[Nagiosplug-devel] Guidelines
Subhendu Ghosh
sghosh at sghosh.org
Wed Jun 1 08:26:36 CEST 2005
On Wed, 1 Jun 2005, Andreas Ericsson wrote:
> I've been going through the plugin guidelines and noticed a couple of weird
> things and hints in them, for example;
>
> * "Print only one line of text"
> This should be changed to "Always make sure the first line of output contains
> something useful", as it's usually useful to (by default) print any error
> messages later on so the user sees them when running them from command-line.
> I'd be happy to print a queuing system for error messages so they can be
> printed at plugin exit.
>
> * "The plugins are copyrighted by their respective authors", and later on,
> "The copyright for the changes will then revert to the Nagios Plugin
> Development Team".
> This second statement is just pure BS anyway, as the signover of copyrights
> requires a fair amount of paperwork and cannot be automated by a statement on
> a webpage. If anything, you can force authors to make their changes GPL'd
> (the GPL already states this explicitly, but it's still a good idea to make
> it painfully obvious on the webpage). The code submitted to the project *IS*
> GPL, but may be copyrighted by others. If those others choose to change the
> copyright of their copy of the code, they cannot make those changes apply
> retroactively to the code-versions in the nagiosplug repository.
>
> * "Don't execute system commands without specifying their full path".
> The reason given (trojans earlier in the path) is fairly moot given that if
> someone can add files to any element of the path the game is most certainly
> lost. It's good for making sure idiots don't write code that wildly spawn
> external programs though.
>
> * "Validate all input"
> Considering the fact that not a single plugin does this today (unless you're
> thinking validate_arguments()), this is just a waste of web-space. The fact
> that the spopen()-enabled plugins run commands on a large array of hosts
> which produce vastly different output, this turns somewhat impossible.
>
> * "All network plugins should use DEFAULT_SOCKET_TIMEOUT to timeout".
> For many plugins, this is largely meaningless as most of them can calculate
> how long they will have to run at a maximum before they return CRITICAL
> anyway (check_tcp with -w and -c flags, check_ping, etc). Having them hung in
> kernel-space when they'll still return CRITICAL won't make anybody happier.
> This should be changed to "Use DEFAULT_SOCKET_TIMEOUT as default unless a
> value can be properly calculated".
>
> * "In addition to the reserved options" .... and what follows.
> I notice that there are no less than 4 of the 5 listed "standard" options
> that are supposed to denote username in one form or another. Please just drop
> this section entirely, or decide on ONE thing to use. the --url option,
> currently applying to a single plugin (check_http) isn't exactly what I would
> call "standard".
>
>
> In addition, it would be nice to see a section called "Don't waste return
> values just so you can (possibly inaccurately) recalculate them later".
> Another section, named "Use the appropriate function for the job" would also
> be nice as well as "Prefer ANSI C over non-standard functions". For reasons
> to this, take a look at the use of strstr() (which isn't an intrinsic
> function) being used as strchr() (which IS an intrinsic function) in too many
> of the plugins, as well as strpbrk(), strspn() and friends.
> All of those new sections could be bundled under "Optimization", which would
> then incorporate the "Allow sibling call optimizations" and "How To Make Life
> Easy For The Compiler".
>
> end rant;
>
> Sorry to those of you whom I'm sure took offense. None was actually intended.
>
>
no offense - diff sgml ;) please
--
-sg
More information about the Devel
mailing list