wapplersystems / zabbix_client Goto Github PK

Would it be possible to trigger an update from Zabbix with your agent on typo3?

Hi,

currently, when i use the template from this extension, the api key and all other parameters are send via query string.
So the api key will be send unencrypted and will be stored in some logs like the access log.

This must be changed for safety reasons necessarily.

I have changed my items from query string to raw body ans all works like before without any security concerns.

For example my change for the PHP Version Item:

Before:

                <item>
                    <name>PHP Version</name>
                    <type>HTTP_AGENT</type>
                    <key>typo3_GetPHPVersion</key>
                    <delay>30s</delay>
                    <trends>0</trends>
                    <value_type>TEXT</value_type>
                    <applications>
                        <application>
                            <name>TYPO3</name>
                        </application>
                    </applications>
                    <preprocessing>
                        <step>
                            <type>JSONPATH</type>
                            <params>$.value</params>
                        </step>
                    </preprocessing>
                    <timeout>5s</timeout>
                    <url>https://{HOST.HOST}/zabbixclient/</url>
                    <query_fields>
                        <query_field>
                            <name>key</name>
                            <value>{$TYPO3_CLIENT_KEY}</value>
                        </query_field>
                        <query_field>
                            <name>operation</name>
                            <value>GetPHPVersion</value>
                        </query_field>
                    </query_fields>
                    <follow_redirects>NO</follow_redirects>
                    <request_method>POST</request_method>
                    <verify_peer>YES</verify_peer>
                </item>

After:

                <item>
                    <name>PHP Version</name>
                    <type>HTTP_AGENT</type>
                    <key>typo3_GetPHPVersion</key>
                    <delay>10s</delay>
                    <trends>0</trends>
                    <value_type>TEXT</value_type>
                    <applications>
                        <application>
                            <name>TYPO3</name>
                        </application>
                    </applications>
                    <preprocessing>
                        <step>
                            <type>JSONPATH</type>
                            <params>$.value</params>
                        </step>
                    </preprocessing>
                    <timeout>5s</timeout>
                    <url>http://{HOST.CONN}/zabbixclient/</url>
                    <posts>key={$TYPO3_CLIENT_KEY}&amp;operation=GetPHPVersion</posts>
                    <follow_redirects>NO</follow_redirects>
                    <request_method>POST</request_method>
                    <verify_peer>YES</verify_peer>
                </item>

If you have suggestions for

• detecting security problems
• detecting performance problems
• missing items
• missing triggers

please make a suggest!

TYPO3: 11.5
zabbix_client: 0.2.14
PHP: 8.0

I'm experiencing a 'Undefined array key "scope"' PHP warning in 2 classes.

• Classes/Operation/GetInsecureExtensionList.php line 34
• Classes/Operation/GetOutdatedExtensionList.php line 34

The problem seems to be the same in the development branch.

Items "TYPO3 last extension list update" & "TYPO3 last scheduler run" should be date and time and not a timestamp

In TYPO3 v10, the constants PATH_typo3conf and PATH_typo3 are not defined anymore.
https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.4/Deprecation-85285-DeprecatedSystemConstants.html

Hi,

the zabbix template yaml no longer provides the configuration for HasFailedSchedulerTask.
The PHP class is still there: Classes/Operation/HasFailedSchedulerTask.php

Is there a reason why this check is no longer available?

Also the template name still states: "Template TYPO3 9-11" while the filename is up to date: 9-12.yaml

Hi,

the url for the http agent in the template is defined as follows:

<url>https://{HOST.HOST}/zabbixclient/</url>

HOST.HOST is the name of the host entry of zabbix.
i think it would be better to use HOST.CONN.

<url>https://{HOST.CONN}/zabbixclient/</url>

Than the connection setting of the host will be used to build the url.

i normaly use the ip to connect the server. when i has to put the ip to the name of my host entry the listing is very confusing.

TYPO3 12

Since TYPO3 12 extensions are no longer in the folder "typo3conf/ext/" (https://typo3.org/article/get-ready-for-typo3-v12), therefore the operation "GetExtensionList" does not find any extensions.

        switch ($scope) {
            case 'system':
                $path = Environment::getPublicPath() . '/typo3/sysext/';
                break;
            case 'local':
            default:
                $path = Environment::getPublicPath() . '/typo3conf/ext/';
                break;
        }

Is a fix planned for this?

Hi,

Debian's repositories currently only provide Zabbix 4.0.x.
It would be great, if you could provide a template compatible with this version.

I recognized the following. Zabbix could not connect to a host. I also got no output from the debug output.

It was because of the API key. This has a + in the key "q9rrfK9GmEJAC + iDQv"

After removing the +, Zabbix was able to connect

There is an unconfigured branch to the Crowdin integration that need some attention: https://crowdin.com/project/typo3-extension-zabbixclient/apps/system/github

short question, how can i fix this:

TYPO3 IPTC preservation

what setting must be done?

Check whether defaultMailFromAddress & defaultMailFromName are set in LocalConfiguration.php

I just found out, that the position in the middleware stack before typo3/cms-frontend/tsfe is fine for version 9 but fails in version 10, since the TSFE Middleware moved down after the page-resolver. So that the URL "/zabbixclient/" returns a 404 since the page-resolver can't resolve the url.
The easiest way would be to move it before page-resolver, but then it might not work in Version 9, because I'm sure there is a reason it was located before TSFE.
So either there needs to be a version check in the RequestMiddlewares.php or we have to put it before the eID Middleware or something like that.
What do you think?
If we have a decision I will gladly provide a PR for it :)

I want to use Zabbix 5.4 but the typo3.xml is for Version 5.2. When will it be updated? Is there any way, to update it myself?

With TYPO3 version 9.5.26 the operation GetProgramVersion always fails, because the ExtConfiguration returns no program path.

Since TYPO3 version 9.0 the extension configuration ist stored in an array, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.0/Feature-82254-StoreExtensionConfigurationAsPlainArray.html

Contrary to what is stated in the documentation, the array keys for "directories" are stored without the dot . at the end of a key. It seems the usage of the dot is only required if the unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']...) -method is used.
As already mentioned in this case the documentation is wrong or at least confusing. (https://docs.typo3.org/m/typo3/reference-coreapi/9.5/en-us/ExtensionArchitecture/ConfigurationOptions/Index.html)

Solution:
Remove the dot . in EXT:zabbix_client/Classes/Operation/GetProgramVersion.php at line 38

Would be great to have a step-by-step how to integrate it in Zabbix.
How and where can we get the API String....

Thx

As the title says. This is about a new operation for detecting a stuck scheduler task.

We recently had a customer where a scheduler task wouldn't stop running. This operation could help you detect such tasks.

I created the operation class myself to test it. @svewap , if you think this operation adds value to your extension, I would be happy to contribute to your project.

You can define the max runnign hours via parameter or use the default of 6 hours.

<?php

namespace WapplerSystems\ZabbixClient\Operation;

/**
 * This file is part of the "zabbix_client" Extension for TYPO3 CMS.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 */

use DateTime;
use Doctrine\DBAL\DBALException;
use Doctrine\DBAL\Driver\Exception;
use TYPO3\CMS\Core\Database\Connection;
use TYPO3\CMS\Core\SingletonInterface;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Database\ConnectionPool;
use WapplerSystems\ZabbixClient\OperationResult;

class HasStuckSchedulerTask implements IOperation, SingletonInterface
{
    const MAX_RUNNING_HOURS = 6;

    /**
     * @param array $parameter
     * @return OperationResult
     *
     * @throws Exception|DBALException
     */
    public function execute($parameter = [])
    {
        $maxRunningHours = intval(isset($parameter['maxRunningHours']) ? $parameter['maxRunningHours'] : 0);
        // Make sure we do not use a number smaller than 1 here.
        if($maxRunningHours < 1) {
            $maxRunningHours = self::MAX_RUNNING_HOURS;
        }

        $schedulerRecords = $this->fetchSchedulerTasks();
        if (0 === count($schedulerRecords)) {
            // No tasks found.
            return new OperationResult(true, false);
        }

        foreach ($schedulerRecords as $schedulerRecord) {
            // Check if the task is running.
            $isRunning = !empty($schedulerRecord['serialized_executions']);
            if (!$isRunning) {
                continue;
            }
            // Validate for required column value (lastexecution_time).
            if (empty($schedulerRecord['lastexecution_time'])) {
                continue;
            }

            // Compare lastexecution_time with current time.
            $currentDateTime = new DateTime();
            $lastExecutedDateTime = (new DateTime())->setTimestamp((int)$schedulerRecord['lastexecution_time']);
            $runningHours = intval($currentDateTime->diff($lastExecutedDateTime)->format('%h'));
            $runningHours += intval($currentDateTime->diff($lastExecutedDateTime)->days) * 24;

            if ($runningHours >= $maxRunningHours) {
                return new OperationResult(true, true);
            }
        }

        // No task is running.
        return new OperationResult(true, false);
    }

    /**
     * @return array
     *
     * @throws Exception|DBALException
     */
    private function fetchSchedulerTasks()
    {
        /** @var ConnectionPool $connectionPool */
        $connectionPool = GeneralUtility::makeInstance(ConnectionPool::class);
        $queryBuilder = $connectionPool->getQueryBuilderForTable('tx_scheduler_task');
        $queryBuilder
            ->select('uid', 'serialized_executions', 'lastexecution_time')
            ->from('tx_scheduler_task')
            ->where(
                $queryBuilder->expr()->eq('disable', $queryBuilder->createNamedParameter(0, Connection::PARAM_INT))
            );

        if (version_compare(TYPO3_version, '9.0.0', '>=')) {
            $queryBuilder->andWhere(
                $queryBuilder->expr()->eq('deleted', $queryBuilder->createNamedParameter(0, Connection::PARAM_INT))
            );
        }

        return $queryBuilder->execute()->fetchAllAssociative();
    }
}

The extension can be made compatible for old versions. However, the endpoint must then be realized via eID and the paths in the Zabbix template must be adapted.

Both Classes don't work anymore cause of TYPO3 10.4.19 the TYPO3\CMS\Install\Service\CoreVersionService has changed a lot.

In my fork we use now the get.typo3 API for this:
https://github.com/Teisi/zabbix_client/blob/master/Classes/Operation/HasUpdate.php

should be 'HOST.CONN' insted of 'HOST.HOST', right?

Bug description

In a TYPO3 11 / PHP 8 environment an error is logged to the TYPO3 Administration log every time the Zabbix Client is accessed.

This results in hundreds of thousands of log entries even after a short time because Zabbix calls the Zabbix Client every few seconds.

Environment

• TYPO 11.5.13
• PHP Version 8.0.20

Details

The logged error is:

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1476107295: PHP Warning: Undefined array key "extConf" in [...]/typo3conf/ext/zabbix_client/Classes/ManagerFactory.php line 41 | TYPO3\CMS\Core\Error\Exception thrown in file [...]/typo3/sysext/core/Classes/Error/ErrorHandler.php in line 137. Requested URL: https://[...]/zabbixclient/?operation=GetLogResults&filter=ServiceUnavailableException

Possible solution

The reason seems to be in line 41 in the ManagerFactory class:

        $this->extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['zabbix_client']);

The array key $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['zabbix_client'] seems not to be correct, it should rather be ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['zabbix_client']

Also my IDE reports that $this->extConf is never read so I think that line can just be removed.

Workaround

Add this lines to the ext_localconf.php of your site package extension:

(static function() {
    // Workaround for zabbix_client error
    $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['zabbix_client'] = 'a:0:{}';
})();

Why do you return for TYPO3 >= 11 only the three static ApplicationContexts (Production, Development, Testing)?

You have changed it to:

if (version_compare(TYPO3_version, '11.0.0', '>=')) {
    $applicationContext = Environment::getContext();
    if ($applicationContext->isDevelopment()) {
        return new OperationResult(true, 'Development');
    }
    if ($applicationContext->isTesting()) {
        return new OperationResult(true, 'Testing');
    }
    if ($applicationContext->isProduction()) {
        return new OperationResult(true, 'Production');
    }
    return new OperationResult(true, $applicationContext->__toString());
}

$applicationContext = GeneralUtility::getApplicationContext();
return new OperationResult(true, $applicationContext->__toString());

but wouldn't it be better to return custom ApplicationContexts too? Like e. g. :

if (version_compare(TYPO3_version, '11.0.0', '>=')) {
    $applicationContext = Environment::getContext();
    return new OperationResult(true, $applicationContext->__toString());
}

$applicationContext = GeneralUtility::getApplicationContext();
return new OperationResult(true, $applicationContext->__toString());

And the class "Environment" exists since TYPO3 9.5 so it should be possible to write something like:
(https://api.typo3.org/9.5/class_t_y_p_o3_1_1_c_m_s_1_1_core_1_1_core_1_1_environment.html#a6a0c7770cada6b990d22855b04639698)

if (version_compare(TYPO3_version, '9.5.0', '>=')) { ....

And constant "TYPO3_version" is depricated since TYPO3 10.3 so i think the code could look like this (yes?):
(https://docs.typo3.org/c/typo3/cms-core/10.4/en-us/Changelog/10.3/Deprecation-90007-GlobalConstantsTYPO3_versionAndTYPO3_branch.html)

if(defined(TYPO3_version)) {
    $typo3Version = TYPO3_version;
} else {
    $typo3VersionClass = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Information\Typo3Version::class);
    $typo3Version = $typo3VersionClass->getVersion();
}

if (version_compare($typo3Version, '9.5.0', '>=')) {
    $applicationContext = Environment::getContext();
    return new OperationResult(true, $applicationContext->__toString());
}

$applicationContext = GeneralUtility::getApplicationContext();
return new OperationResult(true, $applicationContext->__toString());

Changed this allready at our fork: https://github.com/Teisi/zabbix_client/blob/master/Classes/Operation/GetApplicationContext.php

This is unfortunately a bigger issue because the challenge is to compare the composer.lock file with one or more vulnerability databases.
Currently, security issues for extensions are only stored in the TER database. These would have to be extracted and automatically converted to YAML files.

Links:
https://github.com/FriendsOfPHP/security-advisories/tree/master/typo3/cms
https://github.com/sensiolabs/security-checker

Could you please tag version 0.2.15 from master so that

8f3feab

is included in the latest version? Thank you!

Hi @svewap,

first of all: nice extension. we are evaluating the extension right now. it would be good to

• limit API Access to a specific IP
• limit request with wrong API key to avoid brute force

If the well known extension "staticfilecache" (https://github.com/lochmueller/staticfilecache) is used together with the zabbix_client extension an error is thrown inside TYPO3.

Core: Exception handler (WEB: Uncaught TYPO3 Exception: Call to a member function isStaticCacheble() on null | Error thrown in file .../ext/staticfilecache/Classes/Cache/Rule/StaticCacheable.php in line 32. Requested URL: .../zabbixclient/?operation=PageSpeedInsights_GetDegradedPageUids&strategy=desktop&field=seo_score

Hey
We plan to use Zabbix to monitor our TYPO3 projects soon. For this, we would really appreciate a new release of this extension, since the latest release is almost one year old. We would love to use all the new functions added in the meantime in an official release.

What do you think about it?

Thanks,
Janis