andreas/heartbeat
Public Access
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 44 Wiki Activity

fix: use shlex.split() in nagios_runner path validation to handle quoted paths

Browse Source
This commit is contained in:
Andreas Wrede
2026-04-25 16:28:32 +02:00
parent 535dbda47d
commit d7e6b478e1
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hbd/client/plugins/nagios_runner.py
+8 -1
View File
@@ -24,6 +24,7 @@ nagios_runner:
import asyncio import asyncio
import os import os
import re import re
import shlex
from typing import Any, Dict, List, Optional, Tuple from typing import Any, Dict, List, Optional, Tuple
from hbd.client.plugin import MonitorPlugin from hbd.client.plugin import MonitorPlugin
@@ -101,7 +102,13 @@ class NagiosRunnerPlugin(MonitorPlugin):
command = cmd_config.get("command", "") command = cmd_config.get("command", "")
if not command: if not command:
continue continue
exe = command.split()[0] try:
tokens = shlex.split(command)
except ValueError:
continue # malformed command string; skip validation
if not tokens:
continue
exe = tokens[0]
if os.path.isabs(exe): if os.path.isabs(exe):
if not os.path.isfile(exe): if not os.path.isfile(exe):
self.logger.warning( self.logger.warning(