[Nagiosplug-devel] taint checking for core perl plugins
Karl DeBisschop
karl at debisschop.net
Fri Mar 14 05:29:02 CET 2003
Here is our current taint checking idiom (from check_ntp, but IIRC most
others are similar)
($opt_w) || ($opt_w = $DEFAULT_OFFSET_WARN);
my $owarn = $1 if ($opt_w =~ /([0-9.]+)/);
I think if the user passes an argument in but taint checking fails, then
the target variable ($owarn in this case) never gets defined.
If commiting a patch to check_ntp that fixes this as follows:
$owarn = $DEFAULT_OFFSET_WARN;
($opt_w) && ($opt_w =~ /^([0-9.]+)$/) && ($owarn = $1);
I came across this by accident (I noticed that you could not set
timeout, so I was adding that option). So I'm only commiting check_ntp
now.
I'll allow others to comment on my replacement code before I commit
changes to the rest of the core perl plugins.
--
Karl
More information about the Devel
mailing list