Module: check_mk
Branch: master
Commit: f5bf7532d48692c6dccef7197c6fcad93089577b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f5bf7532d48692…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Sep 29 13:04:27 2016 +0200
3816 FIX WATO-Web API: fixed bug in API request validation
Recent code changes did not consider that only the keys of the request
object itself got validated. The validiation function now got feeded with
some additional keys, e.g effective_attributes, didn't accept these keys
and returned an "Invalid request" as result.
This has been fixed.
---
.werks/3816 | 14 ++++++++++++++
ChangeLog | 1 +
web/plugins/webapi/webapi.py | 8 +++++---
3 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/.werks/3816 b/.werks/3816
new file mode 100644
index 0000000..e351c21
--- /dev/null
+++ b/.werks/3816
@@ -0,0 +1,14 @@
+Title: WATO-Web API: fixed bug in API request validation
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.4.0i1
+Date: 1475146794
+Class: fix
+
+Recent code changes did not consider that only the keys of the request
+object itself got validated. The validiation function now got feeded with
+some additional keys, e.g effective_attributes, didn't accept these keys
+and returned an "Invalid request" as result.
+
+This has been fixed.
diff --git a/ChangeLog b/ChangeLog
index 4755c6b..8f999ab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -417,6 +417,7 @@
* 3814 FIX: win_netstat: fixed unicode warning while parsing data
* 3880 FIX: check_sql: fixed missing number in check details
* 3815 FIX: windows_agent: fixed incorrect parsing of only_from parameter...
+ * 3816 FIX: WATO-Web API: fixed bug in API request validation...
Multisite:
* 3187 notification view: new filter for log command via regex
diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py
index 1233b20..6ac6240 100644
--- a/web/plugins/webapi/webapi.py
+++ b/web/plugins/webapi/webapi.py
@@ -78,7 +78,7 @@ def validate_host_attributes(attributes):
def action_add_host(request):
- validate_request_keys(request, ["hostname", "folder",
"attributes", "nodes"])
+ validate_request_keys(request, ["hostname", "folder",
"attributes", "nodes", "create_folders"])
if html.var("create_folders"):
create_folders = bool(int(html.var("create_folders")))
@@ -175,7 +175,7 @@ api_actions["edit_host"] = {
###############
def action_get_host(request):
- validate_request_keys(request, ["hostname"])
+ validate_request_keys(request, ["hostname",
"effective_attributes"])
hostname = request.get("hostname")
if not hostname:
@@ -203,6 +203,8 @@ api_actions["get_host"] = {
###############
def action_get_all_hosts(request):
+ validate_request_keys(request, ["effective_attributes"])
+
if html.var("effective_attributes"):
effective_attributes = bool(int(html.var("effective_attributes")))
else:
@@ -295,7 +297,7 @@ api_actions["discover_services"] = {
###############
def action_activate_changes(request):
- validate_request_keys(request, ["sites"])
+ validate_request_keys(request, ["modes", "sites"])
mode = html.var("mode") and html.var("mode") or
"dirty"
if html.var("allow_foreign_changes"):