system: audit staticroute' config access for #10027

Author: fichtner

src/etc/inc/plugins.inc.d/pf.inc

@@ -125,10 +125,7 @@ function pf_firewall($fw)
      *  interface in question to avoid problems with complicated routing
      *  topologies
      */
-    if (
-        isset($config['filter']['bypassstaticroutes']) && isset($config['staticroutes']['route']) &&
-        count($config['staticroutes']['route'])
-    ) {
+    if (isset($config['filter']['bypassstaticroutes']) && count(config_read_array('staticroutes', 'route', false))) {
         $ifdetails = $fw->getIfconfigDetails();
         $GatewaysList = $fw->getGateways()->gatewaysIndexedByName(false, true);
 

src/etc/inc/util.inc

@@ -1158,11 +1158,10 @@ function is_URL($url)
 
 function get_staticroutes($returnsubnetsonly = false)
 {
-    global $aliastable;
-
     $allstaticroutes = [];
     $allsubnets = [];
-    foreach (config_read_array('staticroutes', 'route') as $route) {
+
+    foreach (config_read_array('staticroutes', 'route', false) as $route) {
         if (is_subnet($route['network'])) {
             $allstaticroutes[] = $route;
             $allsubnets[] = $route['network'];

src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/SettingsController.php

@@ -193,6 +193,7 @@ public function addGatewayAction()
         return $this->addBase("gateway_item", "gateway_item");
     }
 
+    /* XXX consider removing $cfg use -- everything should have a model now */
     public function delGatewayAction($uuid)
     {
         $result = ["result" => "failed"];

src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php

@@ -126,7 +126,6 @@ private function getAliasSource()
         $sources[] = [['nat', 'outbound', 'rule'], ['destination', 'network']];
         $sources[] = [['nat', 'outbound', 'rule'], ['dstport']];
         $sources[] = [['nat', 'outbound', 'rule'], ['target']];
-        $sources[] = [['staticroutes', 'route'], ['network']];
         $sources[] = [['OPNsense', 'Firewall', 'Filter', 'onetoone', 'rule'], ['source_net']];
         $sources[] = [['OPNsense', 'Firewall', 'Filter', 'onetoone', 'rule'], ['destination_net']];
         $sources[] = [['OPNsense', 'Firewall', 'Filter', 'rules', 'rule'], ['source_net']];