diff options
Diffstat (limited to 'lib/custodian/parser.rb')
| -rw-r--r-- | lib/custodian/parser.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/custodian/parser.rb b/lib/custodian/parser.rb index 77adc48..ea25c3a 100644 --- a/lib/custodian/parser.rb +++ b/lib/custodian/parser.rb @@ -373,6 +373,16 @@ class MonitorConfig :timeout => @timeout } + # + # Sanity check the hostname for ping-tests, to + # avoid this security hole: + # + # $(/tmp/exploit.sh) must run ping .. + # + if ( service == "ping" ) + raise ArgumentError, "Invalid hostname for ping-test: #{host}" unless( host =~ /^([a-zA-Z0-9:\-\.]+)$/ ) + end + # # Alert text will have a default, which may be overridden. |