[Nagiosplug-devel] Guidelines

Andreas Ericsson ae at op5.se
Fri Jun 3 23:26:04 CEST 2005


Jason Martin wrote:
> On Wed, Jun 01, 2005 at 04:23:36PM +0200, Andreas Ericsson wrote:
>>* "Validate all input"
>>Considering the fact that not a single plugin does this today (unless 
>>you're thinking validate_arguments()), this is just a waste of 
> 
> This is still a good idea -- a widely distributed plugin should
> be very careful what it does, especially if it is going to be
> run through a semi-insecure mechanism such as NRPE.  Not all the
> plugins do this, but they should.
> 

Then call it "Write secure code" or something. Input validation is only 
a small part of that, and practically useless unless there's a 
data-mangling middle- or back-end of the plugin.

> 
>>In addition, it would be nice to see a section called "Don't waste 
>>return values just so you can (possibly inaccurately) recalculate them 
>>later".
> 
> What do you mean by this?
> 

See the is_intnonneg() and the likes for this. It calculates the value 
and then throws it away, just to let the caller calculate them all over 
again.

> Overall it looks good.
> -Jason Martin
> 

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer




More information about the Devel mailing list