From cdb78656916abe5adb946a25b913cda7785a42de Mon Sep 17 00:00:00 2001 From: Patrick J Cherry Date: Fri, 19 Aug 2011 16:28:37 +0100 Subject: HTML now sanitised on save. Added History tests Default polling interval now 5s, 0s for Timer/UDPServer Fixed note entry for alert page. --- lib/mauve/alert.rb | 38 +++++++++++++++++++++++++++++--------- lib/mauve/history.rb | 33 ++++++++++++++++++++++++--------- lib/mauve/mauve_thread.rb | 2 +- lib/mauve/server.rb | 3 ++- lib/mauve/timer.rb | 6 +++++- lib/mauve/udp_server.rb | 7 ++++++- lib/mauve/version.rb | 2 +- lib/mauve/web_interface.rb | 14 +++++++++++--- 8 files changed, 79 insertions(+), 26 deletions(-) (limited to 'lib/mauve') diff --git a/lib/mauve/alert.rb b/lib/mauve/alert.rb index bf47d34..eb5f11b 100644 --- a/lib/mauve/alert.rb +++ b/lib/mauve/alert.rb @@ -82,6 +82,7 @@ module Mauve has 1, :alert_earliest_date + before :save, :do_sanitize_html before :save, :take_copy_of_changes after :save, :notify_if_needed @@ -163,6 +164,26 @@ module Mauve protected + # + # This cleans the HTML before saving. + # + def do_sanitize_html + html_permitted_in = [:detail] + + attributes.each do |key, val| + next if html_permitted_in.include?(key) + next unless val.is_a?(String) + + attribute_set(key, Alert.remove_html(val)) + end + + html_permitted_in.each do |key| + val = attribute_get(key) + next unless val.is_a?(String) + attribute_set(key, Alert.clean_html(val)) + end + end + # # This allows us to take a copy of the changes before we save. # @@ -435,7 +456,8 @@ module Mauve time_offset = (reception_time - transmission_time).round # - # Make sure there is no HTML in the update source. + # Make sure there is no HTML in the update source. Need to do this + # here because we use the html-free version in the database save hook. # update.source = Alert.remove_html(update.source) @@ -457,8 +479,9 @@ module Mauve end # - # Make sure there's no HTML in the ID... paranoia. The rest of the - # HTML removal is done elsewhere. + # Make sure there's no HTML in the ID -- we need to do this here + # because of the database save hook will clear it out, causing this + # search to fail. # alert.id = Alert.remove_html(alert.id) @@ -503,7 +526,7 @@ module Mauve # Set the subject # if alert.subject and !alert.subject.empty? - alert_db.subject = Alert.remove_html(alert.subject) + alert_db.subject = alert.subject elsif alert_db.subject.nil? # @@ -512,12 +535,9 @@ module Mauve alert_db.subject = alert_db.source end - alert_db.summary = Alert.remove_html(alert.summary) if alert.summary && !alert.summary.empty? + alert_db.summary = alert.summary if alert.summary && !alert.summary.empty? - # - # The detail can be HTML -- scrub out unwanted parts. - # - alert_db.detail = Alert.clean_html(alert.detail) if alert.detail && !alert.detail.empty? + alert_db.detail = alert.detail if alert.detail && !alert.detail.empty? alert_db.importance = alert.importance if alert.importance != 0 diff --git a/lib/mauve/history.rb b/lib/mauve/history.rb index 29ee64c..91a6fdc 100644 --- a/lib/mauve/history.rb +++ b/lib/mauve/history.rb @@ -1,5 +1,6 @@ # encoding: UTF-8 require 'mauve/datamapper' +require 'mauve/alert' require 'log4r' module Mauve @@ -59,28 +60,42 @@ module Mauve has n, :alerts, :through => :alerthistory before :valid?, :set_created_at + before :save, :do_sanitize_html - def self.migrate! - ## - # - # FIXME this is dire. - # - schema = repository(:default).adapter.execute(".schema mauve_histories") + protected + # + # This cleans the HTML before saving. + # + def do_sanitize_html + html_permitted_in = [:event] + attributes.each do |key, val| + next if html_permitted_in.include?(key) + next unless val.is_a?(String) + attribute_set(key, Alert.remove_html(val)) + end + + html_permitted_in.each do |key| + val = attribute_get(key) + next unless val.is_a?(String) + attribute_set(key, Alert.clean_html(val)) + end end + def set_created_at(context = :default) - self.created_at = Time.now unless self.created_at.is_a?(Time) or self.created_at.is_a?(DateTime) + self.created_at = Time.now unless self.created_at.is_a?(Time) end + public + def logger - Log4r::Logger.new self.class.to_s + Log4r::Logger.new self.class.to_s end end - end diff --git a/lib/mauve/mauve_thread.rb b/lib/mauve/mauve_thread.rb index 7d5dcbe..33ebcab 100644 --- a/lib/mauve/mauve_thread.rb +++ b/lib/mauve/mauve_thread.rb @@ -28,7 +28,7 @@ module Mauve @poll_every = i end - def run_thread(interval = 1.0) + def run_thread(interval = 5.0) # # Good to go. # diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb index 047476d..0d56f7f 100644 --- a/lib/mauve/server.rb +++ b/lib/mauve/server.rb @@ -13,6 +13,7 @@ require 'mauve/pop3_server' require 'mauve/processor' require 'mauve/http_server' require 'mauve/heartbeat' +require 'mauve/configuration' require 'log4r' module Mauve @@ -124,7 +125,7 @@ module Mauve logger.warn "Notification buffer has #{self.class.notification_buffer_size} messages in it" end - if self.class.packet_buffer_size > 10 + if self.class.packet_buffer_size > 50 logger.warn "Packet buffer has #{self.class.packet_buffer_size} updates in it" end diff --git a/lib/mauve/timer.rb b/lib/mauve/timer.rb index 02951b7..a00d66d 100644 --- a/lib/mauve/timer.rb +++ b/lib/mauve/timer.rb @@ -12,8 +12,12 @@ module Mauve include Singleton def initialize + # + # Set the default polling interval to zero.. + # + self.poll_every = 0 + super - @poll_every = 0 end def main_loop diff --git a/lib/mauve/udp_server.rb b/lib/mauve/udp_server.rb index 99bfab1..080a04b 100644 --- a/lib/mauve/udp_server.rb +++ b/lib/mauve/udp_server.rb @@ -15,10 +15,15 @@ module Mauve attr_reader :ip, :port def initialize - super + # + # Set up some defaults. + # self.ip = "127.0.0.1" self.port = 32741 + self.poll_every = 0 @socket = nil + + super end def ip=(i) diff --git a/lib/mauve/version.rb b/lib/mauve/version.rb index 3d7591f..3e9ecec 100644 --- a/lib/mauve/version.rb +++ b/lib/mauve/version.rb @@ -1,5 +1,5 @@ module Mauve - VERSION="3.4.0" + VERSION="3.4.1" end diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb index 82dc654..fb82f2e 100644 --- a/lib/mauve/web_interface.rb +++ b/lib/mauve/web_interface.rb @@ -216,8 +216,6 @@ EOF next end - logger.debug "arse" - begin a.acknowledge!(@person, ack_until) succeeded << a @@ -228,9 +226,10 @@ EOF end end # - # Add a note + # Add the note # unless note.to_s.empty? + note = Alert.remove_html(note) h = History.new(:alerts => succeeded, :type => "note", :event => session['username']+" noted "+note.to_s) logger.debug h.errors unless h.save end @@ -337,6 +336,7 @@ EOF ack_until = params[:ack_until].to_i n_hours = params[:n_hours].to_i type_hours = params[:type_hours].to_s + note = params[:note] || nil if ack_until == 0 ack_until = Time.now.in_x_hours(n_hours, type_hours) @@ -346,6 +346,14 @@ EOF alert.acknowledge!(@person, ack_until) + # + # Add the note + # + unless note.to_s.empty? + h = History.new(:alerts => [alert], :type => "note", :event => session['username']+" noted "+note.to_s) + logger.debug h.errors unless h.save + end + flash['notice'] = "Successfully acknowledged alert #{alert.alert_id} from source #{alert.source}." redirect "/alert/#{alert.id}" end -- cgit v1.2.1