[checkmk-commits] 3816 FIX WATO-Web API: fixed bug in API request validation

Module: check_mk Branch: master Commit: f5bf7532d48692c6dccef7197c6fcad93089577b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f5bf7532d48692… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Thu Sep 29 13:04:27 2016 +0200 3816 FIX WATO-Web API: fixed bug in API request validation Recent code changes did not consider that only the keys of the request object itself got validated. The validiation function now got feeded with some additional keys, e.g effective_attributes, didn't accept these keys and returned an "Invalid request" as result. This has been fixed. --- .werks/3816 | 14 ++++++++++++++ ChangeLog | 1 + web/plugins/webapi/webapi.py | 8 +++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.werks/3816 b/.werks/3816 new file mode 100644 index 0000000..e351c21 --- /dev/null +++ b/.werks/3816 @@ -0,0 +1,14 @@ +Title: WATO-Web API: fixed bug in API request validation +Level: 1 +Component: checks +Compatible: compat +Version: 1.4.0i1 +Date: 1475146794 +Class: fix + +Recent code changes did not consider that only the keys of the request +object itself got validated. The validiation function now got feeded with +some additional keys, e.g effective_attributes, didn't accept these keys +and returned an "Invalid request" as result. + +This has been fixed. diff --git a/ChangeLog b/ChangeLog index 4755c6b..8f999ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -417,6 +417,7 @@ * 3814 FIX: win_netstat: fixed unicode warning while parsing data * 3880 FIX: check_sql: fixed missing number in check details * 3815 FIX: windows_agent: fixed incorrect parsing of only_from parameter... + * 3816 FIX: WATO-Web API: fixed bug in API request validation... Multisite: * 3187 notification view: new filter for log command via regex diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py index 1233b20..6ac6240 100644 --- a/web/plugins/webapi/webapi.py +++ b/web/plugins/webapi/webapi.py @@ -78,7 +78,7 @@ def validate_host_attributes(attributes): def action_add_host(request): - validate_request_keys(request, ["hostname", "folder", "attributes", "nodes"]) + validate_request_keys(request, ["hostname", "folder", "attributes", "nodes", "create_folders"]) if html.var("create_folders"): create_folders = bool(int(html.var("create_folders"))) @@ -175,7 +175,7 @@ api_actions["edit_host"] = { ############### def action_get_host(request): - validate_request_keys(request, ["hostname"]) + validate_request_keys(request, ["hostname", "effective_attributes"]) hostname = request.get("hostname") if not hostname: @@ -203,6 +203,8 @@ api_actions["get_host"] = { ############### def action_get_all_hosts(request): + validate_request_keys(request, ["effective_attributes"]) + if html.var("effective_attributes"): effective_attributes = bool(int(html.var("effective_attributes"))) else: @@ -295,7 +297,7 @@ api_actions["discover_services"] = { ############### def action_activate_changes(request): - validate_request_keys(request, ["sites"]) + validate_request_keys(request, ["modes", "sites"]) mode = html.var("mode") and html.var("mode") or "dirty" if html.var("allow_foreign_changes"):