Uploaded image for project: 'Hawkular'
  1. Hawkular
  2. HAWKULAR-553

Url input is not validated (enough)

    XMLWordPrintable

Details

    Description

      The url input is not validated. It is possible to enter e.g. 'javascript:alert(1)' as url to be monitored.

      There seems to be some validation in the sense that an error text is shown and the submit button is disabled, but just pressing return submits the entered data anyway.

      Consequence is that:

      • url list does not show
      • any subsequent try to add a new url does (only) partially work.
      • inventory entry is only partially populated
      Response{protocol=http/1.1, code=200, message=OK, url=http://172.31.7.7:8080/hawkular/inventory/resourceTypes/URL/resources}
[ {
  "path" : "/e;test/r;d41d8cd98f00b204e9800998ecf8427e",
  "type" : {
    "path" : "/rt;URL",
    "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
    "id" : "URL"
  },
  "environmentId" : "test",
  "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
  "id" : "d41d8cd98f00b204e9800998ecf8427e"
}, {
  "path" : "/e;test/r;536cc3ede5769b60a49774425aedba24",
  "type" : {
    "path" : "/rt;URL",
    "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
    "id" : "URL"
  },
  "properties" : {
    "trait-collected-on" : 1439543000065,
    "trait-powered-by" : "Apache",
    "trait-remote-address" : "212.86.200.189",
    "url" : "http://bsd.de"
  },
  "environmentId" : "test",
  "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
  "id" : "536cc3ede5769b60a49774425aedba24"
}, {
  "path" : "/e;test/r;62510c1f7c55020b4855f7564ef37586",
  "type" : {
    "path" : "/rt;URL",
    "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
    "id" : "URL"
  },
  "properties" : {
    "trait-collected-on" : 1439543000378,
    "trait-powered-by" : "GitHub.com",
    "trait-remote-address" : "185.31.19.133",
    "url" : "http://hawkular.org"
  },
  "environmentId" : "test",
  "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
  "id" : "62510c1f7c55020b4855f7564ef37586"
} ]

      As a followoup, Pinger can not deal with that bogus entry and throws Exceptions:

      10:58:20,233 ERROR [org.jboss.as.ejb3.invocation] (EJB default - 8) WFLYEJB0034: EJB Invocation failed on component Pinger for method public java.util.concurrent.Future org.hawkular.component.pinger.Pinger.ping(org.hawkular.component.pinger.PingDestination): javax.ejb.EJBException: java.lang.IllegalStateException: Target host is null

      Attachments

        Activity

          People

            vrockai Viliam Rockai (Inactive)
            pilhuhn Heiko Rupp
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: