Query time (and other actions) produce arbitrary output #172
Comments
|
I'm fine with adding a query suppression option if one doesn't exist, however I don't think we want to get into the sanitation business for this. Since this isn't an arbitrary query provided by someone else (i.e., it comes from whoever wrote the checks) it would be their responsibility to make sure things are sensible to their own monitoring systems. |
|
I agree that trying to solve this through sanitation is messy. But I do think that So at least in "nagios" Output mode, the query should not be printed by default (unless it is sanitized) because doing so can produce invalid output that has to be processed by the monitoring system. I patched our copy of |
Due to the inclusion of the offending Query in the output of the "query_time" action and others (f958d61), the output produced by those actions can contain essentially arbitrary data. The printed SQL query can easily contain pipe characters ("|"), which are used by Nagios and Icinga to separate the Check output from the perfomance data. Having a pipe character in the check output confuses the parser and leads to bogus performance data.
It would be good if there was an option to suppress output of the query string. Alternatively, the query string could be "sanitized" (and possibly truncated to a maximum length).
The text was updated successfully, but these errors were encountered: