OpenSource/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dont allow arbitrary patam passage

Browse Source
This commit is contained in:
shamoon 2024-08-29 11:43:29 -07:00
parent 4a0b18bc68
commit 6be2811297
3 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/utils/proxy/handlers/jsonrpc.js
View File

@ -65,13 +65,15 @@ export async function sendJsonRpcRequest(url, method, params, widget) {
} }
export default async function jsonrpcProxyHandler(req, res) { export default async function jsonrpcProxyHandler(req, res) {
const { group, service, endpoint: method, query } = req.query; const { group, service, endpoint: method } = req.query;
const params = query ? JSON.parse(query) : null;
if (group && service) { if (group && service) {
const widget = await getServiceWidget(group, service); const widget = await getServiceWidget(group, service);
const api = widgets?.[widget.type]?.api; const api = widgets?.[widget.type]?.api;
const [, mapping] = Object.entries(widgets?.[widget.type]?.mappings).find(([, value]) => value.endpoint === method);
const params = mapping?.params ?? null;
if (!api) { if (!api) {
return res.status(403).json({ error: "Service does not support API calls" }); return res.status(403).json({ error: "Service does not support API calls" });
} }
@ -79,8 +81,7 @@ export default async function jsonrpcProxyHandler(req, res) {
if (widget) { if (widget) {
const url = formatApiCall(api, { ...widget }); const url = formatApiCall(api, { ...widget });
// eslint-disable-next-line no-unused-vars const [status, , data] = await sendJsonRpcRequest(url, method, params, widget);
const [status, contentType, data] = await sendJsonRpcRequest(url, method, params, widget);
return res.status(status).end(data); return res.status(status).end(data);
} }
} }

12
src/widgets/zabbix/component.jsx
View File

@ -9,21 +9,11 @@ const PriorityAverage = "3";
const PriorityHigh = "4"; const PriorityHigh = "4";
const PriorityDisaster = "5"; const PriorityDisaster = "5";
const triggerParams = {
output: ["triggerid", "description", "priority"],
filter: {
value: 1,
},
sortfield: "priority",
sortorder: "DESC",
monitored: "true",
};
export default function Component({ service }) { export default function Component({ service }) {
const { t } = useTranslation(); const { t } = useTranslation();
const { widget } = service; const { widget } = service;
const { data: zabbixData, error: zabbixError } = useWidgetAPI(widget, "trigger", triggerParams); const { data: zabbixData, error: zabbixError } = useWidgetAPI(widget, "trigger");
if (zabbixError) { if (zabbixError) {
return <Container service={service} error={zabbixError} />; return <Container service={service} error={zabbixError} />;

13
src/widgets/zabbix/widget.js
View File

@ -5,7 +5,18 @@ const widget = {
proxyHandler: jsonrpcProxyHandler, proxyHandler: jsonrpcProxyHandler,
mappings: { mappings: {
trigger: { endpoint: "trigger.get" }, trigger: {
endpoint: "trigger.get",
params: {
output: ["triggerid", "description", "priority"],
filter: {
value: 1,
},
sortfield: "priority",
sortorder: "DESC",
monitored: "true",
},
},
}, },
}; };