From 7c0749679c2424cc88cfe0dfc878b1a8f601f935 Mon Sep 17 00:00:00 2001 From: Michael Friedrich Date: Thu, 12 Mar 2015 18:05:58 +0100 Subject: [PATCH] Fix missing config validator for command arguments 'set_if' fixes #8724 --- lib/icinga/command.cpp | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/lib/icinga/command.cpp b/lib/icinga/command.cpp index 293ffd1e9..6d6bafcd4 100644 --- a/lib/icinga/command.cpp +++ b/lib/icinga/command.cpp @@ -72,19 +72,37 @@ void Command::ValidateArguments(const String& location, const Command::Ptr& obje if (arginfo.IsObjectType()) { Dictionary::Ptr argdict = arginfo; - if (argdict->Contains("value")) - argval = argdict->Get("value"); - } else + if (argdict->Contains("value")) { + String argvalue = argdict->Get("value"); + + if (!MacroProcessor::ValidateMacroString(argvalue)) { + BOOST_THROW_EXCEPTION(ScriptError("Validation failed for " + + location + ": Closing $ not found in macro format string '" + argvalue + "'.", object->GetDebugInfo())); + } + } + + if (argdict->Contains("set_if")) { + String argsetif = argdict->Get("set_if"); + + if (!MacroProcessor::ValidateMacroString(argsetif)) { + BOOST_THROW_EXCEPTION(ScriptError("Validation failed for " + + location + ": Closing $ not found in macro format string '" + argsetif + "'.", object->GetDebugInfo())); + } + } + } else if (arginfo.IsObjectType()) { + continue; /* we cannot evaluate macros in functions */ + } else { argval = arginfo; - if (argval.IsEmpty()) - continue; + if (argval.IsEmpty()) + continue; - String argstr = argval; + String argstr = argval; - if (!MacroProcessor::ValidateMacroString(argstr)) { - BOOST_THROW_EXCEPTION(ScriptError("Validation failed for " + - location + ": Closing $ not found in macro format string '" + argstr + "'.", object->GetDebugInfo())); + if (!MacroProcessor::ValidateMacroString(argstr)) { + BOOST_THROW_EXCEPTION(ScriptError("Validation failed for " + + location + ": Closing $ not found in macro format string '" + argstr + "'.", object->GetDebugInfo())); + } } } } -- 2.40.0