Cacti
Spine should see if script to be executed is executable
Describe the bug If a script is not actually executable, spine fails with a warning about improper data.
Expected behavior It should know that the script is not executable and therefore properly report this.
This is mostly for POLLER_SCRIPT methods but it may be worth including in poller.php/cmd.php too for their scripts.
The main issue is breaking up the command into the executable portion and the command parameters. If we have the executable portion separately, it would make life easier but we don't.
If we did have a separate executable string, then we could have done it using something like:
if (stat(file, &sb) == 0 && sb.st_mode & S_IXUSR) {
popen / nft_open
} else {
// report
}
I was giving this one some thought @netniV, maybe this needs to be optional, as a data input method that does echo /some/file.dat could fail on two parts. First there is no path to echo, and we would have to do a which followed by a check for file exists. You see the rabbit hole?
You wouldn't have a template doing a simple echo. As far as I am aware, they always call a script or executable
Good point, but here is a more reasonable example, one that I actually used in the old days:
- In cron, you create a file abc.txt that includes some data you want to use in Cacti. Output could look like "name1:value1 name2:value2"
- You cat input method does
cat abc.txt
There are two problems here:
- First,
catdoes not need a path depending on your spine option, so to validate it, you have to first do awhich - Second, you don't know if the second attributed is a file to
cator some option unless you start implementing some AI in Cacti
So, to fully cover the is the path executable does not really solve the problem entirely. You have to dig down deep to get to the bottom of the rabbit hole.
KNOWN ISSUE - If you call command without a path, starting in spine 1.2.25, those commands will fail. This actually fixes a security issue if you think about it too.