diff options
author | Patrick J Cherry <patrick@bytemark.co.uk> | 2011-08-19 16:28:37 +0100 |
---|---|---|
committer | Patrick J Cherry <patrick@bytemark.co.uk> | 2011-08-19 16:28:37 +0100 |
commit | cdb78656916abe5adb946a25b913cda7785a42de (patch) | |
tree | 0f656d639868c2ac8d8a14a5370ab8f2263092dc | |
parent | 8d209c0f6a1b3c47f9bc55b6f63cb14bfa935162 (diff) |
HTML now sanitised on save.
Added History tests
Default polling interval now 5s, 0s for Timer/UDPServer
Fixed note entry for alert page.
-rw-r--r-- | bin/mauveconsole | 2 | ||||
-rw-r--r-- | debian/changelog | 10 | ||||
-rw-r--r-- | lib/mauve/alert.rb | 38 | ||||
-rw-r--r-- | lib/mauve/history.rb | 33 | ||||
-rw-r--r-- | lib/mauve/mauve_thread.rb | 2 | ||||
-rw-r--r-- | lib/mauve/server.rb | 3 | ||||
-rw-r--r-- | lib/mauve/timer.rb | 6 | ||||
-rw-r--r-- | lib/mauve/udp_server.rb | 7 | ||||
-rw-r--r-- | lib/mauve/version.rb | 2 | ||||
-rw-r--r-- | lib/mauve/web_interface.rb | 14 | ||||
-rw-r--r-- | test/tc_mauve_alert.rb | 1 | ||||
-rw-r--r-- | test/tc_mauve_alert_changed.rb | 15 | ||||
-rw-r--r-- | test/tc_mauve_history.rb | 36 | ||||
-rw-r--r-- | test/test_mauve.rb | 1 |
14 files changed, 142 insertions, 28 deletions
diff --git a/bin/mauveconsole b/bin/mauveconsole index 3c14824..169ca54 100644 --- a/bin/mauveconsole +++ b/bin/mauveconsole @@ -154,7 +154,5 @@ if outputter and logger.outputters.include?(outputter) outputter.close end -puts "This is mauve #{Mauve::VERSION}" - include Mauve IRB.start diff --git a/debian/changelog b/debian/changelog index ba56e1f..82bf20d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +mauvealert (3.4.1) stable; urgency=low + + * Fixed note in alert acknowledgement box + * HTML now sanitized on save for Alert and History types + * Default thread interval now 0s for UDP server and Timer, 5s for everything + else + * Moar tests + + -- Patrick J Cherry <patrick@bytemark.co.uk> Fri, 19 Aug 2011 16:24:56 +0100 + mauvealert (3.4.0) stable; urgency=low * More thread monitoring diff --git a/lib/mauve/alert.rb b/lib/mauve/alert.rb index bf47d34..eb5f11b 100644 --- a/lib/mauve/alert.rb +++ b/lib/mauve/alert.rb @@ -82,6 +82,7 @@ module Mauve has 1, :alert_earliest_date + before :save, :do_sanitize_html before :save, :take_copy_of_changes after :save, :notify_if_needed @@ -164,6 +165,26 @@ module Mauve protected # + # This cleans the HTML before saving. + # + def do_sanitize_html + html_permitted_in = [:detail] + + attributes.each do |key, val| + next if html_permitted_in.include?(key) + next unless val.is_a?(String) + + attribute_set(key, Alert.remove_html(val)) + end + + html_permitted_in.each do |key| + val = attribute_get(key) + next unless val.is_a?(String) + attribute_set(key, Alert.clean_html(val)) + end + end + + # # This allows us to take a copy of the changes before we save. # def take_copy_of_changes @@ -435,7 +456,8 @@ module Mauve time_offset = (reception_time - transmission_time).round # - # Make sure there is no HTML in the update source. + # Make sure there is no HTML in the update source. Need to do this + # here because we use the html-free version in the database save hook. # update.source = Alert.remove_html(update.source) @@ -457,8 +479,9 @@ module Mauve end # - # Make sure there's no HTML in the ID... paranoia. The rest of the - # HTML removal is done elsewhere. + # Make sure there's no HTML in the ID -- we need to do this here + # because of the database save hook will clear it out, causing this + # search to fail. # alert.id = Alert.remove_html(alert.id) @@ -503,7 +526,7 @@ module Mauve # Set the subject # if alert.subject and !alert.subject.empty? - alert_db.subject = Alert.remove_html(alert.subject) + alert_db.subject = alert.subject elsif alert_db.subject.nil? # @@ -512,12 +535,9 @@ module Mauve alert_db.subject = alert_db.source end - alert_db.summary = Alert.remove_html(alert.summary) if alert.summary && !alert.summary.empty? + alert_db.summary = alert.summary if alert.summary && !alert.summary.empty? - # - # The detail can be HTML -- scrub out unwanted parts. - # - alert_db.detail = Alert.clean_html(alert.detail) if alert.detail && !alert.detail.empty? + alert_db.detail = alert.detail if alert.detail && !alert.detail.empty? alert_db.importance = alert.importance if alert.importance != 0 diff --git a/lib/mauve/history.rb b/lib/mauve/history.rb index 29ee64c..91a6fdc 100644 --- a/lib/mauve/history.rb +++ b/lib/mauve/history.rb @@ -1,5 +1,6 @@ # encoding: UTF-8 require 'mauve/datamapper' +require 'mauve/alert' require 'log4r' module Mauve @@ -59,28 +60,42 @@ module Mauve has n, :alerts, :through => :alerthistory before :valid?, :set_created_at + before :save, :do_sanitize_html - def self.migrate! - ## - # - # FIXME this is dire. - # - schema = repository(:default).adapter.execute(".schema mauve_histories") + protected + # + # This cleans the HTML before saving. + # + def do_sanitize_html + html_permitted_in = [:event] + attributes.each do |key, val| + next if html_permitted_in.include?(key) + next unless val.is_a?(String) + attribute_set(key, Alert.remove_html(val)) + end + + html_permitted_in.each do |key| + val = attribute_get(key) + next unless val.is_a?(String) + attribute_set(key, Alert.clean_html(val)) + end end + def set_created_at(context = :default) - self.created_at = Time.now unless self.created_at.is_a?(Time) or self.created_at.is_a?(DateTime) + self.created_at = Time.now unless self.created_at.is_a?(Time) end + public + def logger - Log4r::Logger.new self.class.to_s + Log4r::Logger.new self.class.to_s end end - end diff --git a/lib/mauve/mauve_thread.rb b/lib/mauve/mauve_thread.rb index 7d5dcbe..33ebcab 100644 --- a/lib/mauve/mauve_thread.rb +++ b/lib/mauve/mauve_thread.rb @@ -28,7 +28,7 @@ module Mauve @poll_every = i end - def run_thread(interval = 1.0) + def run_thread(interval = 5.0) # # Good to go. # diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb index 047476d..0d56f7f 100644 --- a/lib/mauve/server.rb +++ b/lib/mauve/server.rb @@ -13,6 +13,7 @@ require 'mauve/pop3_server' require 'mauve/processor' require 'mauve/http_server' require 'mauve/heartbeat' +require 'mauve/configuration' require 'log4r' module Mauve @@ -124,7 +125,7 @@ module Mauve logger.warn "Notification buffer has #{self.class.notification_buffer_size} messages in it" end - if self.class.packet_buffer_size > 10 + if self.class.packet_buffer_size > 50 logger.warn "Packet buffer has #{self.class.packet_buffer_size} updates in it" end diff --git a/lib/mauve/timer.rb b/lib/mauve/timer.rb index 02951b7..a00d66d 100644 --- a/lib/mauve/timer.rb +++ b/lib/mauve/timer.rb @@ -12,8 +12,12 @@ module Mauve include Singleton def initialize + # + # Set the default polling interval to zero.. + # + self.poll_every = 0 + super - @poll_every = 0 end def main_loop diff --git a/lib/mauve/udp_server.rb b/lib/mauve/udp_server.rb index 99bfab1..080a04b 100644 --- a/lib/mauve/udp_server.rb +++ b/lib/mauve/udp_server.rb @@ -15,10 +15,15 @@ module Mauve attr_reader :ip, :port def initialize - super + # + # Set up some defaults. + # self.ip = "127.0.0.1" self.port = 32741 + self.poll_every = 0 @socket = nil + + super end def ip=(i) diff --git a/lib/mauve/version.rb b/lib/mauve/version.rb index 3d7591f..3e9ecec 100644 --- a/lib/mauve/version.rb +++ b/lib/mauve/version.rb @@ -1,5 +1,5 @@ module Mauve - VERSION="3.4.0" + VERSION="3.4.1" end diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb index 82dc654..fb82f2e 100644 --- a/lib/mauve/web_interface.rb +++ b/lib/mauve/web_interface.rb @@ -216,8 +216,6 @@ EOF next end - logger.debug "arse" - begin a.acknowledge!(@person, ack_until) succeeded << a @@ -228,9 +226,10 @@ EOF end end # - # Add a note + # Add the note # unless note.to_s.empty? + note = Alert.remove_html(note) h = History.new(:alerts => succeeded, :type => "note", :event => session['username']+" noted "+note.to_s) logger.debug h.errors unless h.save end @@ -337,6 +336,7 @@ EOF ack_until = params[:ack_until].to_i n_hours = params[:n_hours].to_i type_hours = params[:type_hours].to_s + note = params[:note] || nil if ack_until == 0 ack_until = Time.now.in_x_hours(n_hours, type_hours) @@ -346,6 +346,14 @@ EOF alert.acknowledge!(@person, ack_until) + # + # Add the note + # + unless note.to_s.empty? + h = History.new(:alerts => [alert], :type => "note", :event => session['username']+" noted "+note.to_s) + logger.debug h.errors unless h.save + end + flash['notice'] = "Successfully acknowledged alert <em>#{alert.alert_id}</em> from source #{alert.source}." redirect "/alert/#{alert.id}" end diff --git a/test/tc_mauve_alert.rb b/test/tc_mauve_alert.rb index 738489d..f85236e 100644 --- a/test/tc_mauve_alert.rb +++ b/test/tc_mauve_alert.rb @@ -42,6 +42,7 @@ EOF end + # # This is also the test for in_source_list? # diff --git a/test/tc_mauve_alert_changed.rb b/test/tc_mauve_alert_changed.rb index 52f1f25..0e57120 100644 --- a/test/tc_mauve_alert_changed.rb +++ b/test/tc_mauve_alert_changed.rb @@ -67,6 +67,21 @@ EOF AlertChanged.all.each{|ac| ac.poll} end + # OK now clear the alert, send one notification and set an alert_changed. + alert.clear! + notifications += 1 + reminders += 1 + assert_equal(notifications, Server.instance.notification_buffer.length) + assert_equal(reminders, AlertChanged.count) + + Timecop.freeze(Time.now + 10.minutes) + AlertChanged.all.each{|ac| ac.poll} + # + # Send NO MORE notifications. + # + assert_equal(notifications, Server.instance.notification_buffer.length) + assert_equal(reminders, AlertChanged.count) + end diff --git a/test/tc_mauve_history.rb b/test/tc_mauve_history.rb new file mode 100644 index 0000000..62342f2 --- /dev/null +++ b/test/tc_mauve_history.rb @@ -0,0 +1,36 @@ +$:.unshift "../lib" + +require 'th_mauve' +require 'mauve/history' +require 'mauve/server' + +class TcMauveHistory < Mauve::UnitTest + + include Mauve + + def setup + super + setup_database + end + + def teardown + teardown_database + super + end + + def test_save + Server.instance.setup + # + # Make sure events save without nasty html + # + h = History.new(:alerts => [], :type => "note", :event => "Hello <script>alert(\"arse\");</script>") + + h.save + h.reload + assert_equal("Hello ",h.event, "HTML not stripped correctly on save.") + end +end + + + + diff --git a/test/test_mauve.rb b/test/test_mauve.rb index 87aa188..fba47eb 100644 --- a/test/test_mauve.rb +++ b/test/test_mauve.rb @@ -18,6 +18,7 @@ tc_mauve_source_list.rb tc_mauve_people_list.rb tc_mauve_person.rb tc_mauve_alert.rb +tc_mauve_history.rb tc_mauve_alert_group.rb tc_mauve_alert_changed.rb tc_mauve_notification.rb |