Module: check_mk
Branch: master
Commit: 04e23c99b32277d871efbe962f031de288d4f7c9
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=04e23c99b32277…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Aug 29 10:22:01 2016 +0200
Fixed host address validation in case of empty value
---
web/htdocs/valuespec.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py
index 8ab3bd3..ba4520e 100644
--- a/web/htdocs/valuespec.py
+++ b/web/htdocs/valuespec.py
@@ -634,13 +634,13 @@ class HostAddress(TextAscii):
def validate_value(self, value, varprefix):
- if self._allow_host_name and self._is_valid_host_name(value):
+ if value and self._allow_host_name and self._is_valid_host_name(value):
pass
- elif self._allow_ipv4_address and self._is_valid_ipv4_address(value):
+ elif value and self._allow_ipv4_address and self._is_valid_ipv4_address(value):
pass
- elif self._allow_ipv6_address and self._is_valid_ipv6_address(value):
+ elif value and self._allow_ipv6_address and self._is_valid_ipv6_address(value):
pass
- else:
+ elif not self._allow_empty:
raise MKUserError(varprefix, _("Invalid host address. You need to specify the address "
"either as %s." % ", ".join(self._allowed_type_names())))
Module: check_mk
Branch: master
Commit: 36e295ec16e9451d778ed4baba8efae542663149
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=36e295ec16e945…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Aug 29 10:20:13 2016 +0200
3845 FIX Added missing validation of host attribute values to WATO Web API calls
---
.werks/3845 | 9 +++++++++
ChangeLog | 1 +
web/htdocs/watolib.py | 18 +++++++++++-------
web/plugins/webapi/webapi.py | 16 +++++++++++++++-
4 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/.werks/3845 b/.werks/3845
new file mode 100644
index 0000000..c10a6fc
--- /dev/null
+++ b/.werks/3845
@@ -0,0 +1,9 @@
+Title: Added missing validation of host attribute values to WATO Web API calls
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.4.0i1
+Date: 1472458792
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index e4b923e..7f1086f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -573,6 +573,7 @@
* 3757 FIX: Bulk import: Ensuring non ASCII characters are not imported into regular attributes
* 3760 FIX: Cluster nodes can not be nodes of their own anymore
* 3844 FIX: Fixed validation of host IPv4, IPv6 and management host address attributes...
+ * 3845 FIX: Added missing validation of host attribute values to WATO Web API calls
Notifications:
* 3263 Notifications: allow users to restrict by their contact groups...
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index c758e5c..54b3647 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -2408,25 +2408,29 @@ class Attribute:
# Check if the value entered by the user is valid.
# This method may raise MKUserError in case of invalid user input.
- def validate_input(self, varprefix):
+ def validate_input(self, value, varprefix):
pass
+
# If this attribute should be present in Nagios as
# a host custom macro, then the value of that macro
# should be returned here - otherwise None
def to_nagios(self, value):
return None
+
# Checks if the give value matches the search attributes
# that are represented by the current HTML variables.
def filter_matches(self, crit, value, hostname):
return crit == value
+
# Host tags to set for this host
def get_tag_list(self, value):
return []
+
# A simple text attribute. It is stored in
# a Python unicode string
class TextAttribute(Attribute):
@@ -2457,8 +2461,7 @@ class TextAttribute(Attribute):
value = ""
return value.strip()
- def validate_input(self, varprefix):
- value = self.from_html_vars(varprefix)
+ def validate_input(self, value, varprefix):
if self._mandatory and not value:
raise MKUserError(varprefix + "attr_" + self.name(),
_("Please specify a value for %s") % self.title())
@@ -2654,8 +2657,7 @@ class ValueSpecAttribute(Attribute):
def from_html_vars(self, varprefix):
return self._valuespec.from_html_vars(varprefix + self._name)
- def validate_input(self, varprefix):
- value = self.from_html_vars(varprefix)
+ def validate_input(self, value, varprefix):
self._valuespec.validate_value(value, varprefix + self._name)
@@ -2922,10 +2924,12 @@ def collect_attributes(for_what, do_validate = True, varprefix=""):
if not html.var(for_what + "_change_%s" % attrname, False):
continue
+ value = attr.from_html_vars(varprefix)
+
if do_validate and attr.needs_validation(for_what):
- attr.validate_input(varprefix)
+ attr.validate_input(value, varprefix)
- host[attrname] = attr.from_html_vars(varprefix)
+ host[attrname] = value
return host
#.
diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py
index 34387a7..a3de28c 100644
--- a/web/plugins/webapi/webapi.py
+++ b/web/plugins/webapi/webapi.py
@@ -31,17 +31,30 @@ def validate_request_keys(request, valid_keys):
if key not in valid_keys:
raise MKUserError(None, _("Invalid key: %s") % key)
+
# Check if the given attribute name exists, no type check
def validate_general_host_attributes(host_attributes):
- # inventory_failed and site are no "real" host_attributes
+ # inventory_failed and site are no "real" host_attributes (TODO: Clean this up!)
all_host_attribute_names = map(lambda (x, y): x.name(), all_host_attributes()) + ["inventory_failed", "site"]
for name, value in host_attributes.items():
if name not in all_host_attribute_names:
raise MKUserError(None, _("Unknown attribute: %s") % html.attrencode(name))
+
+ # For real host attributes validate the values
+ try:
+ attr = host_attribute(name)
+ except KeyError:
+ attr = None
+
+ if attr != None:
+ if attr.needs_validation("host"):
+ attr.validate_input(value, "")
+
# The site attribute gets an extra check
if name == "site" and value not in config.allsites().keys():
raise MKUserError(None, _("Unknown site %s") % html.attrencode(value))
+
# Check if the tag group exists and the tag value is valid
def validate_host_tags(host_tags):
for key, value in host_tags.items():
@@ -56,6 +69,7 @@ def validate_host_tags(host_tags):
else:
raise MKUserError(None, _("Unknown host tag group %s") % html.attrencode(key))
+
def validate_host_attributes(attributes):
validate_general_host_attributes(dict((key, value) for key, value in attributes.items() if not key.startswith("tag_")))
validate_host_tags(dict((key[4:], value) for key, value in attributes.items() if key.startswith("tag_")))
Module: check_mk
Branch: master
Commit: b7e7211b701330a4cc4b643b1706dd92efeefb8c
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b7e7211b701330…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Aug 29 10:09:59 2016 +0200
3844 FIX Fixed validation of host IPv4, IPv6 and management host address attributes
The values inserted in the WATO host address fields were not validated strictly enough.
This has now been changed so that the IPv4 address field allows IPv4 addresses and host-
or DNS names and the IPv6 address field allos IPv6 address and host- or DNS names.
---
.werks/3844 | 11 ++++
ChangeLog | 1 +
web/htdocs/valuespec.py | 86 ++++++++++++++++++++++++++++++++
web/plugins/wato/builtin_attributes.py | 43 ++++++++--------
4 files changed, 121 insertions(+), 20 deletions(-)
diff --git a/.werks/3844 b/.werks/3844
new file mode 100644
index 0000000..b7052a6
--- /dev/null
+++ b/.werks/3844
@@ -0,0 +1,11 @@
+Title: Fixed validation of host IPv4, IPv6 and management host address attributes
+Level: 2
+Component: wato
+Compatible: compat
+Version: 1.4.0i1
+Date: 1472458101
+Class: fix
+
+The values inserted in the WATO host address fields were not validated strictly enough.
+This has now been changed so that the IPv4 address field allows IPv4 addresses and host-
+or DNS names and the IPv6 address field allos IPv6 address and host- or DNS names.
diff --git a/ChangeLog b/ChangeLog
index 512226d..e4b923e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -572,6 +572,7 @@
* 3756 FIX: Bulk import: Fixed exception when host name contained special characters
* 3757 FIX: Bulk import: Ensuring non ASCII characters are not imported into regular attributes
* 3760 FIX: Cluster nodes can not be nodes of their own anymore
+ * 3844 FIX: Fixed validation of host IPv4, IPv6 and management host address attributes...
Notifications:
* 3263 Notifications: allow users to restrict by their contact groups...
diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py
index 3ebb50b..8ab3bd3 100644
--- a/web/htdocs/valuespec.py
+++ b/web/htdocs/valuespec.py
@@ -32,6 +32,7 @@
# - Checkbox -> rename to Boolean
import math, os, time, re, sre_constants, urlparse, forms, tempfile
+import socket
from lib import *
def type_name(v):
@@ -621,6 +622,91 @@ class Hostname(TextAscii):
if "allow_empty" not in kwargs:
self._allow_empty = False
+
+
+# Use this for all host / ip address input fields!
+class HostAddress(TextAscii):
+ def __init__(self, **kwargs):
+ TextAscii.__init__(self, **kwargs)
+ self._allow_host_name = kwargs.get("allow_host_name", True)
+ self._allow_ipv4_address = kwargs.get("allow_ipv4_address", True)
+ self._allow_ipv6_address = kwargs.get("allow_ipv6_address", True)
+
+
+ def validate_value(self, value, varprefix):
+ if self._allow_host_name and self._is_valid_host_name(value):
+ pass
+ elif self._allow_ipv4_address and self._is_valid_ipv4_address(value):
+ pass
+ elif self._allow_ipv6_address and self._is_valid_ipv6_address(value):
+ pass
+ else:
+ raise MKUserError(varprefix, _("Invalid host address. You need to specify the address "
+ "either as %s." % ", ".join(self._allowed_type_names())))
+
+ ValueSpec.custom_validate(self, value, varprefix)
+
+
+ def _is_valid_host_name(self, hostname):
+ # http://stackoverflow.com/questions/2532053/validate-a-hostname-string/25323…
+ if len(hostname) > 255:
+ return False
+
+ if hostname[-1] == ".":
+ hostname = hostname[:-1] # strip exactly one dot from the right, if present
+
+ # must be not all-numeric, so that it can't be confused with an IPv4 address.
+ # Host names may start with numbers (RFC 1123 section 2.1) but never the final part,
+ # since TLDs are alphabetic.
+ if re.match(r"[\d.]+$", hostname):
+ return False
+
+ allowed = re.compile("(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
+ return all(allowed.match(x) for x in hostname.split("."))
+
+
+ def _is_valid_ipv4_address(self, address):
+ # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-pyt…
+ try:
+ socket.inet_pton(socket.AF_INET, address)
+ except AttributeError: # no inet_pton here, sorry
+ try:
+ socket.inet_aton(address)
+ except socket.error:
+ return False
+
+ return address.count('.') == 3
+
+ except socket.error: # not a valid address
+ return False
+
+ return True
+
+
+ def _is_valid_ipv6_address(self, address):
+ # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-pyt…
+ try:
+ socket.inet_pton(socket.AF_INET6, address)
+ except socket.error: # not a valid address
+ return False
+ return True
+
+
+ def _allowed_type_names(self):
+ allowed = []
+ if self._allow_host_name:
+ allowed.append(_("Host- or DNS name"))
+
+ if self._allow_ipv4_address:
+ allowed.append(_("IPv4 address"))
+
+ if self._allow_ipv6_address:
+ allowed.append(_("IPv6 address"))
+
+ return allowed
+
+
+
class AbsoluteDirname(TextAscii):
def __init__(self, **kwargs):
TextAscii.__init__(self, **kwargs)
diff --git a/web/plugins/wato/builtin_attributes.py b/web/plugins/wato/builtin_attributes.py
index fcc1c78..b5990a3 100644
--- a/web/plugins/wato/builtin_attributes.py
+++ b/web/plugins/wato/builtin_attributes.py
@@ -35,7 +35,7 @@ declare_host_attribute(NagiosTextAttribute("alias", "alias", _("Alias"),
show_in_folder = False)
declare_host_attribute(ValueSpecAttribute("ipaddress",
- TextAscii(
+ HostAddress(
title = _("IPv4 Address"),
help = _("In case the name of the host is not resolvable via <tt>/etc/hosts</tt> "
"or DNS by your monitoring server, you can specify an explicit IP "
@@ -50,6 +50,7 @@ declare_host_attribute(ValueSpecAttribute("ipaddress",
"each time the host is checked. Check_MKs DNS cache will NOT be queried. "
"Use this only for hosts with dynamic IP addresses."),
allow_empty = False,
+ allow_ipv6_address = False,
)),
show_in_table = True,
show_in_folder = False,
@@ -57,7 +58,7 @@ declare_host_attribute(ValueSpecAttribute("ipaddress",
)
declare_host_attribute(ValueSpecAttribute("ipv6address",
- TextAscii(
+ HostAddress(
title = _("IPv6 Address"),
help = _("In case the name of the host is not resolvable via <tt>/etc/hosts</tt> "
"or DNS by your monitoring server, you can specify an explicit IPv6 "
@@ -72,6 +73,7 @@ declare_host_attribute(ValueSpecAttribute("ipv6address",
"each time the host is checked. Check_MKs DNS cache will NOT be queried. "
"Use this only for hosts with dynamic IP addresses."),
allow_empty = False,
+ allow_ipv4_address = False,
)),
show_in_table = True,
show_in_folder = False,
@@ -447,23 +449,24 @@ declare_host_attribute(ManagementTypeAttribute("management_protocol"),
topic = _("Management Board")
)
-declare_host_attribute(TextAttribute("management_address", _("Address"),
- _("Address (IPv4 or IPv6) or dns name under which the "
- "management board can be reached. If this is not set, "
- "the same address as that of the Host will be used."),
- allow_empty = False),
- show_in_table = False,
- show_in_folder = False,
- topic = _("Management Board")
- )
+declare_host_attribute(ValueSpecAttribute("management_address",
+ HostAddress(
+ title = _("Address"),
+ help = _("Address (IPv4 or IPv6) or dns name under which the "
+ "management board can be reached. If this is not set, "
+ "the same address as that of the Host will be used."),
+ allow_empty = False
+ )),
+ show_in_table = False,
+ show_in_folder = False,
+ topic = _("Management Board")
+)
declare_host_attribute(ValueSpecAttribute("management_snmp_community",
- SNMPCredentials(
- default_value = None,
- )
- ),
- show_in_table = False,
- show_in_folder = False,
- topic = _("Management Board")
- )
-
+ SNMPCredentials(
+ default_value = None,
+ )),
+ show_in_table = False,
+ show_in_folder = False,
+ topic = _("Management Board")
+)
Module: check_mk
Branch: master
Commit: 0da069f0ea5a7e64579ad5d3d1343b87d026081d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0da069f0ea5a7e…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Aug 26 14:02:13 2016 +0200
Fixed check crash reporting when using Nagios core
---
modules/check_mk_base.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py
index 2a900f6..8beb09a 100644
--- a/modules/check_mk_base.py
+++ b/modules/check_mk_base.py
@@ -1584,6 +1584,10 @@ def prepare_crash_dump_directory(crash_dir):
def is_manual_check(hostname, check_type, item):
+ # In case of nagios we don't have this information available (in precompiled mode)
+ if not "get_check_table" in globals():
+ return None
+
manual_checks = get_check_table(hostname, remove_duplicates=True,
world=opt_keepalive and "active" or "config",
skip_autochecks=True)