Custom Object Variables: Contrary to docs, /* custom variable values get cleaned */
"Peter Valdemar Mørch (Lists)"
4ux6as402 at sneakemail.com
Mon Aug 30 11:22:27 CEST 2010
On 2010-08-28 15:59, Ethan Galstad egalstad-at-nagios.org |Lists/Send to
lists| wrote:
> Thanks for pointing this discrepancy out. Custom macros should be
> cleaned IMO, so I opted to update the docs instead. :-)
During the weekend I haven't been able to understand the rationale
behind this. Could you help me understand it?
Looking at the other macros subjected to macro cleansing[1]
1. $HOSTOUTPUT$
2. $LONGHOSTOUTPUT$
3. $HOSTPERFDATA$
4. $HOSTACKAUTHOR$
5. $HOSTACKCOMMENT$
6. $SERVICEOUTPUT$
7. $LONGSERVICEOUTPUT$
8. $SERVICEPERFDATA$
9. $SERVICEACKAUTHOR$
10. $SERVICEACKCOMMENT$
it looks to me as if the values of these all originate from outside the
config files. Then cleansing makes sense: "We don't really know/trust
the source of these values, so lets make sure they are safe".
But the values of Custom Object Variables come from the config files, so
why aren't they to be trusted? I don't (yet) see the conceptual
difference between allowing special/illegal characters in Custom Object
Variables and allowing them in $ARGn$ definitions. If we don't trust the
author of the config files, shouldn't we cleanse $ARGn$ definitions in
"check_command"s too then? Why one and not the other?
Peter
--
Peter Valdemar Mørch
http://www.morch.com
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list