Module: check_mk
Branch: master
Commit: 36e295ec16e9451d778ed4baba8efae542663149
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=36e295ec16e945…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Aug 29 10:20:13 2016 +0200
3845 FIX Added missing validation of host attribute values to WATO Web API calls
---
.werks/3845 | 9 +++++++++
ChangeLog | 1 +
web/htdocs/watolib.py | 18 +++++++++++-------
web/plugins/webapi/webapi.py | 16 +++++++++++++++-
4 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/.werks/3845 b/.werks/3845
new file mode 100644
index 0000000..c10a6fc
--- /dev/null
+++ b/.werks/3845
@@ -0,0 +1,9 @@
+Title: Added missing validation of host attribute values to WATO Web API calls
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.4.0i1
+Date: 1472458792
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index e4b923e..7f1086f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -573,6 +573,7 @@
* 3757 FIX: Bulk import: Ensuring non ASCII characters are not imported into regular
attributes
* 3760 FIX: Cluster nodes can not be nodes of their own anymore
* 3844 FIX: Fixed validation of host IPv4, IPv6 and management host address
attributes...
+ * 3845 FIX: Added missing validation of host attribute values to WATO Web API calls
Notifications:
* 3263 Notifications: allow users to restrict by their contact groups...
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index c758e5c..54b3647 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -2408,25 +2408,29 @@ class Attribute:
# Check if the value entered by the user is valid.
# This method may raise MKUserError in case of invalid user input.
- def validate_input(self, varprefix):
+ def validate_input(self, value, varprefix):
pass
+
# If this attribute should be present in Nagios as
# a host custom macro, then the value of that macro
# should be returned here - otherwise None
def to_nagios(self, value):
return None
+
# Checks if the give value matches the search attributes
# that are represented by the current HTML variables.
def filter_matches(self, crit, value, hostname):
return crit == value
+
# Host tags to set for this host
def get_tag_list(self, value):
return []
+
# A simple text attribute. It is stored in
# a Python unicode string
class TextAttribute(Attribute):
@@ -2457,8 +2461,7 @@ class TextAttribute(Attribute):
value = ""
return value.strip()
- def validate_input(self, varprefix):
- value = self.from_html_vars(varprefix)
+ def validate_input(self, value, varprefix):
if self._mandatory and not value:
raise MKUserError(varprefix + "attr_" + self.name(),
_("Please specify a value for %s") % self.title())
@@ -2654,8 +2657,7 @@ class ValueSpecAttribute(Attribute):
def from_html_vars(self, varprefix):
return self._valuespec.from_html_vars(varprefix + self._name)
- def validate_input(self, varprefix):
- value = self.from_html_vars(varprefix)
+ def validate_input(self, value, varprefix):
self._valuespec.validate_value(value, varprefix + self._name)
@@ -2922,10 +2924,12 @@ def collect_attributes(for_what, do_validate = True,
varprefix=""):
if not html.var(for_what + "_change_%s" % attrname, False):
continue
+ value = attr.from_html_vars(varprefix)
+
if do_validate and attr.needs_validation(for_what):
- attr.validate_input(varprefix)
+ attr.validate_input(value, varprefix)
- host[attrname] = attr.from_html_vars(varprefix)
+ host[attrname] = value
return host
#.
diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py
index 34387a7..a3de28c 100644
--- a/web/plugins/webapi/webapi.py
+++ b/web/plugins/webapi/webapi.py
@@ -31,17 +31,30 @@ def validate_request_keys(request, valid_keys):
if key not in valid_keys:
raise MKUserError(None, _("Invalid key: %s") % key)
+
# Check if the given attribute name exists, no type check
def validate_general_host_attributes(host_attributes):
- # inventory_failed and site are no "real" host_attributes
+ # inventory_failed and site are no "real" host_attributes (TODO: Clean this
up!)
all_host_attribute_names = map(lambda (x, y): x.name(), all_host_attributes()) +
["inventory_failed", "site"]
for name, value in host_attributes.items():
if name not in all_host_attribute_names:
raise MKUserError(None, _("Unknown attribute: %s") %
html.attrencode(name))
+
+ # For real host attributes validate the values
+ try:
+ attr = host_attribute(name)
+ except KeyError:
+ attr = None
+
+ if attr != None:
+ if attr.needs_validation("host"):
+ attr.validate_input(value, "")
+
# The site attribute gets an extra check
if name == "site" and value not in config.allsites().keys():
raise MKUserError(None, _("Unknown site %s") %
html.attrencode(value))
+
# Check if the tag group exists and the tag value is valid
def validate_host_tags(host_tags):
for key, value in host_tags.items():
@@ -56,6 +69,7 @@ def validate_host_tags(host_tags):
else:
raise MKUserError(None, _("Unknown host tag group %s") %
html.attrencode(key))
+
def validate_host_attributes(attributes):
validate_general_host_attributes(dict((key, value) for key, value in
attributes.items() if not key.startswith("tag_")))
validate_host_tags(dict((key[4:], value) for key, value in attributes.items() if
key.startswith("tag_")))