Added FREEBOX plugin

[KayJay7]

This adds a plugin to pull devices and names from a Freebox gateway, using their API. The details are in the README.

Our use-case of this plugin is for the Italian re-branding of the freebox, the "Iliadbox".

Support for the Iliadbox requires adding an extra ssl certificate. There are a number of ways to handle this, like mounting the file with the certificate, or getting it merged upstream.
In the meantime, I made no mention of the Iliadbox in the README.

Co-authored-by: @Lucide

[KayJay7]

Question: the API offers historical information about devices and IPs that are not online at the moment, but were at one point.

I see no way to make use of this; as far as I understand, if we report offline devices they will appear as online, and the last seen field seems ignored. Is there a way to get that past data in the database?

There is the NEWDEV_dev_PresentLastScan setting in the New Devices plugin that looks related, but I'm not sure.

[Lucide]

Hello, some considerations on foreign-sub/aiofreepybox, the python library that implements the freebox API:
The library is a fork of hacf-fr/freebox-api. I've chosen it because it supports API connections through LAN, thus it can work without an internet connection.
The author implemented a quite sophisticated (and perhaps a bit over-engineered) mechanism for auto-discovery, and protocol selection. By default, the library will always still attempt a remote SSL connection (over internet) first, and fall back to a local http connection in case of failure (if the conditions mentioned in the readme are met). SSL on the freebox works only from the public address, so it requires internet connection.

However, the way the library is implemented does not allow certificate validation failures (even with _DEFAULT_SSL=False), so it requires appending the "iliad" certificate to freebox_certificates.pem at container build-time (or with user mount instructions). This is what we are currently doing in our setup for SSL.

We could attempt a pull request on the library but it seems abandoned. In the future the active fork might catch up in features.

-----BEGIN CERTIFICATE-----
MIICOjCCAcCgAwIBAgIUI0Tu7zsrBJACQIZgLMJobtbdNn4wCgYIKoZIzj0EAwIw
TDELMAkGA1UEBhMCSVQxDjAMBgNVBAgMBUl0YWx5MQ4wDAYDVQQKDAVJbGlhZDEd
MBsGA1UEAwwUSWxpYWRib3ggRUNDIFJvb3QgQ0EwHhcNMjAxMTI3MDkzODEzWhcN
NDAxMTIyMDkzODEzWjBMMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDjAM
BgNVBAoMBUlsaWFkMR0wGwYDVQQDDBRJbGlhZGJveCBFQ0MgUm9vdCBDQTB2MBAG
ByqGSM49AgEGBSuBBAAiA2IABMryJyb2loHNAioY8IztN5MI3UgbVHVP/vZwcnre
ZvJOyDvE4HJgIti5qmfswlnMzpNbwf/MkT+7HAU8jJoTorRm1wtAnQ9cWD3Ebv79
RPwtjjy3Bza3SgdVxmd6fWPUKaNjMGEwHQYDVR0OBBYEFDUij/4lpoJ+kOXRyrcM
jf2RPzOqMB8GA1UdIwQYMBaAFDUij/4lpoJ+kOXRyrcMjf2RPzOqMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQC6eUV1
pFh4UpJOTc1JToztN4ttnQR6rIzxMZ6mNCe+nhjkohWp24pr7BpUYSbEizYCMAQ6
LCiBKV2j7QQGy7N1aBmdur17ZepYzR1YV0eI+Kd978aZggsmhjXENQYVTmm/XA==
-----END CERTIFICATE-----

[jokob-sk]

Amazing collab @KayJay7 @Lucide 🙏 is it good to be merged? Do we need to add some notes regarding the certificate setup in the README?

[KayJay7]

I have pushed some more commits. One is just a fix for a missing dependency in the dockerfile.
The other two are one to add the certificate and the other for the documentation.
We have opted for appending the certificate with a command in the dockerfile.

Now it's good to merge

[jokob-sk]

@KayJay7 Sorry, forgot to answer your question:

Question: the API offers historical information about devices and IPs that are not online at the moment, but were at one point.

I see no way to make use of this; as far as I understand, if we report offline devices they will appear as online, and the last seen field seems ignored. Is there a way to get that past data in the database?

There is the NEWDEV_dev_PresentLastScan setting in the New Devices plugin that looks related, but I'm not sure.

Currently, all devices passed thru the CurrentScan table will be reported as online. Although possible, I prefer not to write directly to the DB in the plugins to keep the flow and logic clean.

It's something on my radar to improve in future - to figure out the import of "offline" devices, without the need to go thru the CurrentScan table in a more scalable way - to be incorporated into the plugin framework. Happy to hear ideas as well.

[gitguardian]

⚠️ GitGuardian has uncovered 8 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
13089635	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089635	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089637	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089637	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089637	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089637	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089638	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret
13089639	Triggered	Generic High Entropy Secret	ea16302	front/plugins/omada_sdn_imp/omada_sdn.py	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[jokob-sk]

I might move the certificate in a separate file in the future, but I think this is good to go for now - let's see how much teh image grows due to the addition of git though

[Lucide]

As an alternative to git, we could try

pip install "aiofreepybox@https://github.com/foreign-sub/aiofreepybox/archive/refs/heads/afpbx-next.zip"

Installation from source archive file.

[jokob-sk]

Looks ok, not much increase in size :)