[ZBX-4772] API allows to send meaningless values as host status, letting the host disappear Created: 2012 Mar 18 Updated: 2017 May 30 Resolved: 2014 Jan 31 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | API (A) |
| Affects Version/s: | 1.8.10, 2.2.2rc1, 2.3.0 |
| Fix Version/s: | 2.3.0 |
| Type: | Incident report | Priority: | Major |
| Reporter: | Volker Fröhlich | Assignee: | Ivo Kurzemnieks |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | validation | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
You can send a meaningless "9" as host status with "Host Update()", letting the host disappear from the GUI. It's still there in the database though. I'd expect some kind of validation and protection against the likes. |
| Comments |
| Comment by Pavels Jelisejevs (Inactive) [ 2014 Jan 30 ] |
|
The issue is still reproducible in 2.2 and 2.3. |
| Comment by Ivo Kurzemnieks [ 2014 Jan 31 ] |
|
RESOLVED in svn://svn.zabbix.com/branches/dev/ZBX-4772 |
| Comment by richlv [ 2014 Jan 31 ] |
|
this was also mentioned as (6) in ZBX-3783, and proxy.update method had the same problem, which was fixed |
| Comment by Pavels Jelisejevs (Inactive) [ 2014 Jan 31 ] |
|
(1) I've made some changes in r42033, please review. iivs REVIEWED. Noticed that permission check was after status check, so I was getting strange message. Permission check is now moved to top. Eduards CLOSED |
| Comment by Eduards Samersovs (Inactive) [ 2014 Jan 31 ] |
|
(2) Permission check fails on array of hosts |
| Comment by Eduards Samersovs (Inactive) [ 2014 Jan 31 ] |
|
Tested |
| Comment by Ivo Kurzemnieks [ 2014 Jan 31 ] |
|
Fixed in pre-2.3.0 (trunk) r42061 |