feat(validator): add settings constraint validation pilot#7077
Open
somethingwithproof wants to merge 11 commits into
Open
feat(validator): add settings constraint validation pilot#7077somethingwithproof wants to merge 11 commits into
somethingwithproof wants to merge 11 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a Symfony Validator–backed “settings constraints” pilot to centralize and enforce validation for a targeted subset of high-value settings at save time in the Cacti web UI.
Changes:
- Introduces
lib/CactiSettings::validate()to run Symfony constraints declared alongside settings definitions. - Adds
constraintsdeclarations to selected entries ininclude/global_settings.phpand validates insettings.phpbefore any DB writes. - Adds unit tests for validation behavior plus a short migration/how-to doc.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
composer.json |
Adds symfony/validator dependency. |
lib/CactiSettings.php |
New validator wrapper: flattens settings definitions and returns first violation per setting. |
include/global_settings.php |
Adds Assert constraints to selected settings definitions. |
settings.php |
Runs validation before persisting settings; surfaces violations via raise_message(). |
tests/Unit/CactiSettingsTest.php |
Pest unit coverage for input shapes and constraint types. |
docs/security/settings-validation.md |
Documents the new constraints pattern and how to extend it. |
| @@ -22,6 +22,8 @@ | |||
| +-------------------------------------------------------------------------+ | |||
| */ | |||
|
|
|||
There was a problem hiding this comment.
include/global.php requires include/global_settings.php before include/vendor/autoload.php. These new Symfony Constraint instantiations will therefore fatal with ClassNotFound during bootstrap. Load Composer autoload before global_settings.php (preferred), or add an explicit autoload require before using Assert constraints here.
Suggested change
| if (file_exists(CACTI_PATH_INCLUDE . '/vendor/autoload.php')) { | |
| require_once(CACTI_PATH_INCLUDE . '/vendor/autoload.php'); | |
| } |
Contributor
Author
There was a problem hiding this comment.
Fixed — global_settings.php guards its own require_once of vendor/autoload.php before instantiating any Symfony constraints.
Comment on lines
+1021
to
+1023
| 'constraints' => [ | ||
| new Assert\Regex(pattern: '/^\d+$/', message: 'must be a positive integer (milliseconds).'), | ||
| new Assert\Range(min: 1, max: 600000), |
There was a problem hiding this comment.
These custom constraint messages are user-facing but not wrapped with Cacti i18n helpers. Consider wrapping them with __('...') (or __esc at render time) so translated UIs don't show raw English strings.
Contributor
Author
There was a problem hiding this comment.
Fixed — all custom constraint messages now use __().
Comment on lines
+1559
to
+1561
| 'constraints' => [ | ||
| new Assert\Choice(choices: ['10', '15', '20', '30', '60', '300', 10, 15, 20, 30, 60, 300]), | ||
| ], |
There was a problem hiding this comment.
These Assert\Choice lists duplicate the canonical interval values already held in $poller_intervals. Hard-coding the choices here risks drift if the array changes; consider deriving the allowed choices from array_keys($poller_intervals) (string+int forms) instead.
Contributor
Author
There was a problem hiding this comment.
Fixed — choices now derived from array_keys($GLOBALS['poller_intervals']) with string coercion, so they track the canonical array.
Comment on lines
+1569
to
+1571
| 'constraints' => [ | ||
| new Assert\Choice(choices: ['60', '300', 60, 300]), | ||
| ], |
There was a problem hiding this comment.
These Assert\Choice lists duplicate the canonical interval values already held in $cron_intervals. Hard-coding the choices here risks drift if the array changes; consider deriving the allowed choices from array_keys($cron_intervals) (string+int forms) instead.
Contributor
Author
There was a problem hiding this comment.
Fixed — same pattern applied for cron_intervals.
| 'default' => '1' | ||
| 'default' => '1', | ||
| 'constraints' => [ | ||
| new Assert\Regex(pattern: '/^\d+$/', message: 'must be a positive integer id.'), |
There was a problem hiding this comment.
This custom constraint message is user-facing but not wrapped with Cacti i18n helpers. Consider message: __('...') so translated UIs don't show raw English strings.
Suggested change
| new Assert\Regex(pattern: '/^\d+$/', message: 'must be a positive integer id.'), | |
| new Assert\Regex(pattern: '/^\d+$/', message: __('must be a positive integer id.')), |
Comment on lines
+103
to
+106
| private static function validator() : ValidatorInterface { | ||
| if (self::$validator === null) { | ||
| self::$validator = Validation::createValidator(); | ||
| } |
There was a problem hiding this comment.
Validation::createValidator() is built without a Translator, so any default Symfony constraint messages (e.g. NotBlank/Length/Range) will render in English regardless of Cacti locale. If these messages are intended to be user-facing in settings.php, consider either supplying translated 'message'/'*Message' options (using __()) for every constraint, or wiring a Translator into the validator builder.
Contributor
Author
There was a problem hiding this comment.
Acknowledged — wiring a Translator is deferred; a code comment documents the limitation and the planned follow-up.
Comment on lines
+1033
to
+1035
| 'constraints' => [ | ||
| new Assert\Regex(pattern: '/^\d+$/', message: 'must be a non-negative integer.'), | ||
| new Assert\Range(min: 0, max: 100), |
There was a problem hiding this comment.
These custom constraint messages are user-facing but not wrapped with Cacti i18n helpers. Consider wrapping them with __('...') so translated UIs don't show raw English strings.
Contributor
Author
There was a problem hiding this comment.
Fixed — __() wrappers added throughout.
| 'size' => 40, | ||
| 'constraints' => [ | ||
| new Assert\NotBlank(), | ||
| new Assert\Regex(pattern: '#^([A-Za-z]:\\\\|/)#', message: 'must be an absolute path.'), |
There was a problem hiding this comment.
This regex constraint uses a custom user-facing message that's not wrapped for translation. Consider message: __('...') so it participates in Cacti i18n.
Suggested change
| new Assert\Regex(pattern: '#^([A-Za-z]:\\\\|/)#', message: 'must be an absolute path.'), | |
| new Assert\Regex(pattern: '#^([A-Za-z]:\\\\|/)#', message: __('must be an absolute path.')), |
| 'size' => 5 | ||
| 'size' => 5, | ||
| 'constraints' => [ | ||
| new Assert\Regex(pattern: '/^\d+$/', message: 'must be a positive integer.'), |
There was a problem hiding this comment.
These custom constraint messages are user-facing but not wrapped with Cacti i18n helpers. Consider wrapping them with __('...') so translated UIs don't show raw English strings.
Suggested change
| new Assert\Regex(pattern: '/^\d+$/', message: 'must be a positive integer.'), | |
| new Assert\Regex(pattern: '/^\d+$/', message: __('must be a positive integer.')), |
Comment on lines
+1349
to
+1359
| $errors = []; | ||
| $inserts = []; | ||
|
|
||
| require_once(CACTI_PATH_LIBRARY . '/CactiSettings.php'); | ||
|
|
||
| $violations = CactiSettings::validate($_POST, $settings); | ||
|
|
||
| if (cacti_sizeof($violations) > 0) { | ||
| foreach ($violations as $name => $message) { | ||
| $_SESSION['sess_error_fields'][$name] = $name; | ||
| $_SESSION['sess_field_values'][$name] = isset($_POST[$name]) && is_scalar($_POST[$name]) ? $_POST[$name] : ''; |
There was a problem hiding this comment.
This introduces direct $_POST access in the web save handler, while the rest of settings.php uses the request-var helpers (grv/gnrv/isrv) and their caching/normalization. Consider passing a request-var map built from gnrv()/get_nfilter_request_var() (or at least $_REQUEST) into CactiSettings::validate() and using the same source when storing sess_field_values.
Suggested change
| $errors = []; | |
| $inserts = []; | |
| require_once(CACTI_PATH_LIBRARY . '/CactiSettings.php'); | |
| $violations = CactiSettings::validate($_POST, $settings); | |
| if (cacti_sizeof($violations) > 0) { | |
| foreach ($violations as $name => $message) { | |
| $_SESSION['sess_error_fields'][$name] = $name; | |
| $_SESSION['sess_field_values'][$name] = isset($_POST[$name]) && is_scalar($_POST[$name]) ? $_POST[$name] : ''; | |
| $errors = []; | |
| $inserts = []; | |
| $request_vars = []; | |
| require_once(CACTI_PATH_LIBRARY . '/CactiSettings.php'); | |
| foreach ($settings as $tab => $page) { | |
| foreach ($page as $field_name => $field_array) { | |
| if (isrv($field_name)) { | |
| $request_vars[$field_name] = gnrv($field_name); | |
| } | |
| } | |
| } | |
| $violations = CactiSettings::validate($request_vars, $settings); | |
| if (cacti_sizeof($violations) > 0) { | |
| foreach ($violations as $name => $message) { | |
| $_SESSION['sess_error_fields'][$name] = $name; | |
| $_SESSION['sess_field_values'][$name] = isset($request_vars[$name]) && is_scalar($request_vars[$name]) ? $request_vars[$name] : ''; |
Contributor
Author
There was a problem hiding this comment.
Fixed — settings.php save handler uses gnrv() throughout; no direct $_POST access.
somethingwithproof
force-pushed
the
feat/develop-symfony-validator-settings
branch
from
4a6b642 to
d35e9cc
Compare
Routes saved settings through Symfony Validator so include/global_settings.php can declare per-setting constraints inline. The save handler runs one validator pass and surfaces violations via the existing raise_message() pattern, replacing scattered ad-hoc checks. Pilot covers 12 high-value settings; the rest stay on the existing implicit form-render checks. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
force-pushed
the
feat/develop-symfony-validator-settings
branch
from
d35e9cc to
293461c
Compare
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…declarations Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…toload) Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
added a commit
to somethingwithproof/cacti
that referenced
this pull request
May 8, 2026
Cacti Commit Audit fails on develop with 11 PHPStan errors that are not yet in phpstan-baseline.neon. Append the matching entries so the PR-A branch passes Run PHPStan at Level 6. Same set of entries already exists on PR Cacti#7077; this is a transient catch-up that upstream will absorb when those entries land on develop. Files: aggregate_graphs.php, color_templates.php, graph_templates.php, graphs.php, lib/html.php (3 entries). Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
added a commit
to somethingwithproof/cacti
that referenced
this pull request
May 8, 2026
Match the flat un-namespaced lib/CactiX.php convention used by Cacti#7088, Cacti#7073, Cacti#7077, Cacti#7075. Drop symfony/process (added by Cacti#7073) and symfony/validator (added by Cacti#7077) to avoid composer.json conflicts at merge time. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
added a commit
to somethingwithproof/cacti
that referenced
this pull request
May 8, 2026
Match the un-namespaced lib/CactiX.php convention used by canonical PRs (Cacti#7088 CactiProcess, Cacti#7073 CactiMime, Cacti#7077 CactiSettings, Cacti#7075 CactiApplication/CactiCommand). The previous nested PSR-4 namespace required composer autoload changes that conflicted with those PRs. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
added a commit
to somethingwithproof/cacti
that referenced
this pull request
May 8, 2026
Rename lib/Security/CactiOAuth.php to lib/CactiOAuth.php and drop the Cacti\Security namespace. Update the two callers (oauth2.php and lib/functions.php mailer) to use the unqualified class name. Behavior is unchanged: only the FQCN was rewritten. The flat layout matches every other lib/Cacti*.php class on develop and in the canonical PRs (Cacti#7088, Cacti#7073, Cacti#7077, Cacti#7075). Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
This was referenced May 8, 2026
Contributor
Author
TheWitness
added a commit
that referenced
this pull request
May 12, 2026
…7124) * test: shared hand-off + mutation infrastructure for feature PRs Consolidates infection/infection dev dep, allow-plugins entry, baseline infection.json5, tests/HandOff/HandOffHelpers.php with reusable stubs (cacti_log capture, temp-file fixtures, minimal-zip builder), HandOff testsuite registration, and the documented pattern. Feature PRs that add hand-off coverage rebase onto this and contribute only ONE HandOffTest file plus an optional infection.json5 filter override. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * test: consolidate per-feature hand-off suites into shared infra Each test guards on its feature file and skips when not present on develop. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * fix(test): replace eval stub, unify log buffer ref, guard ZipArchive add Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * fix(ci): correct infection vendor path in infection.json5 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * ci(phpstan): baseline upstream undefined-variable and isset errors Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * test: add HandOff and Integration testsuites; add regression guards - phpunit.xml: add Integration testsuite alongside existing Unit/HandOff - tests/Integration/: DbDumpIntegrationTest, PingIntegrationTest (from develop), CactiProcessIntegrationTest, SqlScriptsIntegrationTest - tests/HandOff/RegressionGuardTest: guards against backsliding on shell_exec, password-in-argv, RLIKE concat, and open-redirect patterns Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * chore(test): pest test infrastructure and PSR-4 autoload Add Pest 2 dev dependency, regenerate composer.lock under PHP 8.1, declare PSR-4 autoload for the Cacti namespace, and seed the test bootstrap with three unit tests plus an orb integration check. Pest stays on the v2 line because v3 transitively requires PHP 8.2 and breaks the 8.1 matrix entry. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * chore(phpstan): catch up baseline with 11 upstream-detected entries Cacti Commit Audit fails on develop with 11 PHPStan errors that are not yet in phpstan-baseline.neon. Append the matching entries so the PR-A branch passes Run PHPStan at Level 6. Same set of entries already exists on PR #7077; this is a transient catch-up that upstream will absorb when those entries land on develop. Files: aggregate_graphs.php, color_templates.php, graph_templates.php, graphs.php, lib/html.php (3 entries). Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * chore(test): drop composer.lock; let CI resolve per PHP version The lock file pinned brianium/paratest v7.3.1 which only supports PHP 8.1-8.3, so the 8.4 matrix entry rejected the lock with "Your lock file does not contain a compatible set of packages". A single lock cannot satisfy 8.1 (paratest 7.3.x) and 8.4 (paratest 7.4.x) at the same time because pestphp/pest 2.36.0 is the last 2.x release that supports 8.1 and the 8.1-compatible paratest tag predates 8.4 support. Match upstream develop's behaviour: no committed lock; let `composer install` in CI resolve per matrix entry. Pest stays on the v2 line in composer.json so 8.1 still gets a compatible Pest. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * fix(test): apply Copilot review feedback for test infra Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * chore(test): drop psr-4 autoload and align deps with canonical PRs Match the flat un-namespaced lib/CactiX.php convention used by #7088, #7073, #7077, #7075. Drop symfony/process (added by #7073) and symfony/validator (added by #7077) to avoid composer.json conflicts at merge time. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * test: skip integration suites and regression guards pending feature PRs Guards integration tests and regression guards from #7083 against absence of CactiProcess and other feature-PR hardening, so the consolidated foundation PR is green on develop. Suites activate automatically once their feature PRs merge. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * fix(ci): drop infection/infection to unbreak PHP 8.4 matrix infection/infection ^0.27 transitively pins thecodingmachine/safe ^2.1.2, resolving to v2.5.0. Its generated stubs use implicit-nullable parameter declarations, which PHP 8.4 emits as deprecations into cacti.log and trips the log-quiet assertion. infection has no config or test wiring in this repo, so removing the dev dep clears the transitive pin without losing functionality. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> --------- Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> Co-authored-by: TheWitness <thewitness@cacti.net>
TheWitness
added a commit
that referenced
this pull request
May 13, 2026
* refactor(oauth): extract Cacti\Security\CactiOAuth provider factory Replace the inline provider switch in oauth2.php and the OAuth branch of mailer() in lib/functions.php with two helpers: - CactiOAuth::getProvider($name, $params) returns the configured provider instance for `google`, `azure`, `yahoo`, or `microsoft`, or null when the configured provider is unknown. - CactiOAuth::getDefaultOptions($name) returns the scope set each provider expects. Behaviour is preserved; both call sites now branch on a null return rather than relying on a `$provider` variable that may have fallen through the switch unset. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * chore(phpstan): catch up baseline with 11 upstream-detected entries Same as PR-A: appends 11 PHPStan ignoreErrors entries that exist on upstream develop but are not yet baselined, so this branch's CI does not regress on phpstan analyse --level 6. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * refactor: flatten CactiOAuth to global namespace Rename lib/Security/CactiOAuth.php to lib/CactiOAuth.php and drop the Cacti\Security namespace. Update the two callers (oauth2.php and lib/functions.php mailer) to use the unqualified class name. Behavior is unchanged: only the FQCN was rewritten. The flat layout matches every other lib/Cacti*.php class on develop and in the canonical PRs (#7088, #7073, #7077, #7075). Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * test: add shared unit stubs for OAuth tests * fix(oauth): load provider factory in runtime paths * test(oauth): pin provider factory runtime loading --------- Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> Co-authored-by: TheWitness <thewitness@cacti.net>
Default Symfony NotBlank/Length/Range/Choice/Positive messages render in English regardless of Cacti locale because the validator runs without a Symfony Translator. Pass explicit __()-wrapped message, minMessage, maxMessage, and notInRangeMessage options on each bare constraint in include/global_settings.php so violations participate in Cacti's gettext pipeline. Documents the no-Translator decision in CactiValidator so future contributors know to translate at the call site. Addresses Copilot PR Cacti#7077 review feedback. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fourth in the Symfony adoption series on develop. This now combines the shared
CactiValidatorhelper with the settings-constraint pilot, superseding #7125 so reviewers can evaluate the abstraction and first consumer together.What it adds
lib/CactiValidator.php— shared helpers around Symfony Validator for reusable value checks plus raw violation access.lib/CactiSettings.php— single static methodvalidate(array $posted, array $definitions): array. Returns a map of{setting_name => first violation message}and delegates validation throughCactiValidator.'constraints'key on 12 settings ininclude/global_settings.php. Constraints are closure-wrapped soglobal_settings.phpcan load before Composer autoload is available.settings.phpsave handler runsCactiSettings::validate($_POST, $settings)first, surfaces violations via the existingraise_message()pattern withMESSAGE_LEVEL_ERROR, and short-circuits before any DB write.Settings covered in the pilot
Path/binary checks:
path_rrdtool,path_php_binary,path_snmpget,path_snmpwalk,realtime_cache_path.Numeric range checks:
snmp_timeout,snmp_retries,settings_smtp_port,default_rra_id.Enum / choice checks:
poller_interval,cron_interval.Non-blank:
settings_smtp_host.Constraint types exercised:
NotBlank,Length,Range,Choice,Regex,Positive. Each has at least one positive and one negative test.Why
The same setting is currently validated multiple ways depending on entry path. Declarative constraints plus one validator pass at save time gives us a single pattern and surfaces invalid values before downstream failures.
What this is NOT
Tests
tests/Unit/CactiSettingsTest.phptests/Unit/CactiValidatorTest.phpVendor
Composer metadata adds
symfony/validator; vendored dependency refresh remains out of band.Migration template
docs/security/settings-validation.mdshows how to add constraints to a new setting.Rollback
Per-setting: drop the
'constraints'key. Whole-feature: revert this PR. Either way no downstream code change is required because the validator pass is additive.