Skip to content

Commit caf8530

Browse files
Prevent aliases from being deleted if they are in use
1 parent 92156e3 commit caf8530

4 files changed

Lines changed: 18 additions & 7 deletions

File tree

pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1530,13 +1530,19 @@ function get($id, $data=[], $all=false) {
15301530
"status" => "bad request",
15311531
"code" => 400,
15321532
"return" => $id,
1533-
"message" => "Alias details cannot contain more items than alias addresses"
1533+
"message" => "Firewall alias details cannot contain more items than alias addresses"
15341534
],
15351535
4107 => [
15361536
"status" => "bad request",
15371537
"code" => 400,
15381538
"return" => $id,
1539-
"message" => "Alias type cannot be changed while in use"
1539+
"message" => "Firewall alias type cannot be changed while in use"
1540+
],
1541+
4108 => [
1542+
"status" => "bad request",
1543+
"code" => 400,
1544+
"return" => $id,
1545+
"message" => "Firewall alias cannot be deleted while in use"
15401546
],
15411547

15421548
//5000-5999 reserved for /users API calls

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasDelete.inc

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,13 @@ class APIFirewallAliasDelete extends APIModel {
4040
foreach ($this->config["aliases"]["alias"] as $id=>$alias) {
4141
# First check if the ID matches the index value or the alias name
4242
if ($this->initial_data["id"] === $id or $this->initial_data["id"] === $alias["name"]) {
43-
$this->id = $id;
44-
$this->validated_data = $alias;
43+
# Only allow deletion if the firewall alias is not in use.
44+
if (!APITools\alias_in_use($alias["name"])) {
45+
$this->id = $id;
46+
$this->validated_data = $alias;
47+
} else {
48+
$this->errors[] = APIResponse\get(4108);
49+
}
4550
break;
4651
}
4752
}

tests/test_api_v1_firewall_alias.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):
4545
{
4646
"id": "RFC1918",
4747
"name": "UPDATED_RFC1918",
48-
"type": "port",
48+
"type": "network",
4949
"descr": "Updated Unit Test",
5050
"address": ["10.0.0.0/32", "172.16.0.0/32", "192.168.0.0/32"],
5151
"detail": ["New Class A", "New Class B", "New Class C"]

tests/test_api_v1_firewall_rule.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,9 @@ class APIUnitTestFirewallRule(unit_test_framework.APIUnitTest):
3838
"ipprotocol": "inet",
3939
"protocol": "tcp/udp",
4040
"src": "172.16.77.125",
41-
"srcport": "any",
41+
"srcport": "HTTP",
4242
"dst": "127.0.0.1",
43-
"dstport": "8443",
43+
"dstport": "HTTP",
4444
"descr": "Updated Unit test",
4545
"top": True
4646
}

0 commit comments

Comments
 (0)