
        $sources[] = [['OPNsense', 'Firewall', 'Filter', 'rules', 'rule'], ['source_net']];