[Nagiosplug-devel] Guidelines
Andreas Ericsson
ae at op5.se
Fri Jun 3 23:26:04 CEST 2005
Jason Martin wrote:
> On Wed, Jun 01, 2005 at 04:23:36PM +0200, Andreas Ericsson wrote:
>>* "Validate all input"
>>Considering the fact that not a single plugin does this today (unless
>>you're thinking validate_arguments()), this is just a waste of
>
> This is still a good idea -- a widely distributed plugin should
> be very careful what it does, especially if it is going to be
> run through a semi-insecure mechanism such as NRPE. Not all the
> plugins do this, but they should.
>
Then call it "Write secure code" or something. Input validation is only
a small part of that, and practically useless unless there's a
data-mangling middle- or back-end of the plugin.
>
>>In addition, it would be nice to see a section called "Don't waste
>>return values just so you can (possibly inaccurately) recalculate them
>>later".
>
> What do you mean by this?
>
See the is_intnonneg() and the likes for this. It calculates the value
and then throws it away, just to let the caller calculate them all over
again.
> Overall it looks good.
> -Jason Martin
>
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
More information about the Devel
mailing list