Module: check_mk
Branch: master
Commit: c08a828750b352578726d638450513c396a1cf3a
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c08a828750b352…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Mon Jun 12 17:14:02 2017 +0200
4715 FIX Web-API Calls updates. get_ruleset/get_sites: enforce output_format=python.
set_ruleset now validates incoming data
Change-Id: I4f856f9ea18a68924759d3a547611a46c040e96e
---
.werks/4715 | 10 ++++++++++
web/htdocs/webapi.py | 16 +++++++++++-----
web/plugins/webapi/webapi.py | 25 +++++++++++++++++++------
3 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/.werks/4715 b/.werks/4715
new file mode 100644
index 0000000..f31650d
--- /dev/null
+++ b/.werks/4715
@@ -0,0 +1,10 @@
+Title: Web-API Calls updates. get_ruleset/get_sites: enforce output_format=python.
set_ruleset now validates incoming data
+Level: 1
+Component: wato
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1497280352
+Class: fix
+
+
diff --git a/web/htdocs/webapi.py b/web/htdocs/webapi.py
index dd1ebdb..f84f935 100644
--- a/web/htdocs/webapi.py
+++ b/web/htdocs/webapi.py
@@ -103,15 +103,21 @@ def page_api():
# Check if the data was sent with the correct data format
# Some API calls only allow python code
# TODO: convert the api_action dict into an object which handles the validation
- required_format = api_actions[action].get("required_input_format")
- if required_format:
- if required_format != request_object["request_format"]:
- raise MKUserError(None, "This API call requires a %s-encoded request
parameter" % required_format)
+ required_input_format =
api_actions[action].get("required_input_format")
+ if required_input_format:
+ if required_input_format != request_object["request_format"]:
+ raise MKUserError(None, "This API call requires a %s-encoded request
parameter" % required_input_format)
+
+ required_output_format =
api_actions[action].get("required_output_format")
+ if required_output_format:
+ if required_output_format != html.output_format:
+ raise MKUserError(None, "This API call requires the parameter
output_format=%s" % required_output_format)
+
+
# The request_format parameter is not forwarded into the API action
if "request_format" in request_object:
del request_object["request_format"]
-
if api_actions[action].get("locking", True):
lock_exclusive() # unlock is done automatically
diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py
index 45a6de2..e6528a8 100644
--- a/web/plugins/webapi/webapi.py
+++ b/web/plugins/webapi/webapi.py
@@ -625,9 +625,10 @@ class APICallRules(APICallCollection):
required_permissions = ["wato.rulesets"] # wato.services ?
return {
"get_ruleset": {
- "handler" : self._get,
- "required_permissions": required_permissions,
- "locking" : True, # locking?
+ "handler" : self._get,
+ "required_permissions" : required_permissions,
+ "required_output_format" : "python",
+ "locking" : True, # locking?
},
"set_ruleset": {
"handler" : self._set,
@@ -701,6 +702,17 @@ class APICallRules(APICallCollection):
rule_folder = Folder.folder(folder_path)
rule_folder.need_permission("write")
+ # Verify all rules
+ rule_vs = Ruleset(ruleset_name).rulespec.valuespec
+ for folder_path, rules in new_ruleset.items():
+ for rule in rules:
+ value = rule["value"]
+ try:
+ rule_vs.validate_datatype(value, "test_value")
+ rule_vs.validate_value(value, "test_value")
+ except MKException, e:
+ raise MKException("ERROR: %s. Affected Rule %r" % (str(e),
rule))
+
# Add new rulesets
for folder_path, rules in new_ruleset.items():
@@ -866,9 +878,10 @@ class APICallSites(APICallCollection):
required_permissions = ["wato.sites"]
return {
"get_site": {
- "handler" : self._get,
- "required_permissions" : required_permissions,
- "locking" : False,
+ "handler" : self._get,
+ "required_permissions" : required_permissions,
+ "required_output_format" : "python",
+ "locking" : False,
},
"set_site": {
"handler" : self._set,