Skip to content

CTOR-2266 [apps::saas::apivideo::restapi] - new plugin#6111

Open
garnier-quentin wants to merge 21 commits intocentreon:developfrom
garnier-quentin:CTOR-2266-apivideo-new
Open

CTOR-2266 [apps::saas::apivideo::restapi] - new plugin#6111
garnier-quentin wants to merge 21 commits intocentreon:developfrom
garnier-quentin:CTOR-2266-apivideo-new

Conversation

@garnier-quentin
Copy link
Copy Markdown
Contributor

@garnier-quentin garnier-quentin commented Apr 9, 2026
edited by aikido-pr-checks bot
Loading

Community contributors

Description

New plugin to monitor Api Video (https://docs.api.video/reference/authentication-guide)

CTOR-2266

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Functionality enhancement or optimization (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

$ perl centreon_plugins.pl --plugin=apps::saas::apivideo::restapi::plugin --mode=contents-usage --api-key='V2LoNXXXX' 
OK: Contents played: 155, watching time: 9h 9m 55s, concurrent users peak: 39 | 'contents.played.count'=155;;;0; 'contents.watch_time.seconds'=32995.531s;;;0; 'contents.users.concurrent.peak.count'=39;;;0;

Checklist

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (develop).
  • I have provide data or shown output displaying the result of this code in the plugin area concerned.

Summary by Aikido

Security Issues: 0 🔍 Quality Issues: 1 Resolved Issues: 0

🚀 New Features

  • Implemented new Api Video REST API plugin with contents-usage mode

⚡ Enhancements

  • Added packaging metadata and dependencies for RPM and Debian packages

More info

omercier and others added 21 commits March 20, 2025 16:36
@omercier
fix(ci): add missing image + fix path for tests on noble
4909454
@omercier
fix(ci): add missing image + fix path for tests on noble (centreon#5516)
9274e64 
Refs: CTOR-1451
@garnier-quentin
Merge branch 'centreon:develop' into develop
e74825a
@garnier-quentin
Merge branch 'centreon:develop' into develop
75a686f
@garnier-quentin
Merge branch 'centreon:develop' into develop
06d9cca
@garnier-quentin
Merge branch 'centreon:develop' into develop
a655ae5
@garnier-quentin
Merge branch 'centreon:develop' into develop
0e2a2c2
@garnier-quentin
Merge branch 'centreon:develop' into develop
868a37b
@garnier-quentin
Merge branch 'centreon:develop' into develop
6fd626e
@garnier-quentin
Merge branch 'centreon:develop' into develop
cf2d401
@garnier-quentin
Merge branch 'centreon:develop' into develop
7930cbe
@garnier-quentin
Merge branch 'centreon:develop' into develop
7ef7c1c
@garnier-quentin
Merge branch 'centreon:develop' into develop
adbb960
@garnier-quentin
Merge branch 'centreon:develop' into develop
4b45367
@garnier-quentin
Merge branch 'centreon:develop' into develop
dc85ae4
@garnier-quentin
Merge branch 'centreon:develop' into develop
4243e13
@garnier-quentin
Merge branch 'centreon:develop' into develop
b6020da
@garnier-quentin
Merge branch 'centreon:develop' into develop
339e322
@garnier-quentin
Merge branch 'centreon:develop' into develop
15da907
@garnier-quentin
wip
9ef425e
@garnier-quentin
add apivideo new plugin
57cb0f6
@garnier-quentin garnier-quentin requested a review from a team as a code owner April 9, 2026 08:30
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Apr 9, 2026
View reviewed changes
src/apps/saas/apivideo/restapi/custom/api.pm
sub get_connection_info {
my ($self, %options) = @_;

return md5_hex($self->{option_results}->{hostname} . ':' . $self->{option_results}->{port} . ':' . $self->{option_results}->{api_key});
Copy link
Copy Markdown

@aikido-pr-checks aikido-pr-checks bot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get_connection_info uses md5_hex over hostname:port:api_key. Avoid MD5 for values derived from secrets; use a stronger hash (e.g., SHA-256) or a secure identifier mechanism.

Details

✨ AI Reasoning
​The code computes an MD5 hash over the API key combined with host/port to create a connection identifier. This hash is derived from a secret (the API key) and is used in authentication-related cache logic (connection identification). Using MD5 for data derived from secrets poses a cryptographic risk: MD5 is broken and should not be used where secrets or authentication-related values are involved. A stronger hash (e.g., SHA-256) should be used for general hashing of secrets, or the secret should be stored/compared using a secure mechanism appropriate to the sensitivity and usage pattern.

🔧 How do I fix it?
Use modern alternatives: SHA-256/SHA-3 for general hashing, and bcrypt/scrypt/Argon2 (with salt and work factor) for passwords

Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucie-tirand lucie-tirand Awaiting requested review from lucie-tirand lucie-tirand is a code owner automatically assigned from centreon/owners-perl

1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

external

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@garnier-quentin @omercier