Uploaded image for project: 'Hawkular'
  1. Hawkular
  2. HAWKULAR-553

Url input is not validated (enough)

XMLWordPrintable

      The url input is not validated. It is possible to enter e.g. 'javascript:alert(1)' as url to be monitored.

      There seems to be some validation in the sense that an error text is shown and the submit button is disabled, but just pressing return submits the entered data anyway.

      Consequence is that:

      • url list does not show
      • any subsequent try to add a new url does (only) partially work.
      • inventory entry is only partially populated
      Response{protocol=http/1.1, code=200, message=OK, url=http://172.31.7.7:8080/hawkular/inventory/resourceTypes/URL/resources}
[ {
  "path" : "/e;test/r;d41d8cd98f00b204e9800998ecf8427e",
  "type" : {
    "path" : "/rt;URL",
    "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
    "id" : "URL"
  },
  "environmentId" : "test",
  "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
  "id" : "d41d8cd98f00b204e9800998ecf8427e"
}, {
  "path" : "/e;test/r;536cc3ede5769b60a49774425aedba24",
  "type" : {
    "path" : "/rt;URL",
    "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
    "id" : "URL"
  },
  "properties" : {
    "trait-collected-on" : 1439543000065,
    "trait-powered-by" : "Apache",
    "trait-remote-address" : "212.86.200.189",
    "url" : "http://bsd.de"
  },
  "environmentId" : "test",
  "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
  "id" : "536cc3ede5769b60a49774425aedba24"
}, {
  "path" : "/e;test/r;62510c1f7c55020b4855f7564ef37586",
  "type" : {
    "path" : "/rt;URL",
    "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
    "id" : "URL"
  },
  "properties" : {
    "trait-collected-on" : 1439543000378,
    "trait-powered-by" : "GitHub.com",
    "trait-remote-address" : "185.31.19.133",
    "url" : "http://hawkular.org"
  },
  "environmentId" : "test",
  "tenantId" : "28026b36-8fe4-4332-84c8-524e173a68bf",
  "id" : "62510c1f7c55020b4855f7564ef37586"
} ]

      As a followoup, Pinger can not deal with that bogus entry and throws Exceptions:

      10:58:20,233 ERROR [org.jboss.as.ejb3.invocation] (EJB default - 8) WFLYEJB0034: EJB Invocation failed on component Pinger for method public java.util.concurrent.Future org.hawkular.component.pinger.Pinger.ping(org.hawkular.component.pinger.PingDestination): javax.ejb.EJBException: java.lang.IllegalStateException: Target host is null

        1. Bildschirmfoto 2015-08-14 um 10.58.02.png
          17 kB
          Heiko Rupp

            vrockai Viliam Rockai (Inactive)
            pilhuhn Heiko Rupp
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: