aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick J Cherry <patrick@bytemark.co.uk>2011-08-19 16:28:37 +0100
committerPatrick J Cherry <patrick@bytemark.co.uk>2011-08-19 16:28:37 +0100
commitcdb78656916abe5adb946a25b913cda7785a42de (patch)
tree0f656d639868c2ac8d8a14a5370ab8f2263092dc
parent8d209c0f6a1b3c47f9bc55b6f63cb14bfa935162 (diff)
HTML now sanitised on save.
Added History tests Default polling interval now 5s, 0s for Timer/UDPServer Fixed note entry for alert page.
-rw-r--r--bin/mauveconsole2
-rw-r--r--debian/changelog10
-rw-r--r--lib/mauve/alert.rb38
-rw-r--r--lib/mauve/history.rb33
-rw-r--r--lib/mauve/mauve_thread.rb2
-rw-r--r--lib/mauve/server.rb3
-rw-r--r--lib/mauve/timer.rb6
-rw-r--r--lib/mauve/udp_server.rb7
-rw-r--r--lib/mauve/version.rb2
-rw-r--r--lib/mauve/web_interface.rb14
-rw-r--r--test/tc_mauve_alert.rb1
-rw-r--r--test/tc_mauve_alert_changed.rb15
-rw-r--r--test/tc_mauve_history.rb36
-rw-r--r--test/test_mauve.rb1
14 files changed, 142 insertions, 28 deletions
diff --git a/bin/mauveconsole b/bin/mauveconsole
index 3c14824..169ca54 100644
--- a/bin/mauveconsole
+++ b/bin/mauveconsole
@@ -154,7 +154,5 @@ if outputter and logger.outputters.include?(outputter)
outputter.close
end
-puts "This is mauve #{Mauve::VERSION}"
-
include Mauve
IRB.start
diff --git a/debian/changelog b/debian/changelog
index ba56e1f..82bf20d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+mauvealert (3.4.1) stable; urgency=low
+
+ * Fixed note in alert acknowledgement box
+ * HTML now sanitized on save for Alert and History types
+ * Default thread interval now 0s for UDP server and Timer, 5s for everything
+ else
+ * Moar tests
+
+ -- Patrick J Cherry <patrick@bytemark.co.uk> Fri, 19 Aug 2011 16:24:56 +0100
+
mauvealert (3.4.0) stable; urgency=low
* More thread monitoring
diff --git a/lib/mauve/alert.rb b/lib/mauve/alert.rb
index bf47d34..eb5f11b 100644
--- a/lib/mauve/alert.rb
+++ b/lib/mauve/alert.rb
@@ -82,6 +82,7 @@ module Mauve
has 1, :alert_earliest_date
+ before :save, :do_sanitize_html
before :save, :take_copy_of_changes
after :save, :notify_if_needed
@@ -164,6 +165,26 @@ module Mauve
protected
#
+ # This cleans the HTML before saving.
+ #
+ def do_sanitize_html
+ html_permitted_in = [:detail]
+
+ attributes.each do |key, val|
+ next if html_permitted_in.include?(key)
+ next unless val.is_a?(String)
+
+ attribute_set(key, Alert.remove_html(val))
+ end
+
+ html_permitted_in.each do |key|
+ val = attribute_get(key)
+ next unless val.is_a?(String)
+ attribute_set(key, Alert.clean_html(val))
+ end
+ end
+
+ #
# This allows us to take a copy of the changes before we save.
#
def take_copy_of_changes
@@ -435,7 +456,8 @@ module Mauve
time_offset = (reception_time - transmission_time).round
#
- # Make sure there is no HTML in the update source.
+ # Make sure there is no HTML in the update source. Need to do this
+ # here because we use the html-free version in the database save hook.
#
update.source = Alert.remove_html(update.source)
@@ -457,8 +479,9 @@ module Mauve
end
#
- # Make sure there's no HTML in the ID... paranoia. The rest of the
- # HTML removal is done elsewhere.
+ # Make sure there's no HTML in the ID -- we need to do this here
+ # because of the database save hook will clear it out, causing this
+ # search to fail.
#
alert.id = Alert.remove_html(alert.id)
@@ -503,7 +526,7 @@ module Mauve
# Set the subject
#
if alert.subject and !alert.subject.empty?
- alert_db.subject = Alert.remove_html(alert.subject)
+ alert_db.subject = alert.subject
elsif alert_db.subject.nil?
#
@@ -512,12 +535,9 @@ module Mauve
alert_db.subject = alert_db.source
end
- alert_db.summary = Alert.remove_html(alert.summary) if alert.summary && !alert.summary.empty?
+ alert_db.summary = alert.summary if alert.summary && !alert.summary.empty?
- #
- # The detail can be HTML -- scrub out unwanted parts.
- #
- alert_db.detail = Alert.clean_html(alert.detail) if alert.detail && !alert.detail.empty?
+ alert_db.detail = alert.detail if alert.detail && !alert.detail.empty?
alert_db.importance = alert.importance if alert.importance != 0
diff --git a/lib/mauve/history.rb b/lib/mauve/history.rb
index 29ee64c..91a6fdc 100644
--- a/lib/mauve/history.rb
+++ b/lib/mauve/history.rb
@@ -1,5 +1,6 @@
# encoding: UTF-8
require 'mauve/datamapper'
+require 'mauve/alert'
require 'log4r'
module Mauve
@@ -59,28 +60,42 @@ module Mauve
has n, :alerts, :through => :alerthistory
before :valid?, :set_created_at
+ before :save, :do_sanitize_html
- def self.migrate!
- ##
- #
- # FIXME this is dire.
- #
- schema = repository(:default).adapter.execute(".schema mauve_histories")
+ protected
+ #
+ # This cleans the HTML before saving.
+ #
+ def do_sanitize_html
+ html_permitted_in = [:event]
+ attributes.each do |key, val|
+ next if html_permitted_in.include?(key)
+ next unless val.is_a?(String)
+ attribute_set(key, Alert.remove_html(val))
+ end
+
+ html_permitted_in.each do |key|
+ val = attribute_get(key)
+ next unless val.is_a?(String)
+ attribute_set(key, Alert.clean_html(val))
+ end
end
+
def set_created_at(context = :default)
- self.created_at = Time.now unless self.created_at.is_a?(Time) or self.created_at.is_a?(DateTime)
+ self.created_at = Time.now unless self.created_at.is_a?(Time)
end
+ public
+
def logger
- Log4r::Logger.new self.class.to_s
+ Log4r::Logger.new self.class.to_s
end
end
-
end
diff --git a/lib/mauve/mauve_thread.rb b/lib/mauve/mauve_thread.rb
index 7d5dcbe..33ebcab 100644
--- a/lib/mauve/mauve_thread.rb
+++ b/lib/mauve/mauve_thread.rb
@@ -28,7 +28,7 @@ module Mauve
@poll_every = i
end
- def run_thread(interval = 1.0)
+ def run_thread(interval = 5.0)
#
# Good to go.
#
diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb
index 047476d..0d56f7f 100644
--- a/lib/mauve/server.rb
+++ b/lib/mauve/server.rb
@@ -13,6 +13,7 @@ require 'mauve/pop3_server'
require 'mauve/processor'
require 'mauve/http_server'
require 'mauve/heartbeat'
+require 'mauve/configuration'
require 'log4r'
module Mauve
@@ -124,7 +125,7 @@ module Mauve
logger.warn "Notification buffer has #{self.class.notification_buffer_size} messages in it"
end
- if self.class.packet_buffer_size > 10
+ if self.class.packet_buffer_size > 50
logger.warn "Packet buffer has #{self.class.packet_buffer_size} updates in it"
end
diff --git a/lib/mauve/timer.rb b/lib/mauve/timer.rb
index 02951b7..a00d66d 100644
--- a/lib/mauve/timer.rb
+++ b/lib/mauve/timer.rb
@@ -12,8 +12,12 @@ module Mauve
include Singleton
def initialize
+ #
+ # Set the default polling interval to zero..
+ #
+ self.poll_every = 0
+
super
- @poll_every = 0
end
def main_loop
diff --git a/lib/mauve/udp_server.rb b/lib/mauve/udp_server.rb
index 99bfab1..080a04b 100644
--- a/lib/mauve/udp_server.rb
+++ b/lib/mauve/udp_server.rb
@@ -15,10 +15,15 @@ module Mauve
attr_reader :ip, :port
def initialize
- super
+ #
+ # Set up some defaults.
+ #
self.ip = "127.0.0.1"
self.port = 32741
+ self.poll_every = 0
@socket = nil
+
+ super
end
def ip=(i)
diff --git a/lib/mauve/version.rb b/lib/mauve/version.rb
index 3d7591f..3e9ecec 100644
--- a/lib/mauve/version.rb
+++ b/lib/mauve/version.rb
@@ -1,5 +1,5 @@
module Mauve
- VERSION="3.4.0"
+ VERSION="3.4.1"
end
diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb
index 82dc654..fb82f2e 100644
--- a/lib/mauve/web_interface.rb
+++ b/lib/mauve/web_interface.rb
@@ -216,8 +216,6 @@ EOF
next
end
- logger.debug "arse"
-
begin
a.acknowledge!(@person, ack_until)
succeeded << a
@@ -228,9 +226,10 @@ EOF
end
end
#
- # Add a note
+ # Add the note
#
unless note.to_s.empty?
+ note = Alert.remove_html(note)
h = History.new(:alerts => succeeded, :type => "note", :event => session['username']+" noted "+note.to_s)
logger.debug h.errors unless h.save
end
@@ -337,6 +336,7 @@ EOF
ack_until = params[:ack_until].to_i
n_hours = params[:n_hours].to_i
type_hours = params[:type_hours].to_s
+ note = params[:note] || nil
if ack_until == 0
ack_until = Time.now.in_x_hours(n_hours, type_hours)
@@ -346,6 +346,14 @@ EOF
alert.acknowledge!(@person, ack_until)
+ #
+ # Add the note
+ #
+ unless note.to_s.empty?
+ h = History.new(:alerts => [alert], :type => "note", :event => session['username']+" noted "+note.to_s)
+ logger.debug h.errors unless h.save
+ end
+
flash['notice'] = "Successfully acknowledged alert <em>#{alert.alert_id}</em> from source #{alert.source}."
redirect "/alert/#{alert.id}"
end
diff --git a/test/tc_mauve_alert.rb b/test/tc_mauve_alert.rb
index 738489d..f85236e 100644
--- a/test/tc_mauve_alert.rb
+++ b/test/tc_mauve_alert.rb
@@ -42,6 +42,7 @@ EOF
end
+
#
# This is also the test for in_source_list?
#
diff --git a/test/tc_mauve_alert_changed.rb b/test/tc_mauve_alert_changed.rb
index 52f1f25..0e57120 100644
--- a/test/tc_mauve_alert_changed.rb
+++ b/test/tc_mauve_alert_changed.rb
@@ -67,6 +67,21 @@ EOF
AlertChanged.all.each{|ac| ac.poll}
end
+ # OK now clear the alert, send one notification and set an alert_changed.
+ alert.clear!
+ notifications += 1
+ reminders += 1
+ assert_equal(notifications, Server.instance.notification_buffer.length)
+ assert_equal(reminders, AlertChanged.count)
+
+ Timecop.freeze(Time.now + 10.minutes)
+ AlertChanged.all.each{|ac| ac.poll}
+ #
+ # Send NO MORE notifications.
+ #
+ assert_equal(notifications, Server.instance.notification_buffer.length)
+ assert_equal(reminders, AlertChanged.count)
+
end
diff --git a/test/tc_mauve_history.rb b/test/tc_mauve_history.rb
new file mode 100644
index 0000000..62342f2
--- /dev/null
+++ b/test/tc_mauve_history.rb
@@ -0,0 +1,36 @@
+$:.unshift "../lib"
+
+require 'th_mauve'
+require 'mauve/history'
+require 'mauve/server'
+
+class TcMauveHistory < Mauve::UnitTest
+
+ include Mauve
+
+ def setup
+ super
+ setup_database
+ end
+
+ def teardown
+ teardown_database
+ super
+ end
+
+ def test_save
+ Server.instance.setup
+ #
+ # Make sure events save without nasty html
+ #
+ h = History.new(:alerts => [], :type => "note", :event => "Hello <script>alert(\"arse\");</script>")
+
+ h.save
+ h.reload
+ assert_equal("Hello ",h.event, "HTML not stripped correctly on save.")
+ end
+end
+
+
+
+
diff --git a/test/test_mauve.rb b/test/test_mauve.rb
index 87aa188..fba47eb 100644
--- a/test/test_mauve.rb
+++ b/test/test_mauve.rb
@@ -18,6 +18,7 @@ tc_mauve_source_list.rb
tc_mauve_people_list.rb
tc_mauve_person.rb
tc_mauve_alert.rb
+tc_mauve_history.rb
tc_mauve_alert_group.rb
tc_mauve_alert_changed.rb
tc_mauve_notification.rb