[checkmk-commits] Check_MK Git: check_mk: #1373 SEC Do not ouput complete command line when datasource programs fail

Module: check_mk Branch: master Commit: 953c2b1734b2ff472a956db5fd9caf331f327294 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=953c2b1734b2ff… Author: Mathias Kettner &lt;mk(a)mathias-kettner.de&gt; Date: Thu Aug 21 13:12:42 2014 +0200 #1373 SEC Do not ouput complete command line when datasource programs fail When executing a datasource program like <tt>agent_vsphere</tt> fails, then Check_MK used to output the complete command line as plugin output of the Check_MK active check as part of an error message. The commandline could contain passwords - however. So this has now been changed into just outputting the path to the executable (e.g. <tt>/omd/sites/mysite/share/check_mk/agents/special/agent_vsphere</tt>). --- .werks/1373 | 15 +++++++++++++++ ChangeLog | 1 + modules/check_mk_base.py | 6 ++++-- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/.werks/1373 b/.werks/1373 new file mode 100644 index 0000000..07d43d4 --- /dev/null +++ b/.werks/1373 @@ -0,0 +1,15 @@ +Title: Do not ouput complete command line when datasource programs fail +Level: 2 +Component: core +Class: security +Compatible: compat +State: unknown +Version: 1.2.5i6 +Date: 1408619422 + +When executing a datasource program like <tt>agent_vsphere</tt> +fails, then Check_MK used to output the complete command line +as plugin output of the Check_MK active check as part of an error +message. The commandline could contain passwords - however. So this +has now been changed into just outputting the path to the executable +(e.g. <tt>/omd/sites/mysite/share/check_mk/agents/special/agent_vsphere</tt>). diff --git a/ChangeLog b/ChangeLog index 17f90eb..cf9109b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 1.2.5i6: Core & Setup: * 1008 Overall check timeout for Check_MK checks now defaults to CRIT state... + * 1373 SEC: Do not ouput complete command line when datasource programs fail... Checks & Agents: * 0185 knuerr_rms_humidity, knuerr_rms_temp: Two new Checks to Monitor the Temperature and the Humidity on Knürr RMS Devices diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py index 7d2277e..cd01442 100644 --- a/modules/check_mk_base.py +++ b/modules/check_mk_base.py @@ -656,6 +656,8 @@ def get_agent_info(hostname, ipaddress, max_cache_age): # Get data in case of external program def get_agent_info_program(commandline): + exepath = commandline.split()[0] # for error message, hide options! + import subprocess if opt_verbose: sys.stderr.write("Calling external program %s\n" % commandline) @@ -664,11 +666,11 @@ def get_agent_info_program(commandline): stdout, stderr = p.communicate() exitstatus = p.returncode except Exception, e: - raise MKAgentError("Could not execute '%s': %s" % (commandline, e)) + raise MKAgentError("Could not execute '%s': %s" % (exepath, e)) if exitstatus: if exitstatus == 127: - raise MKAgentError("Program '%s' not found (exit code 127)" % (commandline,)) + raise MKAgentError("Program '%s' not found (exit code 127)" % exepath) else: raise MKAgentError("Agent exited with code %d: %s" % (exitstatus, stderr)) return stdout