Custom Object Variables: Contrary to docs, /* custom variable values get cleaned */

["Peter Valdemar Mørch (Lists)"]

On 2010-08-28 15:59, Ethan Galstad egalstad-at-nagios.org |Lists/Send to 
lists| wrote:
> Thanks for pointing this discrepancy out. Custom macros should be
> cleaned IMO, so I opted to update the docs instead. :-)

During the weekend I haven't been able to understand the rationale 
behind this. Could you help me understand it?

Looking at the other macros subjected to macro cleansing[1]

    1. $HOSTOUTPUT$
    2. $LONGHOSTOUTPUT$
    3. $HOSTPERFDATA$
    4. $HOSTACKAUTHOR$
    5. $HOSTACKCOMMENT$
    6. $SERVICEOUTPUT$
    7. $LONGSERVICEOUTPUT$
    8. $SERVICEPERFDATA$
    9. $SERVICEACKAUTHOR$
   10. $SERVICEACKCOMMENT$

it looks to me as if the values of these all originate from outside the 
config files. Then cleansing makes sense: "We don't really know/trust 
the source of these values, so lets make sure they are safe".

But the values of Custom Object Variables come from the config files, so 
why aren't they to be trusted? I don't (yet) see the conceptual 
difference between allowing special/illegal characters in Custom Object 
Variables and allowing them in $ARGn$ definitions. If we don't trust the 
author of the config files, shouldn't we cleanse $ARGn$ definitions in 
"check_command"s too then? Why one and not the other?

Peter
-- 
Peter Valdemar Mørch
http://www.morch.com

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel