Skip to content

Commit

Permalink
JSON: Escape percent signs in most strings
Browse files Browse the repository at this point in the history 
A printf-family function is used for flexibility reasons when adding
a string to the JSON structure. For this reason any percent signs in
strings generated external to the JSON code (object attributes, plugin
output, etc.) should have percent signs escaped (to "%%") before being
added in the json_*_append_string() functions to prevent the % sign
from being interpreted as a format specifier.

This commit accomplishes that by passing a structure with the escapes
to the json_*_append_string() functions where escaping is desired and
a NULL when it is not desired. When json_object_append_string() sees a
non-null structure, it calls json_escape_string() on the string before
it calls the printf-family function.
  • Loading branch information
Eric Stanley committed Jun 15, 2014
1 parent b705897 commit 04c80dd
Show file tree
Hide file tree
Showing 5 changed files with 462 additions and 356 deletions.
108 changes: 60 additions & 48 deletions cgi/archivejson.c
View file
Expand Up @@ -549,6 +549,8 @@ option_help archive_json_help[] = {
},
};

extern const json_escape percent_escapes;

int json_archive_alert_passes_selection(time_t, time_t, time_t, int, int,
au_host *, char *, au_service *, char *, int, host *, int, host *,
hostgroup *, servicegroup *, contact *, contactgroup *, unsigned,
Expand Down Expand Up @@ -2149,42 +2151,44 @@ json_object * json_archive_alert_selectors(unsigned format_options, int start,
}

if(NULL != match_host) {
json_object_append_string(json_selectors, "hostname", match_host);
json_object_append_string(json_selectors, "hostname", &percent_escapes,
match_host);
}

if(NULL != match_service) {
json_object_append_string(json_selectors, "servicedescription",
match_service);
&percent_escapes, match_service);
}

if(1 == use_parent_host) {
json_object_append_string(json_selectors, "parenthost",
&percent_escapes,
( NULL == parent_host ? "none" : parent_host->name));
}

if( 1 == use_child_host) {
json_object_append_string(json_selectors, "childhost",
json_object_append_string(json_selectors, "childhost", &percent_escapes,
( NULL == child_host ? "none" : child_host->name));
}

if(NULL != match_hostgroup) {
json_object_append_string(json_selectors, "hostgroup",
json_object_append_string(json_selectors, "hostgroup", &percent_escapes,
match_hostgroup->group_name);
}

if((object_types & AU_OBJTYPE_SERVICE) && (NULL != match_servicegroup)) {
json_object_append_string(json_selectors, "servicegroup",
match_servicegroup->group_name);
json_object_append_string(json_selectors, "servicegroup",
&percent_escapes, match_servicegroup->group_name);
}

if(NULL != match_contact) {
json_object_append_string(json_selectors, "contact",
json_object_append_string(json_selectors, "contact", &percent_escapes,
match_contact->name);
}

if(NULL != match_contactgroup) {
json_object_append_string(json_selectors, "contactgroup",
match_contactgroup->group_name);
json_object_append_string(json_selectors, "contactgroup",
&percent_escapes, match_contactgroup->group_name);
}

return json_selectors;
Expand Down Expand Up @@ -2349,13 +2353,14 @@ void json_archive_alert_details(json_object *json_details,
switch(temp_alert->obj_type) {
case AU_OBJTYPE_HOST:
temp_host = (au_host *)temp_alert->object;
json_object_append_string(json_details, "name", temp_host->name);
json_object_append_string(json_details, "name", &percent_escapes,
temp_host->name);
break;
case AU_OBJTYPE_SERVICE:
temp_service = (au_service *)temp_alert->object;
json_object_append_string(json_details, "host_name",
json_object_append_string(json_details, "host_name", &percent_escapes,
temp_service->host_name);
json_object_append_string(json_details, "description",
json_object_append_string(json_details, "description", &percent_escapes,
temp_service->description);
break;
}
Expand All @@ -2364,7 +2369,7 @@ void json_archive_alert_details(json_object *json_details,
temp_alert->state_type, svm_au_state_types);
json_enumeration(json_details, format_options, "state", temp_alert->state,
svm_au_states);
json_object_append_string(json_details, "plugin_output",
json_object_append_string(json_details, "plugin_output", &percent_escapes,
temp_alert->plugin_output);
}

Expand Down Expand Up @@ -2656,47 +2661,51 @@ json_object * json_archive_notification_selectors(unsigned format_options,
}

if(NULL != match_host) {
json_object_append_string(json_selectors, "hostname", match_host);
json_object_append_string(json_selectors, "hostname", &percent_escapes,
match_host);
}

if(NULL != match_service) {
json_object_append_string(json_selectors, "servicedescription",
match_service);
&percent_escapes, match_service);
}

if(1 == use_parent_host) {
json_object_append_string(json_selectors, "parenthost",
&percent_escapes,
( NULL == parent_host ? "none" : parent_host->name));
}

if( 1 == use_child_host) {
json_object_append_string(json_selectors, "childhost",
&percent_escapes,
( NULL == child_host ? "none" : child_host->name));
}

if(NULL != match_hostgroup) {
json_object_append_string(json_selectors, "hostgroup",
json_object_append_string(json_selectors, "hostgroup", &percent_escapes,
match_hostgroup->group_name);
}

if((match_object_types & AU_OBJTYPE_SERVICE) &&
(NULL != match_servicegroup)) {
json_object_append_string(json_selectors, "servicegroup",
match_servicegroup->group_name);
json_object_append_string(json_selectors, "servicegroup",
&percent_escapes, match_servicegroup->group_name);
}

if(NULL != match_contact) {
json_object_append_string(json_selectors, "contact", match_contact);
json_object_append_string(json_selectors, "contact", &percent_escapes,
match_contact);
}

if(NULL != match_contactgroup) {
json_object_append_string(json_selectors, "contactgroup",
match_contactgroup->group_name);
json_object_append_string(json_selectors, "contactgroup",
&percent_escapes, match_contactgroup->group_name);
}

if(NULL != match_notification_method) {
json_object_append_string(json_selectors, "notificationmethod",
match_notification_method);
json_object_append_string(json_selectors, "notificationmethod",
&percent_escapes, match_notification_method);
}

return json_selectors;
Expand Down Expand Up @@ -2874,25 +2883,25 @@ void json_archive_notification_details(json_object *json_details,
switch(temp_notification->obj_type) {
case AU_OBJTYPE_HOST:
temp_host = (au_host *)temp_notification->object;
json_object_append_string(json_details, "name", temp_host->name);
json_object_append_string(json_details, "name", &percent_escapes,
temp_host->name);
break;
case AU_OBJTYPE_SERVICE:
temp_service = (au_service *)temp_notification->object;
json_object_append_string(json_details, "host_name",
json_object_append_string(json_details, "host_name", &percent_escapes,
temp_service->host_name);
json_object_append_string(json_details, "description",
json_object_append_string(json_details, "description", &percent_escapes,
temp_service->description);
break;
}

json_object_append_string(json_details, "contact",
json_object_append_string(json_details, "contact", &percent_escapes,
temp_notification->contact->name);
json_enumeration(json_details, format_options, "notification_type",
temp_notification->notification_type,
svm_au_notification_types);
json_object_append_string(json_details, "method",
json_enumeration(json_details, format_options, "notification_type",
temp_notification->notification_type, svm_au_notification_types);
json_object_append_string(json_details, "method", &percent_escapes,
temp_notification->method);
json_object_append_string(json_details, "message",
json_object_append_string(json_details, "message", &percent_escapes,
temp_notification->message);
}

Expand Down Expand Up @@ -2988,12 +2997,13 @@ json_object *json_archive_statechange_selectors(unsigned format_options,
}

if(NULL != host_name) {
json_object_append_string(json_selectors, "hostname", host_name);
json_object_append_string(json_selectors, "hostname", &percent_escapes,
host_name);
}

if(NULL != service_description) {
json_object_append_string(json_selectors, "servicedescription",
service_description);
&percent_escapes, service_description);
}

if(state_types != AU_STATETYPE_ALL) {
Expand Down Expand Up @@ -4072,27 +4082,28 @@ json_object *json_archive_availability_selectors(unsigned format_options,
}

if(NULL != host_name) {
json_object_append_string(json_selectors, "hostname", host_name);
json_object_append_string(json_selectors, "hostname", &percent_escapes,
host_name);
}

if(NULL != service_description) {
json_object_append_string(json_selectors, "servicedescription",
service_description);
&percent_escapes, service_description);
}

if(NULL != hostgroup) {
json_object_append_string(json_selectors, "hostgroup",
json_object_append_string(json_selectors, "hostgroup", &percent_escapes,
hostgroup->group_name);
}

if(NULL != servicegroup) {
json_object_append_string(json_selectors, "servicegroup",
servicegroup->group_name);
json_object_append_string(json_selectors, "servicegroup",
&percent_escapes, servicegroup->group_name);
}

if(NULL != report_timeperiod) {
json_object_append_string(json_selectors, "timeperiod",
report_timeperiod->name);
json_object_append_string(json_selectors, "timeperiod",
&percent_escapes, report_timeperiod->name);
}

json_object_append_boolean(json_selectors, "assumeinitialstate",
Expand Down Expand Up @@ -4333,7 +4344,7 @@ json_object *json_archive_availability(unsigned format_options,
}
json_hostgroup_object = json_new_object();
json_object_append_string(json_hostgroup_object, "name",
temp_hostgroup->group_name);
&percent_escapes, temp_hostgroup->group_name);
json_object_append_array(json_hostgroup_object, "hosts",
json_host_list);
json_array_append_object(json_hostgroup_list,
Expand Down Expand Up @@ -4366,7 +4377,7 @@ json_object *json_archive_availability(unsigned format_options,
}
json_hostgroup_object = json_new_object();
json_object_append_string(json_hostgroup_object, "name",
hostgroup_selector->group_name);
&percent_escapes, hostgroup_selector->group_name);
json_object_append_array(json_hostgroup_object, "hosts",
json_host_list);
json_object_append_object(json_data, "hostgroup",
Expand Down Expand Up @@ -4406,7 +4417,7 @@ json_object *json_archive_availability(unsigned format_options,
}
json_servicegroup_object = json_new_object();
json_object_append_string(json_servicegroup_object, "name",
temp_servicegroup->group_name);
&percent_escapes, temp_servicegroup->group_name);
json_object_append_array(json_servicegroup_object, "hosts",
json_service_list);
json_array_append_object(json_servicegroup_list,
Expand Down Expand Up @@ -4442,7 +4453,7 @@ json_object *json_archive_availability(unsigned format_options,
}
json_servicegroup_object = json_new_object();
json_object_append_string(json_servicegroup_object, "name",
servicegroup_selector->group_name);
&percent_escapes, servicegroup_selector->group_name);
json_object_append_array(json_servicegroup_object, "services",
json_service_list);
json_object_append_object(json_data, "servicegroup",
Expand Down Expand Up @@ -4543,7 +4554,8 @@ json_object *json_archive_host_availability(unsigned format_options,
json_host_availability = json_new_object();

if(name != NULL) {
json_object_append_string(json_host_availability, "name", name);
json_object_append_string(json_host_availability, "name",
&percent_escapes, name);
}

json_object_append_duration(json_host_availability, "time_up",
Expand Down Expand Up @@ -4578,11 +4590,11 @@ json_object *json_archive_service_availability(unsigned format_options,

if(host_name != NULL) {
json_object_append_string(json_service_availability, "host_name",
host_name);
&percent_escapes, host_name);
}
if(description != NULL) {
json_object_append_string(json_service_availability, "description",
description);
&percent_escapes, description);
}

json_object_append_duration(json_service_availability, "time_ok",
Expand Down

0 comments on commit 04c80dd

Please sign in to comment.