Module: check_mk
Branch: master
Commit: f5415dab2097902aa92180ca4434b4f32318d67d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f5415dab209790…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 23 08:43:42 2014 +0200
SEC Valuespecs: Fixed several possible HTML injections in valuespecs
Several HTML injections in valuespecs of different types (mostly used in WATO)
were missing good escaping of values. This has been added to prevent HTML
code injections which could be used for XSS attacks. This only affects WATO
and logged in users which are permitted to use WATO and open the page
(e.g. the list of rules) which displays the values.
---
.werks/824 | 12 ++++++++++++
ChangeLog | 1 +
web/htdocs/valuespec.py | 8 ++++----
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/.werks/824 b/.werks/824
new file mode 100644
index 0000000..629d2e1
--- /dev/null
+++ b/.werks/824
@@ -0,0 +1,12 @@
+Title: Valuespecs: Fixed several possible HTML injections in valuespecs
+Level: 1
+Component: wato
+Version: 1.2.5i4
+Date: 1403505656
+Class: security
+
+Several HTML injections in valuespecs of different types (mostly used in WATO)
+were missing good escaping of values. This has been added to prevent HTML
+code injections which could be used for XSS attacks. This only affects WATO
+and logged in users which are permitted to use WATO and open the page
+(e.g. the list of rules) which displays the values.
diff --git a/ChangeLog b/ChangeLog
index 7492526..4ddd575 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,7 @@
WATO:
* 0987 New button for updating DNS cache...
+ * 0824 SEC: Valuespecs: Fixed several possible HTML injections in valuespecs...
* 0813 FIX: LDAP: Improved slightly missleading logging of LDAP sync actions...
* 0935 FIX: CPU utilization: increased maximum value to 10000...
* 0821 FIX: Reducing size of auth.php (needed for authorisation in NagVis) in large environments...
diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py
index 477ed21..31afeab 100644
--- a/web/htdocs/valuespec.py
+++ b/web/htdocs/valuespec.py
@@ -464,7 +464,7 @@ class EmailAddress(TextAscii):
if not value:
return TextAscii.value_to_text(self, value)
elif self._make_clickable:
- return '<a href="mailto:%s">%s</a>' % (value, value)
+ return '<a href="mailto:%s">%s</a>' % (html.attrencode(value), html.attrencode(value))
else:
return value
@@ -566,7 +566,7 @@ class HTTPUrl(TextAscii):
# any path component
return '<a %shref="%s">%s</a>' % (
(self._target and 'target="%s" ' % self._target or ""),
- url, text)
+ html.attrencode(url), html.attrencode(text))
class TextAreaUnicode(TextUnicode):
def __init__(self, **kwargs):
@@ -1031,7 +1031,7 @@ class DropdownChoice(ValueSpec):
return title.split(self._help_separator, 1)[0].strip()
else:
return title
- return _("(other: %s)" % value)
+ return _("(other: %s)" % html.attrencode(value))
def from_html_vars(self, varprefix):
sel = html.var(varprefix)
@@ -2224,7 +2224,7 @@ class Alternative(ValueSpec):
output = "%s<br>" % vs.title()
return output + vs.value_to_text(value)
else:
- return _("invalid:") + " " + str(value)
+ return _("invalid:") + " " + html.attrencode(str(value))
def from_html_vars(self, varprefix):
nr = int(html.var(varprefix + "_use"))
Module: check_mk
Branch: master
Commit: 542ad68c24edb8018c49ea42b15d98fa14518e77
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=542ad68c24edb8…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 23 08:01:38 2014 +0200
FIX mk_sap: Fixed some wrong calculated values (decimal numbers)
The values provided by SAP seem to be integers with a second value
which can be used to tell the asking program the number of decimals.
e.g. when this value states 2, a load value of 901 is converted to
9.01. This value has not been used in the past which lead to odd
check results.
---
.werks/823 | 12 ++++++++++++
ChangeLog | 1 +
2 files changed, 13 insertions(+)
diff --git a/.werks/823 b/.werks/823
new file mode 100644
index 0000000..d703fb8
--- /dev/null
+++ b/.werks/823
@@ -0,0 +1,12 @@
+Title: mk_sap: Fixed some wrong calculated values (decimal numbers)
+Level: 1
+Component: checks
+Version: 1.2.5i4
+Date: 1403503150
+Class: fix
+
+The values provided by SAP seem to be integers with a second value
+which can be used to tell the asking program the number of decimals.
+e.g. when this value states 2, a load value of 901 is converted to
+9.01. This value has not been used in the past which lead to odd
+check results.
diff --git a/ChangeLog b/ChangeLog
index c0fcce9..d7cf952 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,7 @@
* 0819 FIX: Fixed keepalive termination in case of exceptions during checking...
* 0622 FIX: cisco_temp_sensor: fix to also work with newer IOS versions
* 0623 FIX: fsc_fans: upper levels for fan RPMs are now optional also for the check
+ * 0823 FIX: mk_sap: Fixed some wrong calculated values (decimal numbers)...
Multisite:
* 0934 FIX: Logwatch messages with class unknown ( 'u' ) now displayed as WARN...
Module: check_mk
Branch: master
Commit: 4a50902ce933c6436732acab982d944abdfaeca6
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4a50902ce933c6…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sat Jun 21 17:26:45 2014 +0200
ibm_svc_enclosure: support new firmware, also check fan modules
---
.werks/1003 | 8 ++++++++
ChangeLog | 1 +
checkman/ibm_svc_enclosure | 7 ++++---
checks/ibm_svc_enclosure | 45 +++++++++++++++++++++++++++++++-------------
4 files changed, 45 insertions(+), 16 deletions(-)
diff --git a/.werks/1003 b/.werks/1003
new file mode 100644
index 0000000..6692635
--- /dev/null
+++ b/.werks/1003
@@ -0,0 +1,8 @@
+Title: ibm_svc_enclosure: support new firmware, also check fan modules
+Level: 1
+Component: checks
+Version: 1.2.5i4
+Date: 1403364378
+Class: feature
+
+
diff --git a/ChangeLog b/ChangeLog
index 3f83ad6..a9af5d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@
* 0618 adva_fsp_current: new check for the power supply units of the ADVA FSP 3000 scalable optical transport solution
* 0619 adva_fsp_temp: new check to monitor temperature and temperature trends on ADVA scalable optical transport solutions
* 0993 raritan_pdu_inlet: now delivers performance data
+ * 1003 ibm_svc_enclosure: support new firmware, also check fan modules
* 0616 FIX: brocade.fan, brocade.power, brocade.temp: will now only discover services which are not marked as absent
* 0992 FIX: zfs_arc_cache: returns OK even if values of arc meta are missing...
* 0936 FIX: agent_ibmsvc: improved error messages on using wrong credentials
diff --git a/checkman/ibm_svc_enclosure b/checkman/ibm_svc_enclosure
index 3314256..bdaef01 100644
--- a/checkman/ibm_svc_enclosure
+++ b/checkman/ibm_svc_enclosure
@@ -8,11 +8,12 @@ description:
V7000 device.
Returns {OK} if the Enclousure report status {online} and all Canisters and PSUs
- are online and {CRIT} otherwise.
+ are online and {CRIT} otherwise. If the firmware supports it then also fan modules
+ are being checked.
- Please note: You need the Special Agent agent_ibmsvc to retrieve the monitoring
+ Please note: You need the special agent {agent_ibmsvc} for retrieving the monitoring
data from the device. Your monitoring user must be able to SSH to the device
- with SSH Key Authentification. Please exchange SSH key. The Special Agent itself
+ with SSH Key Authentification. Please exchange SSH key. The special agent itself
can be configured by WATO.
item:
diff --git a/checks/ibm_svc_enclosure b/checks/ibm_svc_enclosure
index 2d3907e..9df794a 100644
--- a/checks/ibm_svc_enclosure
+++ b/checks/ibm_svc_enclosure
@@ -31,19 +31,32 @@
# 3:online:expansion:yes:0:io_grp0:2072-24E:7804326:2:2:2:2:24
# 4:online:expansion:yes:0:io_grp0:2072-24E:7804352:2:2:2:2:24
+# After a firmware upgrade the output looked like this:
+# 1:online:control:yes:0:io_grp0:2072-24C:7804037:2:2:2:2:24:0:0
+# 2:online:expansion:yes:0:io_grp0:2072-24E:7804306:2:2:2:2:24:0:0
+# 3:online:expansion:yes:0:io_grp0:2072-24E:7804326:2:2:2:2:24:0:0
+# 4:online:expansion:yes:0:io_grp0:2072-24E:7804352:2:2:2:2:24:0:0
+
+# The names of the columns are:
+# id:status:type:managed:IO_group_id:IO_group_name:product_MTM:serial_number:total_canisters:online_canisters:total_PSUs:online_PSUs:drive_slots:total_fan_modules:online_fan_modules
+
+
def inventory_ibm_svc_enclosure(info):
inventory = []
- for enclosure_id, enclosure_status, enclosure_type, managed, IO_group_id, \
- IO_group_name, product_MTM, serial_number, total_canisters, online_canisters, \
- total_PSUs, online_PSUs, drive_slots in info:
+ for line in info:
+ enclosure_id = line[0]
inventory.append( (enclosure_id, None) )
return inventory
def check_ibm_svc_enclosure(item, _no_params, info):
- for enclosure_id, enclosure_status, enclosure_type, managed, IO_group_id, \
- IO_group_name, product_MTM, serial_number, total_canisters, online_canisters, \
- total_PSUs, online_PSUs, drive_slots in info:
- if enclosure_id == item:
+ for line in info:
+ if line[0] == item:
+ if len(line) < 15: # old format
+ line = line + ["0", "0"] # do not modify line!
+
+ enclosure_id, enclosure_status, enclosure_type, managed, IO_group_id, \
+ IO_group_name, product_MTM, serial_number, total_canisters, online_canisters, \
+ total_PSUs, online_PSUs, drive_slots, total_fan_modules, online_fan_modules = line
# Check status
message = "Enclosure %s is %s" % (enclosure_id, enclosure_status)
@@ -55,19 +68,25 @@ def check_ibm_svc_enclosure(item, _no_params, info):
# Check canisters
if online_canisters == total_canisters:
- status = max(0, status)
message += ", all %s canisters are online" % total_canisters
else:
- status = max(2, status)
- message += ", %s(!!) of %s canisters are online" % (online_canisters, total_canisters)
+ status = 2
+ message += ", only %s of %s canisters are online(!!)" % (online_canisters, total_canisters)
# Check PSUs
if online_PSUs == total_PSUs:
- status = max(0, status)
message += ", all %s PSUs are online" % total_PSUs
else:
- status = max(2, status)
- message += ", %s(!!) of %s PSUs are online" % (online_PSUs, total_PSUs)
+ status = 2
+ message += ", only %s of %s PSUs are online(!!)" % (online_PSUs, total_PSUs)
+
+ # Check FANs (only new firmware)
+ if online_fan_modules == total_fan_modules:
+ if total_fan_modules != "0":
+ message += ", all %s fan modules are online" % total_fan_modules
+ else:
+ status = 2
+ message += ", only %s of %s fan modules are online(!!)" % (online_fan_modules, total_fan_modules)
return status, message
Module: check_mk
Branch: master
Commit: 8981c1597ea087e9cb8082ac84016e7d44316463
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8981c1597ea087…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Fri Jun 20 15:51:24 2014 +0200
FIX Fix crash when debugging notifications with non-Ascii characters
When full notification debugging was enabled then notifications with
a non-Ascii character would raise an exception and not be sent.
---
.werks/1002 | 9 +++++++++
ChangeLog | 3 +++
modules/notify.py | 4 +++-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/.werks/1002 b/.werks/1002
new file mode 100644
index 0000000..e77ad04
--- /dev/null
+++ b/.werks/1002
@@ -0,0 +1,9 @@
+Title: Fix crash when debugging notifications with non-Ascii characters
+Level: 2
+Component: notifications
+Version: 1.2.5i4
+Date: 1403272237
+Class: fix
+
+When full notification debugging was enabled then notifications with
+a non-Ascii character would raise an exception and not be sent.
diff --git a/ChangeLog b/ChangeLog
index c0fcce9..3f83ad6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,9 @@
* 0935 FIX: CPU utilization: increased maximum value to 10000...
* 0821 FIX: Reducing size of auth.php (needed for authorisation in NagVis) in large environments...
+ Notifications:
+ * 1002 FIX: Fix crash when debugging notifications with non-Ascii characters...
+
Reporting & Availability:
* 0985 Availability: display phases of freqent state changes as "chaos"...
diff --git a/modules/notify.py b/modules/notify.py
index 53fe4df..d29808a 100644
--- a/modules/notify.py
+++ b/modules/notify.py
@@ -205,8 +205,10 @@ def notify_notify(raw_context, analyse=False):
# Add some further variable for the conveniance of the plugins
if notification_logging >= 2:
+ encoded_context = dict(raw_context.items())
+ convert_context_to_unicode(encoded_context)
notify_log("Raw notification context:\n"
- + "\n".join([" %s=%s" % v for v in sorted(raw_context.items())]))
+ + "\n".join([" %s=%s" % v for v in sorted(encoded_context.items())]))
raw_keys = list(raw_context.keys())
complete_raw_context(raw_context)
Module: check_mk
Branch: master
Commit: b5c9d57a881812d974afb182adf864213a72d162
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b5c9d57a881812…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Jun 20 10:14:37 2014 +0200
BI: Fixed problem with ignoring states in worst aggregation function
---
web/htdocs/bi.py | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/web/htdocs/bi.py b/web/htdocs/bi.py
index 9034ce4..82cf286 100644
--- a/web/htdocs/bi.py
+++ b/web/htdocs/bi.py
@@ -1271,7 +1271,12 @@ def x_best_state(l, x):
def aggr_nth_state(nodelist, n, worst_state, ignore_states = None):
states = [ i[0]["state"] for i in nodelist if not ignore_states or i[0]["state"] not in ignore_states ]
- state = x_best_state(states, n)
+ # In case of the ignored states it might happen that the states list is empty. Use the
+ # OK state in this case.
+ if not states:
+ state = OK
+ else:
+ state = x_best_state(states, n)
# limit to worst state
if state_weight(state) > state_weight(worst_state):