Potential bug in illegal character extraction from macros in 2.0b1 (no fix).

Andreas Ericsson ae at op5.se
Wed Feb 2 14:26:53 CET 2005

Previous message: Potential bug in illegal character extraction from macros in 2.0b1 (no fix).
Next message: HTTPS authentication problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stanley Hopcroft wrote:
> Dear Folks,
> 
> I am writing to report a potential bug in macro processing in 2.0b1.
> 
> Macros do not appear to have illegal chars stripped.
> 

It seems to work nicely for us (using the check_traffic plugin). 
Temporary workaround would be to put single quotes around each argument.

I suppose you'll post this to nagios-devel as well?

> Background:
> 
> Notifications failed - occasionally - for a  partic check.
> Enabled DEBUG4 on a test bed with these results 
> 
> SERVICE NOTIFICATION ATTEMPT: Service 'Patent Search' on host 'asterix'
>         Type: 0
>         Current time: Wed Feb  2 22:07:01 2005
>         Current notification number: 1
>         Service notification will NOT be escalated
>         Notify user unix
> 
>         Raw Command:       /usr/bin/printf "%b" "$SERVICEDESC$ 
> $HOSTNAME$ $SERVICESTATE$ $SHORTDATETIME$ $SERVICEOUTPUT$" | tee -a 
> /usr/home/anwsmh/nagios-2.0b1/var/notify_prob.log | /usr/bin/head -c 160 
> | /usr/bin/mail $CONTACTPAGER$
> 
>         Processed Command: /usr/bin/printf "%b" "Patent Search asterix 
> CRITICAL 02-02-2005 22:07:01 Patent Searching. Error indication in 
> response: "GET 
> http://asterix:7003/searching/patsearch/search_page.jsp?keyNo=&name=SMITH&applicants=T" 
> Transaction failed: fault indication in response.  No records were found 
> that matched your selection criteria</font></b></td>         </tr>" | 
> tee -a /usr/home/anwsmh/nagios-2.0b1/var/notify_prob.log | /usr/bin/head 
> -c 160 | /usr/bin/mail unix.page
> 
>         Notify user foo
> 
>         Raw Command:       /usr/bin/printf "%b" "***** Nagios 2.0 
> *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: 
> $SERVICEDESC$\nHost: $HOSTNAME$\nAddress: $HOSTADDRESS$\nState: 
> $SERVICESTATE$\n\nDate/Time: $SHORTDATETIME$\n\nAdditional 
> Info:\n\n$SERVICEOUTPUT$" | tee -a 
> /usr/home/anwsmh/nagios-2.0b1/var/notify_prob.log | /usr/bin/mail -s "** 
> $NOTIFICATIONTYPE$ alert - $HOSTNAME$/$SERVICEDESC$ is $SERVICESTATE$ 
> **" $CONTACTEMAIL$
> 
>         Processed Command: /usr/bin/printf "%b" "***** Nagios 2.0 
> *****\n\nNotification Type: PROBLEM\n\nService: Patent Search\nHost: 
> asterix\nAddress: 10.0.100.202\nState: CRITICAL\n\nDate/Time: 02-02-2005 
> 22:07:01\n\nAdditional Info:\n\nPatent Searching. Error indication in 
> response: "GET 
> http://asterix:7003/searching/patsearch/search_page.jsp?keyNo=&name=SMITH&applicants=T" 
> Transaction failed: fault indication in response.  No records were found 
> that matched your selection criteria</font></b></td>         </tr>" | 
> tee -a /usr/home/anwsmh/nagios-2.0b1/var/notify_prob.log | /usr/bin/mail 
> -s "** PROBLEM alert - asterix/Patent Search is CRITICAL **" 
> foo at IPAustralia.gov.au
> 
> The $SERVICEOUTPUT$ macro contains HTML tags ( </b> and friends ) that 
> play merry hell with the shell commands that are forked to deliver the 
> notification.
> 
> But I would have thought these chars would have been stripped by
> 
> # ILLEGAL MACRO OUTPUT CHARACTERS
> # This option allows you to specify illegal characters that are
> # stripped from macros before being used in notifications, event
> # handlers, etc.  This DOES NOT affect macros used in service or
> # host check commands.
> # The following macros are stripped of the characters you specify:
> #       $HOSTOUTPUT$
> #       $HOSTPERFDATA$
> #       $HOSTACKAUTHOR$
> #       $HOSTACKCOMMENT$
> #       $SERVICEOUTPUT$
> #       $SERVICEPERFDATA$
> #       $SERVICEACKAUTHOR$
> #       $SERVICEACKCOMMENT$
> 
> illegal_macro_output_chars=`~$&|'"<>
> 
> 
> Yours sincerely.
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> --
> This message contains privileged and confidential information only 
> for use by the intended recipient.  If you are not the intended 
> recipient of this message, you must not disseminate, copy or use 
> it in any manner.  If you have received this message in error, 
> please advise the sender by reply e-mail.  Please ensure all 
> e-mail attachments are scanned for viruses prior to opening or 
> using.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Potential bug in illegal character extraction from macros in 2.0b1 (no fix).
Next message: HTTPS authentication problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list