From 0f7b20ff39f2f155813510dc25f7b46074c6d34a Mon Sep 17 00:00:00 2001 From: Steve Kemp Date: Mon, 19 Nov 2012 14:07:01 +0000 Subject: Ensure that hostnames used for ping-tests are valid - to avoid the security hole. --- t/test-parser.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 't') diff --git a/t/test-parser.rb b/t/test-parser.rb index a037448..cb9a9cb 100755 --- a/t/test-parser.rb +++ b/t/test-parser.rb @@ -608,4 +608,24 @@ class TestParser < Test::Unit::TestCase end end + + # + # Test the potential security-hole for ping-tests + # + def test_ping_security_hole + + + parser = MonitorConfig.new("/dev/null" ) + + assert_raise ArgumentError do + parser.parse_line( "$(/tmp/exploit) must ping ." ) + end + + assert_nothing_raised do + parser.parse_line( "test.example.vm.bytemark.co.uk must ping ." ) + end + + end + + end -- cgit v1.2.1