[Xymon] Regex escaping in 'cont=' test
John Thurston
john.thurston at alaska.gov
Fri Oct 6 19:45:15 CEST 2017
With eager fingers, I went to adjust my hosts.cfg, and .. ... no diff.
I've tried both single and double quotes. Single quotes caused nothing
to be parsed from the cont= tag. Double quotes made no difference in
behavior.
Maybe this is another oddity stemming from my ancient OS and underlying
libraries. (Solaris 10)
Do you see the behavior I described if you _don't_ wrap in quotes?
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
On 10/6/2017 9:21 AM, Ralph Mitchell wrote:
> Did you try quoting the entire 'cont;URL;[expected_data]" string?
>
> I just tried this:
>
> 192.168.1.4 xxxx.yyyy.com <http://xxxx.yyyy.com> #
> "cont;http://xxxx.yyyy.com/test.html <http://xxxx.yyyy.com/test.html>;<a
> href=\x22foo/bar\x22>"
>
> and the page source for the "info" column shows:
>
> <tr><th align=left>Content checks:</th><td align=left>
> <a href="http://xxxx.yyyy.com/test.html
> <http://xxxx.yyyy.com/test.html>">http://xxxx.yyyy.com/test.html
> <http://xxxx.yyyy.com/test.html></a> must return '<a
> href="foo/bar">'<br>
> </td></tr>
>
> so you can see it picked up the whole '<a href="foo/bar">' string. The
> test.html file on the server contains nothing but the opening and
> closing html/body tags, and the match string. If I change "foo" to
> "fod" in test.html, the match fails and if I change the leading "<" to a
> comma, the match also fails
>
>  http://xxxx.yyyy.com/test.html - Testing URL yields:
>
> ,a href="foo/bar">
>
> Ralph Mitchell
>
>
> On Wed, Oct 4, 2017 at 4:55 PM, John Thurston <john.thurston at alaska.gov
> <mailto:john.thurston at alaska.gov>> wrote:
>
> I'm fighting with the correct escaping and encoding for http content
> checks using the "cont=" tag:
>
> cont[=COLUMN];URL;[expected_data_regexp|#digesttype:digest]
> This tag is used to specify a http/https check, where it is also
> checked that specific content is present in the server response.
>
> . . .
>
> The regex is pre-processed for backslash "\" escape
> sequences. . .
>
>
> I can't find the expression to match the string:
> <a href="foo/bar">
> (Which I hope your email client isn't going to try to render as html!)
>
> The closest I can manage is:
> a\x20href=\x22foo/bar\x22>
>
> Where \x20 is an ASCII space, and \x22 is a double-quote
>
> If I put a leading \x3D (which is an equal-sign), that renders in
> the search string and obviously doesn't match my supplied content.
> If, however, I put a leading \x3C (which is the less-than sign) the
> rest of the expression is eaten and is not rendered. I've tried
> leading the \x3C with \x5C (which is a backslash), with no effect.
>
> I also tried leading with \x5C\x78\x33\x43 (which is \x3C), which
> renders as such, but does not match my string.
>
> The upshot is, I can match enough of my string to be unique on my
> page. But it seems like something isn't right in the regex escaping
> and cleansing for this test. The supplied string should be accepted
> as a string, but the "<" seems to be interpreted during the parsing
> instead.
>
> Can anyone else find a way to use a "<" in the regex of the cont= test?
>
>
> --
> Do things because you should, not just because you can.
>
> John Thurston 907-465-8591 <tel:907-465-8591>
> John.Thurston at alaska.gov <mailto:John.Thurston at alaska.gov>
> Department of Administration
> State of Alaska
More information about the Xymon
mailing list