From cc6fe8c686d752392cdbb6253fd32da2f4ca3866 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Fri, 22 Sep 2017 11:03:59 +0200 Subject: [PATCH] Restrict /graph/* refs #11 --- application/controllers/GraphController.php | 44 +++++++++++++++---- application/controllers/ListController.php | 26 ++++++----- .../Controller/MonitoringAwareController.php | 23 ++++++++++ 3 files changed, 74 insertions(+), 19 deletions(-) create mode 100644 library/Graphite/Web/Controller/MonitoringAwareController.php diff --git a/application/controllers/GraphController.php b/application/controllers/GraphController.php index d50cba2..f69c4fe 100644 --- a/application/controllers/GraphController.php +++ b/application/controllers/GraphController.php @@ -6,11 +6,11 @@ use Icinga\Exception\Http\HttpBadRequestException; use Icinga\Exception\Http\HttpNotFoundException; use Icinga\Module\Graphite\GraphiteQuery; use Icinga\Module\Graphite\GraphTemplate; +use Icinga\Module\Graphite\Web\Controller\MonitoringAwareController; use Icinga\Module\Graphite\Web\Widget\GraphsTrait; -use Icinga\Web\Controller; use Icinga\Web\UrlParams; -class GraphController extends Controller +class GraphController extends MonitoringAwareController { use GraphsTrait; @@ -42,8 +42,30 @@ class GraphController extends Controller */ protected $geometryParams = []; + public function init() + { + parent::init(); + + $this->filterParams = clone $this->getRequest()->getUrl()->getParams(); + + foreach ($this->geometryParamsNames as $paramName) { + $this->geometryParams[$paramName] = $this->filterParams->shift($paramName); + } + } + public function hostAction() { + $host = $this->applyMonitoringRestriction( + $this->backend->select()->from('hoststatus', ['host_name']) + ) + ->where('host_name', $this->filterParams->getRequired('hostname')) + ->limit(1) // just to be sure to save a few CPU cycles + ->fetchRow(); + + if ($host === false) { + throw new HttpNotFoundException('%s', $this->translate('No such host')); + } + $this->service = false; $this->supplyImage(); @@ -51,6 +73,18 @@ class GraphController extends Controller public function serviceAction() { + $service = $this->applyMonitoringRestriction( + $this->backend->select()->from('servicestatus', ['host_name', 'service_description']) + ) + ->where('host_name', $this->filterParams->getRequired('hostname')) + ->where('service_description', $this->filterParams->getRequired('service')) + ->limit(1) // just to be sure to save a few CPU cycles + ->fetchRow(); + + if ($service === false) { + throw new HttpNotFoundException('%s', $this->translate('No such service')); + } + $this->supplyImage(); } @@ -59,12 +93,6 @@ class GraphController extends Controller */ protected function supplyImage() { - $this->filterParams = clone $this->getRequest()->getUrl()->getParams(); - - foreach ($this->geometryParamsNames as $paramName) { - $this->geometryParams[$paramName] = $this->filterParams->shift($paramName); - } - $this->collectTemplates(); $this->collectGraphiteQueries(); diff --git a/application/controllers/ListController.php b/application/controllers/ListController.php index 586ce2e..13ceace 100644 --- a/application/controllers/ListController.php +++ b/application/controllers/ListController.php @@ -3,14 +3,14 @@ namespace Icinga\Module\Graphite\Controllers; use Icinga\Module\Graphite\Forms\TimeRangePicker\TimeRangePickerTrait as TimeRangePicker; +use Icinga\Module\Graphite\Web\Controller\MonitoringAwareController; use Icinga\Module\Graphite\Web\Controller\TimeRangePickerTrait; -use Icinga\Module\Monitoring\Controller; use Icinga\Module\Monitoring\DataView\DataView; use Icinga\Web\Url; use Icinga\Web\Widget\Tabextension\DashboardAction; use Icinga\Web\Widget\Tabextension\MenuAction; -class ListController extends Controller +class ListController extends MonitoringAwareController { use TimeRangePickerTrait; @@ -28,8 +28,10 @@ class ListController extends Controller mt('monitoring', 'List hosts') ); - $this->view->hosts = $hosts = $this->backend->select()->from('hoststatus', ['host_name', 'host_display_name']); - $this->applyRestriction('monitoring/filter/objects', $hosts); + $this->view->hosts = $hosts = $this->applyMonitoringRestriction( + $this->backend->select()->from('hoststatus', ['host_name', 'host_display_name']) + ); + $this->filterQuery($hosts); $this->setupPaginationControl($hosts); $this->setupLimitControl(); @@ -47,13 +49,15 @@ class ListController extends Controller mt('monitoring', 'List services') ); - $this->view->services = $services = $this->backend->select()->from('servicestatus', [ - 'host_name', - 'host_display_name', - 'service_description', - 'service_display_name' - ]); - $this->applyRestriction('monitoring/filter/objects', $services); + $this->view->services = $services = $this->applyMonitoringRestriction( + $this->backend->select()->from('servicestatus', [ + 'host_name', + 'host_display_name', + 'service_description', + 'service_display_name' + ]) + ); + $this->filterQuery($services); $this->setupPaginationControl($services); $this->setupLimitControl(); diff --git a/library/Graphite/Web/Controller/MonitoringAwareController.php b/library/Graphite/Web/Controller/MonitoringAwareController.php new file mode 100644 index 0000000..ff4f846 --- /dev/null +++ b/library/Graphite/Web/Controller/MonitoringAwareController.php @@ -0,0 +1,23 @@ +applyRestriction('monitoring/filter/objects', $dataView); + + return $dataView; + } +}