From faa7dab4190eb501142b0f63dc0a6e93bd650628 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Tue, 7 Apr 2026 16:34:27 +0200
Subject: [PATCH] system: audit staticroute' config access for #10027

---
 src/etc/inc/plugins.inc.d/pf.inc                             | 5 +----
 src/etc/inc/util.inc                                         | 5 ++---
 .../controllers/OPNsense/Routing/Api/SettingsController.php  | 1 +
 src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php      | 1 -
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/pf.inc b/src/etc/inc/plugins.inc.d/pf.inc
index 1095eb8096..8a21b27efe 100644
--- a/src/etc/inc/plugins.inc.d/pf.inc
+++ b/src/etc/inc/plugins.inc.d/pf.inc
@@ -125,10 +125,7 @@ function pf_firewall($fw)
      *  interface in question to avoid problems with complicated routing
      *  topologies
      */
-    if (
-        isset($config['filter']['bypassstaticroutes']) && isset($config['staticroutes']['route']) &&
-        count($config['staticroutes']['route'])
-    ) {
+    if (isset($config['filter']['bypassstaticroutes']) && count(config_read_array('staticroutes', 'route', false))) {
         $ifdetails = $fw->getIfconfigDetails();
         $GatewaysList = $fw->getGateways()->gatewaysIndexedByName(false, true);
 
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index 8df2eb79cf..ed9d5c61e4 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -1158,11 +1158,10 @@ function is_URL($url)
 
 function get_staticroutes($returnsubnetsonly = false)
 {
-    global $aliastable;
-
     $allstaticroutes = [];
     $allsubnets = [];
-    foreach (config_read_array('staticroutes', 'route') as $route) {
+
+    foreach (config_read_array('staticroutes', 'route', false) as $route) {
         if (is_subnet($route['network'])) {
             $allstaticroutes[] = $route;
             $allsubnets[] = $route['network'];
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php
index 3f53074c7c..5608a550fa 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php
@@ -193,6 +193,7 @@ class SettingsController extends ApiMutableModelControllerBase
         return $this->addBase("gateway_item", "gateway_item");
     }
 
+    /* XXX consider removing $cfg use -- everything should have a model now */
     public function delGatewayAction($uuid)
     {
         $result = ["result" => "failed"];
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
index 19d4f70e6c..2bd2db82c4 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
@@ -126,7 +126,6 @@ class Alias extends BaseModel
         $sources[] = [['nat', 'outbound', 'rule'], ['destination', 'network']];
         $sources[] = [['nat', 'outbound', 'rule'], ['dstport']];
         $sources[] = [['nat', 'outbound', 'rule'], ['target']];
-        $sources[] = [['staticroutes', 'route'], ['network']];
         $sources[] = [['OPNsense', 'Firewall', 'Filter', 'onetoone', 'rule'], ['source_net']];
         $sources[] = [['OPNsense', 'Firewall', 'Filter', 'onetoone', 'rule'], ['destination_net']];
         $sources[] = [['OPNsense', 'Firewall', 'Filter', 'rules', 'rule'], ['source_net']];