|
I am not sure it should be here. Perhaps ZBXNEXT is a better place?
|
|
being a ZBX was mostly motivated by the possible grave consequences of ignoring part of a query. something simple (from user perspective) as missing set of square brackets around a set of ids can result in that part silently being discarded and i wouldn't want to encounter that when deleting entities...
|
|
(1) also see ZBX-3943 and ZBX-11594: validation of the host.host parameter
|
|
(2) ZBX-5618 is about "Empty input parameter." warnings on missing mandatory params
|
|
(3) a particular case for required validation is ZBX-5684
|
|
(4) for proxy.create (and probably update, too), type and main can be specified, but they are ignored
|
|
(5) a valid json w/o id results in a completely empty response
|
|
(6) incorrect id specification in proxy.delete deletes only one proxy and may return incorrect response :
{"jsonrpc":"2.0","method":"proxy.delete","params":[{"proxyid":"10288","proxyid":"10289"}],"auth":"ab9638041ec6922cb14b07982b268f47","id":1}
{"jsonrpc":"2.0","result":{"proxyids":["10289"]},"id":1}
if a proxy with such id exists, only the last one is deleted. if such a proxy does not exist, response still has the id as if something was deleted. might be the same with other delete methods
sasha MOVED to (85)
CLOSED
|
|
(7) we can use host.update and change host's status to 5 or 6 (proxy). we can use proxy.update and change proxy's status to 0, 1 etc.
we can also change status to 7. what's that ? that's a good question...
host-updating a host into an active proxy does not remove the interface.
(this possibility suggested by alexei)
iivs Proxy status is now validated in pre-2.1.1 (trunk) r36917. Other validation is still due.
<richlv> host status validation should be added in ZBX-4772
|
|
(8) weird groupid (and possibly other id) validation : ZBX-6018
|
|
(9)
<geekatcmu> {"params": {"hostids": ["100100000039925"], "applicationids": ["100100000415895"]}, "jsonrpc": "2.0", "method": "trigger.get", "auth": "notyouraveragebear", "id": 3}
<geekatcmu> And what I'm getting back is a list of every trigger for that host.
<geekatcmu> None of the triggers on this host are actually using any items associated with the given application
<geekatcmu> 2.0.4
<Richlv> you could also try something like "applicationids": [{"applicationid":"100100000415895"}]
<geekatcmu> That that returned the right result.
|
|
(10) "hostinterface.update" method allows to include a line break in the IP address (should be validated also in many other fields where it's not allowed) - ZBX-6326
|
|
(11) moved from ZBX-6934:
sasha 3. RESOLVED in r64158
oleg.egorov 3. CLOSED
|
|
(12)
Using this incorrect API request:
{
"jsonrpc": "2.0",
"method": "maintenance.create",
"params": {
"hostids": [
10084
],
"name": "TestHJ",
"active_till": "1380017700",
"active_since": "1380016800",
"timeperiods": {
"timeperiod_type": 0,
"start_date": 1380016800,
"period": 3600
}
},
"id": 0,
"auth": "a81739a7e996deadcd36b47576135f19"
}
we can generate an incorrect SQL.
API responce:
"SQL statement execution has failed \"INSERT INTO timeperiods () VALUES ()\"."
Another bug report for this method is ZBX-4545
|
|
(13) Improve validation for usergroup.delete method: validate existing user groups and throw error if user group does not exist.
sasha RESOLVED in r64069
oleg.egorov CLOSED
|
|
(14) Improve usergroup.massadd
{
"usrgrpids": [
13,
14,
13,
[]
],
"rights": {
"permission": 0,
"id": "3"
}
}
Return:
SQL statement execution has failed "INSERT INTO rights (groupid,permission,id,rightid) VALUES ('13','0','3','41')
sasha This method is deprecated. WON'T FIX
|
|
(15)
{
"name": "Homepage check",
"hostid": "32318",
"steps": [
{
"name": "Homepage",
"url": "http:,
"status_codes": 200,
"no": 1
}
],
"ssl_cert_file": [],
"authentication": 1,
"http_user": 1,
"http_password": 1,
"ssl_key_file": 1,
"ssl_key_password": 1
}
SQL statement execution has failed \"INSERT INTO httptest (name,hostid,ssl_cert_file,authentication,http_user,http_password,ssl_key_file,ssl_key_password,verify_peer,verify_host,variables,headers,httptestid) VALUES ('Homepage check','32318',Array,'1','1','1','1','1','0','0','','','80')\
|
|
(16) An API call like this (empty string for itemids):
{
"jsonrpc": "2.0",
"method": "history.get",
"params": {
"itemids": "",
"hostid": "11724",
"time_from": "1422140400",
"time_till": "1422226799"
},
"auth": "t62tejbsq3jtu9rll2syonnojd19qd29",
"id": 0
}
Is not recognized and leads to an invalid database query:
< 2015-01-26 13:52:59.617 CET >ERROR: invalid input syntax for integer: "" at character 266
< 2015-01-26 13:52:59.617 CET >STATEMENT: SELECT i.itemid FROM items i WHERE i.flags IN (0,4) AND EXISTS (SELECT NULL FROM hosts_groups hgg JOIN rights r ON r.id=hgg.groupid AND r.groupid='26' WHERE i.hostid=hgg.hostid GROUP BY hgg.hostid HAVING MIN(r.permission)>0 AND MAX(r.permission)>=2) AND i.itemid=''
< 2015-01-26 13:52:59.618 CET >ERROR: current transaction is aborted, commands ignored until end of transaction block
< 2015-01-26 13:52:59.618 CET >STATEMENT: SELECT h.itemid,h.clock FROM history_uint h WHERE 1=0 AND h.clock>='1422140400' AND h.clock<='1422226799'
oleg.egorov Also, item update:
Result:
And if used itemids
Result is:
|
|
(17) httptest.create method allows to set "authentication" to 0 (no auth), but specify http_user and http_password - this is misleading
|
|
(18) image api validation - ZBX-5750
|
|
(19) screen api validation - ZBX-5562
<richlv> screen hsize/vsize validation presumably added in ZBX-10318 and ZBX-10517 (4)
|
|
(20) event.acknowledge
Result:
|
|
(21) host.delete (ZBX-7797)
{"jsonrpc":"2.0","method":"host.delete","params":{"hostid":"10116"},"id":0,"auth":"5bea7391ae4283522f33a7ca38ceb250"}
{"jsonrpc":"2.0","error":{"code":-32500,"message":"Application error.","data":"SQL statement execution has failed \"DELETE FROM screens_items WHERE resourceid=Array AND resourcetype='16'\""},"id":0}
|
|
OK - some more tests on 2.4.6:
{"jsonrpc":"2.0","method":"host.delete","params":["10087"],"id":0,"auth":"7a7dd7e6080b6e2db920c8c01540c8ea"}
{"jsonrpc":"2.0","error":{"code":-32602,"message":"Invalid params.","data":"Wrong fields for host \"\"."},"id":0}
{"jsonrpc":"2.0","method":"host.delete","params":"10088","id":0,"auth":"e7a00088c1482eff2d901d823b0c0dc0"}
{"jsonrpc":"2.0","error":{"code":-32602,"message":"Invalid params.","data":"JSON-rpc params is not an Array."},"id":0}
What would be the proper syntax?
Regards,
Lars
|
|
please see https://www.zabbix.org/wiki/Getting_help for support and general discussion options
|
|
I'm not asking for support: I've followed the API documentation in every detail, it doesn't work, and yet you claim that it's not a bug?
I'm also documenting the results I get when I follow the documentation to the point.
|
|
(22) templatescreen.create accepts empty parameters and successfully returns an ID with value 1.
templatescreen.update accepts empty parameters and successfully returns an empty array.
|
|
(23) Regular non admin user can create a templated screen. Then create a regular screen and use previously created templated screen as screen item. Not only it fills up the database with corrupted data, users who export regular screens, can get a corrupted XML:
|
|
(24) might be generic, but worth testing the template constraint in xml export : ZBX-10287
|
|
(25) screenitem.update
with options
{
"screenitemid": "73",
"x": 0
}
returns
|
|
(26) Operation and recovery operation validation issues in action.create:
1. if 'recovery_operations' => [[]] is empty
2. if incorrect operation type
'recovery_operations' => [
['operationtype' => 'asdasd']
]
the error message says "No recipients for action operation message."
3. opcommand accepts anything
'opcommand' => [
'type' => 'asdads',
'command' => 'aaaasdasd',
'execute_on' => 'aaaa'
]
and results in success. Not sure what I have just created with this. And it seems like it's validated for operations, but not for recovery operations.
4. If operations has fields, but has no operation type, I get an error:
action.update:
5. If operations has no operation type but only ID
[
'actionid' => 41,
'operations' => [
[
'operationid' => 79
]
]
]
I get an error:
6. If recovery operations has no operation type but only ID
[
'actionid' => 41,
'recovery_operations' => [
[
'operationid' => 78
]
]
]
I get an error:
Moved from ZBXNEXT-3101 (28)
Moved from ZBXNEXT-18 (57)
|
|
(27) String validation should check null character "\0" and hexadecimal encoded values. Also strings must be trimmed.
1. It's possible to avoid validation on empty string passing "\0" or "\x0" as value.
[
"groupid" => "10",
"name" => "\x0"
]
2. String should be trimmed. For example, we can set host name as space and visible name as empty string:
[
"hostid" => 10105,
"host" => " ",
"name" => ""
]
|
|
(28) It's possible to set trigger name as empty string via API:
[
"triggerid"=> 70355,
"description" => ""
]
|
|
(29) HttpTest.create
Return:
Issue exist in 2.2 - 3.2...
Also mentioned in ZBX-8996.
|
|
(30) stacked graph item drawtype cannot be changed in the frontend, but can be modified using the api: ZBX-9494
|
|
(31)
user.get
Array
(
[output] => Array
(
[0] => userid
)
[userids] => Array
(
[0] =>
)
)
Results with:
... Query failed: ERROR: invalid input syntax for integer: ""
LINE 1: ...id FROM users_groups uug WHERE uug.userid=3) AND u.userid='' ...
|
|
(32) Error messages
Result is:
Before was:
Possible better allow execute empty request or change error message.
Some messages hard to understand
sasha Closed as DUPLICATE of (2)
|
|
(33) Validation issues:
Result:
Same issue exist if use scientific notation, for example: hostid = 1.23E+11
sasha RESOLVED in r63884
oleg.egorov CLOSED
|
|
(34) Possible create and update value mapping without value map
sasha RESOLVED in r63889
oleg.egorov CLOSED
|
|
(35) PHPDoc for function getFieldLength
But it in success return int and if fail, then just exit;
Also
Normally never executed. And I think it is unnecessary code.
Other PHPDoc issue in CApiService.php:738
sasha RESOLVED in r64046
oleg.egorov CLOSED
|
|
(36) added validation and partially rewritten API methods in r63457:64047:
- application: create(), update() and delete()
- valuemap: create(), update() and delete()
- hostgroup: create(), update() and delete()
- configuration: import() and export()
oleg.egorov CLOSED
Strings added:
- Invalid parameter "%1$s": %2$s.
- a boolean is expected
- a number is expected
- a number is too large
- invalid byte sequence in UTF-8
- the parameter "%1$s" is missing
- unexpected parameter "%1$s"
- value %1$s already exists
- value is too long
- value must be one of %1$s
Strings deleted:
- At least one mapping should be given for value map "%1$s".
- Cannot set "%1$s" for application "%2$s".
- Cannot set "%1$s" for host group "%2$s".
- Cannot update "%1$s" for application "%2$s".
- Cannot update "%1$s" for host group "%2$s".
- Created: Application "%1$s" on "%2$s".
- Deleted: Application "%1$s" on "%2$s".
- Duplicate "%1$s" value "%2$s" for host group.
- Duplicate "name" value "%1$s" for value map.
- Duplicate mapping value "%1$s" for value map "%2$s".
- Empty group ID.
- Empty new value in value map "%1$s".
- Empty value map ID.
- Host group is missing parameters: %1$s
- Incorrect group ID.
- Incorrect value map ID.
- Mapping is missing parameters: %1$s for value map "%2$s".
- No "%1$s" given for group.
- No "%1$s" given for value map.
- No application with ID "%1$s".
- Updated: Application "%1$s" on "%2$s".
- Value map is missing parameters: %1$s
- Value map name cannot be empty.
oleg.egorov CLOSED
|
|
(37) added validation and partially rewritten API methods in r64047:64093, r64096, r64102, r64152:
- usergroup: create(), update() and delete()
 usergroup:massadd() and usergroup:massupdate() methods have been deprecated
Strings added:
- Only Super Admins can create user groups.
- Only Super Admins can update user groups.
- Host group with ID "%1$s" is not available.
- User with ID "%1$s" is not available.
Strings deleted:
- Cannot add users.
- Cannot update group.
- Incorrect parameters for user group.
- User cannot change GUI access for himself.
- User cannot change status of himself.
oleg.egorov CLOSED
|
|
(38) minor code improvements in r64094.
oleg.egorov CLOSED
|
|
(39) added validation and partially rewritten API methods in r64158:
- user: create(), update() and delete()
added support of user_medias parameter by user:update() method
user:updateprofile(), user:addmedia(), user:updatemedia() and user:deletemedia() methods have been deprecated
Strings added:
- Auto-login and auto-logout options cannot be enabled together.
- Media type with ID "%1$s" is not available.
- User cannot alter user type for himself.
- User group with ID "%1$s" is not available.
- a time period is expected
Strings deleted:
- Duplicate user alias "%s".
- Incorrect theme for user "%1$s".
- User may not modify GUI access for himself by becoming a member of user group "%s".
- User may not modify system status for himself by becoming a member of user group "%s".
- Wrong fields for user "%s".
- You are not allowed to alter privileges for user "%s".
- You do not have permissions to update other users.
- You do not have permissions to update user or user does not exist.
oleg.egorov CLOSED
|
|
(40) dropped support of API_ALLOW_NULL by API_BOOLEAN data type in r64161
oleg.egorov CLOSED
|
|
(41) added validation and rewritten API methods in r64187:
- user: login(), logout() and checkauthenticate()
Also removed WebUser from all API methods.
Strings added:
- Account is blocked for %1$s second.
- Account is blocked for %1$s seconds.
- Login failed.
Strings deleted:
- Account is blocked for %s seconds
- Action disabled due to deletion of user group.
- Action disabled due to deletion of user.
- Login failed "%s".
- Manual Logout
oleg.egorov CLOSED
|
|
(42) Added check for users and user groups which are used in actions. Now, deleting of such users and user groups are prohibited.
user.delete() and usergroup.delete(): users and user groups which are used in actions cannot be removed
Strings added:
- User "%1$s" is used in "%2$s" action.
- User group "%1$s" is used in "%2$s" action.
oleg.egorov CLOSED
|
|
(43)
After user media removing displayed error message
How to reproduce:
1. Create media, then save user
2. Remove media, try to save user
sasha RESOLVED in r64252
oleg.egorov CLOSED
|
|
(44) After password change via frontend in User->Edit
sasha RESOLVED in r64263
oleg.egorov CLOSED
|
|
there are two subissues numbered "37".
might be worth renumbering.
sasha Thanks! Fixed.
<richlv> you rock - thank you 
|
|
one of the new/remaining strings is "User cannot alter user type for himself.".
it might be worth changing that in a more gender-neutral form of "User cannot alter user type for themselves." (but please confirm with maartinjsh )
also, would it be "User cannot alter the user type" ?
martins-v Possibly: "User cannot alter their user type", better yet "User cannot change their user type"
|
|
(45) Fixed translation string in r64262
Strings added:
- User cannot change their user type.
Strings deleted:
- User cannot alter user type for himself.
oleg.egorov CLOSED
|
|
(46) Security issue
New Audit log
passwd md5 value should be removed from audit log
sasha RESOLVED in r64312
oleg.egorov If change only password, no any information about user changes in audit log
sasha RESOLVED in r64338
oleg.egorov CLOSED
|
|
(47) Don't work user group disabling
I disable "Guest" user group, but in login screen still available "or sign in as guest" and it's work!
sasha RESOLVED in r64311
oleg.egorov CLOSED
|
|
(48) added validation and rewritten API methods in r64339, r64340:
- script: create(), update(), delete() and execute(}
Strings added:
- IPMI scripts can be executed only by server.
- directory or script name cannot be empty
Strings deleted:
- Cannot delete scripts. Empty input parameter "scriptids".
- Cannot delete scripts. Script with scriptid "%1$s" does not exist.
- Empty name for script "%1$s".
- Incorrect menu path for script "%1$s".
- Script command cannot be empty.
- Script name cannot be empty.
- Script with scriptid "%1$s" does not exist.
- Wrong fields for script.
oleg.egorov CLOSED
|
|
(49) added validation and rewritten API methods in r64343, r64345:
- usermacro: createglobal(), updateglobal() and deleteglobal()
Strings added:
Strings deleted:
- Macro with globalmacroid "%1$s" does not exist.
- Only Super Admins can create global macros.
- Only Super Admins can delete global macros.
- Only Super Admins can update global macros.
oleg.egorov CLOSED
|
|
suggested string change : "an user macro is expected" -> "a user macro is expected"
sasha Thanks a lot! Has been fixed in r64345.
oleg.egorov CLOSED
|
|
(50) r64360: deprecated usermedia.get method
usermedia:get() method have been deprecated
oleg.egorov CLOSED
|
|
(51) Script name validation.
I have script with name:
And i try create new with name
In 3.3 (trunk) it's not allowed, and new validator allow create new script with this name.
sasha RESOLVED in r64386
oleg.egorov CLOSED
|
|
(52) Removed last symbol from script name
I have script with name:
And I try to rename it to:
After success save, name still:
WON'T FIX. CLOSED
|
|
(53) Unnecessary variable in func.inc.php:2235
sasha RESOLVED in r64434
oleg.egorov CLOSED
|
|
(54) Documentation must be updated:
deprecated methods:
new features:
API changelog:
sasha RESOLVED
oleg.egorov CLOSED
|
|
r64444: initial merge to trunk. It doesn't cover all API yet.
Summary:
strict validation:
- application: create(), update() and delete()
- configuration: import() and export()
- hostgroup: create(), update() and delete()
- script: create(), update(), delete() and execute(}
- user: create(), update(), delete(), login(), logout() and checkauthenticate()
- usergroup: create(), update() and delete()
- usermacro: createglobal(), updateglobal() and deleteglobal()
- valuemap: create(), update() and delete()
moved (from GUI) and improved (bulk requests) audit log:
- application: create(), update() and delete()
- hostgroup: create(), update() and delete()
- script: create(), update(), delete() and execute(}
- user: create(), update(), delete(), login(), logout() and checkauthenticate()
- usergroup: create(), update() and delete()
- usermacro: createglobal(), updateglobal() and deleteglobal()
- valuemap: create(), update() and delete()
new parameters:
- user: added support of user_medias parameter by update() method
deprecated methods:
- user: updateprofile(), addmedia(), updatemedia() and deletemedia()
- usergroup: massadd() and massupdate()
- usermedia: get()
new constraints:
- user.delete(): users which are used in actions cannot be removed
- usergroup.delete(): user groups which are used in actions cannot be removed
|
|
(55) [A] usergroup.update(): user can add himself to a disabled group.
sasha RESOLVED in r64464
oleg.egorov Via frontend open user group list, then check Zabbix administrators and press Disable
REOPENED
sasha RESOLVED in r64513
oleg.egorov CLOSED
Fixed in pre-3.3.0 (trunk) r64540.
|
|
(56) [F] Cannot create or update script with Execute on: Zabbix server option
sasha RESOLVED in r64466
oleg.egorov CLOSED
Fixed in pre-3.3.0 (trunk) r64540.
|
|
(57) added validation and rewritten API methods in r64564:
- iconmap: create(), update() and delete()
mappings.sortorder parameter has been deprecated
Strings added:
- Global regular expression "%1$s" does not exist.
- Icon with ID "%1$s" is not available.
- Non-boolean flags are deprecated.
- Parameter "%1$s" is deprecated.
- invalid regular expression
Strings deleted:
- Cannot create icon maps with identical name "%s".
- Global expression does not exist.
- Icon map "%1$s" has mapping with incorrect iconid "%2$s".
- Icon map "%1$s" has mapping with incorrect inventory link "%2$s".
- Icon map "%s" cannot have mapping with empty expression.
- Icon map "%s" cannot have mapping with global expression that does not exist.
- Icon map "%s" has incorrect expression.
- Icon map "%s" must have at least one mapping.
- Icon map name cannot be empty.
- Icon map with iconmapid "%s" does not exist.
- Icon mapping entry "%1$s" against "%2$s" already exists.
- Incorrect parameter is used for icon map "%s".
- Incorrect parameters for icon map update method "%s".
- Only Super Admins can create icon maps.
- Only Super Admins can update icon maps.
- Required field "expression" is missing in icon mapping.
- Required field "iconid" is missing in icon mapping.
- Required field "inventory_link" is missing in icon mapping.
oleg.egorov
- One error for default_iconid and iconid:
Icon with ID "83" is not available.
- Missed descripion for IconMap create, update...
sasha it will be necessary to discuss it.
sasha Removed description from all create(), update(), delete(), validateCreate(), validateDelete() and validateUpdate() methods in r64651
oleg.egorov CLOSED
|
|
(58)
sasha RESOLVED in r64598
oleg.egorov CLOSED
|
|
(59) super admin can log in without username 'Admin', only entering password
sasha RESOLVED in r64687, r64688
natalja.zabbix tested
oleg.egorov CLOSED
|
|
(60) [A] script.create(): can create script name which already used in menu path for script
sasha RESOLVED in r64689
natalja.zabbix tested
oleg.egorov CLOSED
|
|
(61) Disable guests, and try to open:
oleg.egorov Moved to ZBX-11642. CLOSED
|
|
(62) "OFFSET 0" can be removed from SQL statements
sasha RESOLVED in r64692
oleg.egorov CLOSED
|
|
(63) Introduce an upper limit of numeric values.
Moved from ZBXNEXT-1443 (8)
|
|
(64) Currently field length errors are handled by DB. In case there are multiple parameters in one field, they separated by "\n". The error returned is split into multiple lines due to "\n" in frontend. The API validator should handle the "\n" and return a proper error.
Moved from ZBXNEXT-1443 (9)
|
|
(65) Unit test fails:
sasha What version of PHP you use? I can't reproduce this issue with PHP 7.0.8 and 5.5.9.
iivs I tested on 5.6.3 and 7.0.3
Seems like this happens only on windows PHP.
on linux machine all of them are int.
Since it's a PHP bug...
WON'T FIX
|
|
(66) Documentation:
sasha RESOLVED
oleg.egorov CLOSED
|
|
it is really great that this issue is getting some attention - thanks to all the contributors
what's the approach here - when the api changelog says "added strict validation of input parameters", what does that actually mean ?
is that full validation - does it include making sure that the passed values make sense ?
sasha Yes, it is full validation of input parameters including types, values, unexpected parameters etc.
|
|
(67) [A] Random string as parameter for subselect option returns unexpected result with extra array (in cases when outputExtend() is used in API->addRelatedObjects())
|
|
(68) [A] iconmap.update(): can update the same icon maps in one query
Expected error: Invalid parameter "/2": value (iconmapid)=(1) already exists.
sasha RESOLVED in r65094
oleg.egorov CLOSED
|
|
(69) item.get() and itemprototype.get() methods shall not return formula field.
Moved from ZBXNEXT-1443 (26)
|
|
r65103: second merge to trunk. It doesn't cover all API yet.
Summary:
strict validation:
- iconmap: create(), update() and delete()
added audit log:
- iconmap: create(), update() and delete()
deprecated parameters:
- iconmap.create(): mappings.sortorder
- iconmap.update(): mappings.sortorder
|
|
(70) Moved from ZBX-5705: API triggerprototype.create() possible to create duplicate elements
{
"jsonrpc":"2.0",
"method":"triggerprototype.create",
"params":[
{
"description":"NEW ZBX",
"expression":"{h1:vfs.fs.size[{#FSNAME}].last(0)}=0",
"status":0
},
{
"description":"NEW ZBX",
"expression":"{h1:vfs.fs.size[{#FSNAME}].last(0)}=0",
"status":0
}
],
"id":4,
"auth":"56783267c6cac2f2cfffe89ba84f6aa0"
}
|
|
(72) Moved from ZBX-8268:
httptest.create with httpstepid and without name
Response:
Item with key "web.test.in[E7,,bps]" already exists.
sasha RESOLVED in r65687
sasha Tested together with ZBXNEXT-2074. CLOSED
|
|
(73) added validation and rewritten API methods in r65687:
- httptest: create(), update() and delete()
Strings added:
- Application with applicationid "%1$s" does not exist.
- Cannot update step for a templated web scenario "%1$s": %2$s.
Strings deleted:
- Cannot update step name for a templated web scenario "%1$s".
- Created: Web scenario "%1$s" on "%2$s".
- Deleted: Web scenario "%1$s" on "%2$s".
- Empty web scenario ID.
- Incorrect SSL verify host value for web scenario "%1$s".
- Incorrect SSL verify peer value for web scenario "%1$s".
- Incorrect follow redirects value for step "%1$s" of web scenario "%2$s".
- Incorrect retrieve mode value for step "%1$s" of web scenario "%2$s".
- Incorrect web scenario ID.
- No "%1$s" given for web scenario.
- Updated: Web scenario "%1$s" on "%2$s".
- Web scenario missing parameters: %1$s
- Web scenario must have at least one step.
- Web scenario name cannot be empty.
- Web scenario step "%1$s" already exists.
- Web scenario step URL cannot be empty.
- Web scenario step is missing parameters: %1$s
- Web scenario step name cannot be empty.
- Web scenario step number cannot be less than 1.
sasha Tested together with ZBXNEXT-2074. CLOSED
|
|
(74) template.get issue
Moved from ZBXNEXT-3673
|
|
r65103: third merge to trunk (together with ZBXNEXT-2074). It doesn't cover all API yet.
Summary:
strict validation:
- httptest: create(), update() and delete()
added audit log:
- httptest: create(), update() and delete()
|
|
(75) Moved from ZBX-12118. Creating an item prototype without "ruleid", the error message is Field "parent_itemid" cannot be set to NULL.
|
|
(76) Moved from ZBXNEXT-2694 (33,34). Validation of map methods should be added.
|
|
(77) invalid mediatypeid in action.create (probably also update ?) results in bad sql queries - see ZBX-12078
|
|
(78) [3.2.6] Supplying
{"useip": 0, "dns": "somename"}
in a host interface for host.create or host.update, while leaving out "ip": "" (but still including the other required properties) returns a PHP-exception. If "ip": "" is supplied (without value), the call succeeds.
|
|
(79) Map size validation
For example, I have map with size 1000x1000, and in the bottom of the right side exist host element.
Then in map properties possible change map size to 500x500 (without any error)
Result is:
1. Map will be displayed as 500x500 and outside elements will be hidden.
2. If open map constructor and try to save map, will be displayed error message about outside element, witch not displayed.
|
|
(80) Item create
Result:
|
|
(84) template.get() returns useless data
curl -X POST \
http: -H 'cache-control: no-cache' \
-H 'content-type: application/json-rpc' \
-H 'postman-token: eded3a54-eb9f-4a7e-390a-4c7e28cf4273' \
-d '{
"jsonrpc": "2.0",
"method": "template.get",
"params": {
"output": "extend",
"filter": {"name": "Template OS Linux"}
},
"auth": "d8c8ce2d43592d279a4af464594c03f8",
"id": 1
}'
result:
{"jsonrpc":"2.0","result":[{"proxy_hostid":"0","host":"Template OS Linux","status":"3","disable_until":"0","error":"","available":"0","errors_from":"0","lastaccess":"0","ipmi_authtype":"-1","ipmi_privilege":"2","ipmi_username":"","ipmi_password":"","ipmi_disable_until":"0","ipmi_available":"0","snmp_disable_until":"0","snmp_available":"0","maintenanceid":"0","maintenance_status":"0","maintenance_type":"0","maintenance_from":"0","ipmi_errors_from":"0","snmp_errors_from":"0","ipmi_error":"","snmp_error":"","jmx_disable_until":"0","jmx_available":"0","jmx_errors_from":"0","jmx_error":"","name":"Template OS Linux","flags":"0","templateid":"10001","description":"","tls_connect":"1","tls_accept":"1","tls_issuer":"","tls_subject":"","tls_psk_identity":"","tls_psk":""}],"id":1}
Moved from ZBX-12542
|
|
(85) added validation and rewritten API methods in r72720:
Strings added:
- Proxy "%1$s" is used by action "%2$s".
Strings deleted:
After this fix, proxy cannot be removed when it is used in actions
sasha Available in 4.0.0alpha1 (trunk) r72995.
CLOSED
|
|
(86) [D] inability to delete a proxy that is used in actions (as per (85)) is worth mentioning in upgrade notes
sasha Of course! Thanks!
Updated API documentation:
CLOSED
|
|
(87) [A] If existing active proxy is updated changing its status to pasive proxy without specifying interfaces, frontend outputs a list of undefined index errors:
|
|
(88) [A] proxy.get() method outputs parameters which are not documented in Proxy object page and are specific to Host Object only. Additionally, if some specific parameter is requested (e.g. "host"), API always returns a "proxyid" parameter as well.
|
|
(89) [A] There is no validation for empty sourse in source type "Map navigation tree" while using methods dashboard.create or dashboard.update for creating Map widget .
To reproduce:
post new wigdet with "type": "sysmap",
where parameter with "name": "filter_widget_reference" is missing.
Reffered Map navigation tree should be created before.
Actual result: Empty map created.
Expected result: Error message "Invalid parameter "filter_widget_reference": a character string is expected." should be shown.
|
|
(90) [A] item.status is not properly validated
For example, this API request produces item with status=3:
{
"jsonrpc":"2.0",
"method":"item.update",
"params":{
"itemid":28284,
"status":3
},
"id":1,
"auth":"kolbaski"
}
MOVED from ZBX-12562.
|
|
(91) [A]
|
|
(92) [A] maintenance.update: only maintenanceid is required, but all other fields should be optional. Currently validation doesn't work correctly. Ugly fixes can be made, but it's better to rewrite the validation using new API validation. And if we do, we could do it for maintenance.create as well.
vmurzins Partial duplicate of ZBX-6167.
iivs Passing maintenanceid as array, results in catastrophe:
|
|
(94) [A] maintenance.create validation errors look like:
"Active since" must be between 1970.01.01 and 2038.01.18.
"Active till" must be between 1970.01.01 and 2038.01.18
but actually only Unix time is accepted. So somehow error message and actual parameter should be lead to one format.
|
|
(95) this is somewhat similar to (27) and (28).
multiple entities can be created with newline in the name :
- hosts (initially reported as
ZBX-3943)
- discovery rules (reproduced in 4.0.0alpha4)
most likely majority of object names have this issue
|
|
(96) drule.update; pass dchecks, specifying druleid of a another discovery rule.
looks like it is silently discarded.
|
|
(97) [A] added validation and rewritten API methods in r79018, r79021, r79027 and r79048:
- apiinfo: version()
- action: delete()
- correlation: delete()
- drule: delete()
also added audit for API methods:
- action: delete()
- correlation: delete()
Strings added:
- Discovery rule "%1$s" is used in "%2$s" action.
Strings deleted:
- Only super admins can delete correlations.
After this fix, discovery rule cannot be removed when it is used in action conditions
sasha Available in 4.0.0alpha6 r79328.
Updated API documentation:
CLOSED
|
|
(98) typo in the changelog entry : "drile.delete"
sasha Thanks! RESOLVED in r79522.
CLOSED
|
|
(100) ZBX-11784: Invalid condition operators when using API to create actions
|
|
(101) event.get, event.acknowledge, problem.get API methods should be updated to use strict validation.
Moved from ZBXNEXT-4447. Related to (20) and (96).
|
|
(109) [A] In httptest.update(), it is possible to pass empty object in "steps" array. In such case API input validator will not fire an error and such request will end up with SQL error.
API request:
"method": "httptest.update",
"params": {
"httptestid": "8",
"steps": [{}]
},
SQL error:
"error": {
"code": -32500,
"message": "Application error.",
"data": "SQL statement execution has failed \"INSERT INTO items (name,key_,value_type,units,hostid,delay,type,history,trends,status,params,description,posts,headers,itemid) VALUES ('Download speed for step \\\"$2\\\" of scenario \\\"$1\\\".','web.test.in[asd,,bps]','0','Bps','10254','1m','9','30d','90d','0','','','','','28962')\".",
|
|
Added strict validation of valuemap: get() method.
Available in:
Updated documentation:
|
|
Added strict validation of input parameters in script: get() method.
Available in:
Updated documentation:
|
|
(123) [A] "filter" actually works for some data types, and documentation is not correct and is not clear.
Looks like a fresh sub-issue:
Method: mediatype.get
Params: {"filter":{"description":"Email"}}
"filter" does work for textual data, but only for those DB columns, which are not 'text' data type.
In such case something wrong happens with data validation and it performs these SQLs:
But, if try to "filter" by column "name" (which is 'varchar(100)' type) then it works, and performs these SQLs:
and returned result is correct.
As for API documentation, on all object's pages we see all such columns described as "string", which misleads of course.
I do not see reason why "filter" could not work for 'text' too. May it depend on DB engine?
If not - then would be good to fix that for consistency.
An important note here - in version 4.0 "description" was varchar(100), but in 5.0 it renamed to "name" and new column "description" became "text".
|
Generated at Wed Apr 24 23:36:24 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.
3783-1.png
