Xymon Mailing List Archive search

Regex escaping in 'cont=' test

list Ralph Mitchell
Fri, 6 Oct 2017 13:21:58 -0400
Message-Id: <user-2441a14244c2@xymon.invalid>

Did you try quoting the entire 'cont;URL;[expected_data]" string?

I just tried this:

192.168.1.4   xxxx.yyyy.com        #  "cont;http://xxxx.yyyy.com/test.html;<a
href=\x22foo/bar\x22>"

and the page source for the "info" column shows:

<tr><th align=left>Content checks:</th><td align=left>
<a href="http://xxxx.yyyy.com/test.html">http://xxxx.yyyy.com/test.html</a>&nbsp;
must return '<a href="foo/bar">'<br>
</td></tr>

so you can see it picked up the whole  '<a href="foo/bar">' string.  The
test.html file on the server contains nothing but the opening and closing
html/body tags, and the match string.  If I change "foo" to "fod" in
test.html, the match fails and if I change the leading "<" to a comma, the
match also fails

      http://xxxx.yyyy.com/test.html - Testing URL yields:

      ,a href="foo/bar">

Ralph Mitchell


On Wed, Oct 4, 2017 at 4:55 PM, John Thurston <user-ce4d79d99bab@xymon.invalid>
wrote:

I'm fighting with the correct escaping and encoding for http content
checks using the "cont=" tag:

cont[=COLUMN];URL;[expected_data_regexp|#digesttype:digest]
  This tag is used to specify a http/https check, where it is also
  checked that specific content is present in the server response.

. . .

  The regex is pre-processed for backslash "\" escape sequences.  . .

I can't find the expression to match the string:
   <a href="foo/bar">
(Which I hope your email client isn't going to try to render as html!)

The closest I can manage is:
  a\x20href=\x22foo/bar\x22>

Where \x20 is an ASCII space, and \x22 is a double-quote

If I put a leading \x3D (which is an equal-sign), that renders in the
search string and obviously doesn't match my supplied content. If, however,
I put a leading \x3C (which is the less-than sign) the rest of the
expression is eaten and is not rendered. I've tried leading the \x3C with
\x5C (which is a backslash), with no effect.

I also tried leading with \x5C\x78\x33\x43 (which is \x3C), which renders
as such, but does not match my string.

The upshot is, I can match enough of my string to be unique on my page.
But it seems like something isn't right in the regex escaping and cleansing
for this test. The supplied string should be accepted as a string, but the
"<" seems to be interpreted during the parsing instead.

Can anyone else find a way to use a "<" in the regex of the cont= test?


--
   Do things because you should, not just because you can.

John Thurston    XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska