firmware: add cleanup to audits, small refactor to avoid controller repetition; closes #8154

2026-03-13 00:07:27 +00:00 · 2025-03-28 13:38:34 +01:00 · 2025-03-28 13:38:34 +01:00 · b2dc6fed7c
commit b2dc6fed7c
parent d8ecd8c31b
3 changed files with 44 additions and 33 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
@ -1,7 +1,7 @@
 <?php

 /*
- * Copyright (c) 2015-2023 Franco Fichtner <franco@opnsense.org>
+ * Copyright (c) 2015-2025 Franco Fichtner <franco@opnsense.org>
 * Copyright (c) 2015-2018 Deciso B.V.
 * All rights reserved.
 *
@ -492,6 +492,36 @@ class FirmwareController extends ApiMutableModelControllerBase
        return $response;
    }

+    /**
+     * run an audit in the backend
+     * @return array status
+     * @throws \Exception
+     */
+    private function auditHelper(string $audit): array
+    {
+        $backend = new Backend();
+        $response = [];
+
+        if ($this->request->isPost()) {
+            $response['status'] = 'ok';
+            $response['msg_uuid'] = trim($backend->configdRun("firmware $audit", true));
+        } else {
+            $response['status'] = 'failure';
+        }
+
+        return $response;
+    }
+
+    /**
+     * run a cleanup task
+     * @return array status
+     * @throws \Exception
+     */
+    public function cleanupAction()
+    {
+        return $this->auditHelper('cleanup');
+    }
+
    /**
     * run a connection check
     * @return array status
@ -499,17 +529,7 @@ class FirmwareController extends ApiMutableModelControllerBase
     */
    public function connectionAction()
    {
-        $backend = new Backend();
-        $response = array();
-
-        if ($this->request->isPost()) {
-            $response['status'] = 'ok';
-            $response['msg_uuid'] = trim($backend->configdRun("firmware connection", true));
-        } else {
-            $response['status'] = 'failure';
-        }
-
-        return $response;
+        return $this->auditHelper('connection');
    }

    /**
@ -519,17 +539,7 @@ class FirmwareController extends ApiMutableModelControllerBase
     */
    public function healthAction()
    {
-        $backend = new Backend();
-        $response = array();
-
-        if ($this->request->isPost()) {
-            $response['status'] = 'ok';
-            $response['msg_uuid'] = trim($backend->configdRun("firmware health", true));
-        } else {
-            $response['status'] = 'failure';
-        }
-
-        return $response;
+        return $this->auditHelper('health');
    }

    /*
@ -539,18 +549,11 @@ class FirmwareController extends ApiMutableModelControllerBase
     */
    public function auditAction()
    {
-        $backend = new Backend();
-        $response = array();
-
        if ($this->request->isPost()) {
            $this->getLogger('audit')->notice(sprintf("[Firmware] User %s executed a security audit", $this->getUserName()));
-            $response['status'] = 'ok';
-            $response['msg_uuid'] = trim($backend->configdRun("firmware audit", true));
-        } else {
-            $response['status'] = 'failure';
        }

-        return $response;
+        return $this->auditHelper('audit');
    }

    /**
--- a/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
@ -1,5 +1,5 @@
 {#
- # Copyright (c) 2015-2023 Franco Fichtner <franco@opnsense.org>
+ # Copyright (c) 2015-2025 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2015-2018 Deciso B.V.
 # All rights reserved.
 #
@ -619,9 +619,10 @@
        $("#plugin_see").click(function () { $('#plugintab > a').tab('show'); });
        $("#plugin_get").click(function () { backend('syncPlugins'); });
        $("#plugin_set").click(function () { backend('resyncPlugins'); });
-        $('#audit_security').click(function () { backend('audit'); });
+        $('#audit_cleanup').click(function () { backend('cleanup'); });
        $('#audit_connection').click(function () { backend('connection'); });
        $('#audit_health').click(function () { backend('health'); });
+        $('#audit_security').click(function () { backend('audit'); });
        $('#audit_upgrade').click(function () {
            ajaxCall('/api/core/firmware/log/0', {}, function (data, status) {
                if (data['log'] != undefined) {
@ -904,6 +905,7 @@
                                            <i class="fa fa-lock"></i> {{ lang._('Run an audit') }} <i class="caret"></i>
                                        </button>
                                        <ul class="dropdown-menu" role="menu">
+                                            <li><a id="audit_cleanup" href="#">{{ lang._('Cleanup') }}</a></li>
                                            <li><a id="audit_connection" href="#">{{ lang._('Connectivity') }}</a></li>
                                            <li><a id="audit_health" href="#">{{ lang._('Health') }}</a></li>
                                            <li><a id="audit_security" href="#">{{ lang._('Security') }}</a></li>
--- a/src/opnsense/service/conf/actions.d/actions_firmware.conf
+++ b/src/opnsense/service/conf/actions.d/actions_firmware.conf
@ -102,6 +102,12 @@ parameters:
 type:script
 message:Retrieve health status

+[cleanup]
+command:/usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh cleanup
+parameters:
+type:script
+message:Run temporary file cleanup
+
 [connection]
 command:/usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh connection
 parameters: