/ 
App-Netdisco-2.039030
⭐ Starred 676
/ App::Netdisco::DB::Result::DevicePort
Security Advisories (10)
CVE-2022-24785 (2022-04-04)

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

CVE-2020-11022 (2020-04-29)

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11023 (2020-04-29)

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2019-11358 (2019-04-20)

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2015-9251 (2018-01-18)

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2011-4969 (2013-03-08)

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

CVE-2012-6708 (2018-01-18)

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

CVE-2020-7656 (2020-05-19)

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVE-2019-5428

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

CVE-2014-6071 (2018-01-16)

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

RELATIONSHIPS

device

Returns the Device table entry to which the given Port is related.

port_vlans

Returns the set of device_port_vlan entries associated with this Port. These will be both tagged and untagged. Use this relation in search conditions.

nodes / active_nodes / nodes_with_age / active_nodes_with_age

Returns the set of Nodes whose MAC addresses are associated with this Device Port.

The active variants return only the subset of nodes currently in the switch MAC address table, that is the active ones.

The with_age variants add an additional column time_last_age, a preformatted value for the Node's time_last field, which reads as "X days/weeks/months/years".

logs

Returns the set of device_port_log entries associated with this Port.

power

Returns a row from the device_port_power table if one refers to this device port.

properties

Returns a row from the device_port_properties table if one refers to this device port.

ssid

Returns a row from the device_port_ssid table if one refers to this device port.

wireless

Returns a row from the device_port_wireless table if one refers to this device port.

agg_master

Returns another row from the device_port table if this port is slave to another in a link aggregate.

neighbor_alias

When a device port has an attached neighbor device, this relationship will return the IP address of the neighbor. See the neighbor helper method if what you really want is to retrieve the Device entry for that neighbor.

The JOIN is of type "LEFT" in case the neighbor device is known but has not been fully discovered by Netdisco and so does not exist itself in the database.

vlans

As compared to port_vlans, this relationship returns a set of Device VLAN row objects for the VLANs on the given port, which might be more useful if you want to find out details such as the VLAN name.

See also vlan_count.

oui

Returns the oui table entry matching this Port. You can then join on this relation and retrieve the Company name from the related table.

The JOIN is of type LEFT, in case the OUI table has not been populated.

ADDITIONAL METHODS

neighbor

Returns the Device entry for the neighbour Device on the given port.

Might return an undefined value if there is no neighbor on the port, or if the neighbor has not been fully discovered by Netdisco and so does not exist in the database.

ADDITIONAL COLUMNS

native

An alias for the vlan column, which stores the PVID (that is, the VLAN ID assigned to untagged frames received on the port).

error_disable_cause

Returns the textual reason given by the device if the port is in an error state, or else `undef` if the port is not in an error state.

remote_is_wap

Returns true if the remote LLDP neighbor has reported Wireless Access Point capability.

remote_is_phone

Returns true if the remote LLDP neighbor has reported Telephone capability.

remote_inventory

Returns a synthesized description of the remote LLDP device if inventory information was given, including vendor, model, OS version, and serial number.

vlan_count

Returns the number of VLANs active on this device port. Enable this column by applying the with_vlan_count() modifier to search().

lastchange_stamp

Formatted version of the lastchange field, accurate to the minute. Enable this column by applying the with_times() modifier to search().

The format is somewhat like ISO 8601 or RFC3339 but without the middle T between the date stamp and time stamp. That is:

2012-02-06 12:49

is_free

This method can be used to evaluate whether a device port could be considered unused, based on the last time it changed from the "up" state to a "down" state.

See the with_is_free and only_free_ports modifiers to search().

base64url_port

Returns a Base64 encoded version of the port column value suitable for use in a URL.

net_mac

Returns the mac column instantiated into a NetAddr::MAC object.

last_comment

Returns the most recent comment from the logs for this device port.