Issues
- Sending bad XML to the Requisitions ReST end point makes the API unusableNMS-9725Resolved issue: NMS-9725Benjamin Reed
- The EXE installer of the remote poller on Windows is not workingNMS-9721Resolved issue: NMS-9721Seth Leger
- NPE in Enlinkd bridge topology broadcast domain calculationNMS-9720Resolved issue: NMS-9720Antonio Russo
- shared segments optimizationNMS-9719Resolved issue: NMS-9719Antonio Russo
- Unexpected errors while generating event definitions from TRAP-TYPE without a DESCRIPTION fieldNMS-9718Resolved issue: NMS-9718Alejandro Galue
- Be able to use Proxy for any Monitor or Collector that uses HttpClientNMS-9710Resolved issue: NMS-9710Patrick Schweizer
- Duty schedules with embedded newlines break startupNMS-9709Resolved issue: NMS-9709Benjamin Reed
- Typo: "not elegible" for SNMP primary N enumerationNMS-9701Resolved issue: NMS-9701Alejandro Galue
- Typo in regional status geo map: Unacknowledges (for unacknolwedged)NMS-9700Resolved issue: NMS-9700Jeff Gehlbach
- semantic topology map drilldown with double clickNMS-9698
- create "link" between semantic map and enlinkd topology mapNMS-9697
- Typo prevents FIQL query values from being URI-encodedNMS-9694Resolved issue: NMS-9694Seth Leger
12 of 12
Sending bad XML to the Requisitions ReST end point makes the API unusable
Fixed
Description
Acceptance / Success Criteria
None
Attachments
1
Lucidchart Diagrams
Details
Assignee
Benjamin ReedBenjamin ReedReporter
Alejandro GalueAlejandro GalueLabels
Components
Sprint
NoneFix versions
Affects versions
Priority
Major
Details
Details
Assignee
Benjamin Reed
Benjamin Reed
Reporter
Alejandro Galue
Alejandro Galue
Labels
Components
Sprint
None
Fix versions
Affects versions
Priority
MajorPagerDuty
PagerDuty
PagerDuty
Created October 31, 2017 at 8:50 PM
Updated November 7, 2017 at 3:07 PM
Resolved November 7, 2017 at 3:07 PM
Activity
Show:
Benjamin ReedNovember 7, 2017 at 3:07 PM
Merged to foundation-2016
Alejandro GalueOctober 31, 2017 at 9:08 PM
I verified the problem on latest version of Meridian 2016 and Meridian 2017.
Let's say an operator is managing the inventory through the ReST API directly as he is in the process of developing a script to populate the requisitions in OpenNMS.
The following XML is actually a valid content when querying
/opennms/rest/nodes,It is good for that end point, as that is a partial representation of the
OnmsNodeobject. Now, a user might try to use this wrong object against/opennms/rest/requisitions, which is not going to work as that is not a representation of aRequisitionedNodeobject.The problem is that the API won't complain and will accept the request:
The above assumes that I've saved the XML on a file called
bad-node.xml.Now, if I try to perform a GET request against the requisitions end point for the requisition in question, it fails and returs an HTTP 500 error.
Checking the logs, I found the problem on the attached
web.log.From now on, the ReST end point for the affected requisition is unusable until opennms is restarted.
I think the ReST end point should validate the XML input and reject it when it is malformed, which is not the case, hence the exception: