Regex escaping in 'cont=' test 🔗 link

wrote:

I'm fighting with the correct escaping and encoding for http content
checks using the "cont=" tag:

cont[=COLUMN];URL;[expected_data_regexp|#digesttype:digest]

  This tag is used to specify a http/https check, where it is also
  checked that specific content is present in the server response.

. . .

  The regex is pre-processed for backslash "\" escape sequences.  . .

I can't find the expression to match the string:
   <a href="foo/bar">
(Which I hope your email client isn't going to try to render as html!)

The closest I can manage is:
  a\x20href=\x22foo/bar\x22>

Where \x20 is an ASCII space, and \x22 is a double-quote

If I put a leading \x3D (which is an equal-sign), that renders in the
search string and obviously doesn't match my supplied content. If, however,
I put a leading \x3C (which is the less-than sign) the rest of the
expression is eaten and is not rendered. I've tried leading the \x3C with
\x5C (which is a backslash), with no effect.

I also tried leading with \x5C\x78\x33\x43 (which is \x3C), which renders
as such, but does not match my string.

The upshot is, I can match enough of my string to be unique on my page.
But it seems like something isn't right in the regex escaping and cleansing
for this test. The supplied string should be accepted as a string, but the
"<" seems to be interpreted during the parsing instead.

Can anyone else find a way to use a "<" in the regex of the cont= test?


--
   Do things because you should, not just because you can.

John Thurston    XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska

On 10/6/2017 9:21 AM, Ralph Mitchell wrote:

Did you try quoting the entire 'cont;URL;[expected_data]" string?

I just tried this:

href=\x22foo/bar\x22>"

and the page source for the "info" column shows:

<tr><th align=left>Content checks:</th><td align=left>

href="foo/bar">'<br>
</td></tr>

so you can see it picked up the whole  '<a href="foo/bar">' string.  The
test.html file on the server contains nothing but the opening and
closing html/body tags, and the match string.  If I change "foo" to
"fod" in test.html, the match fails and if I change the leading "<" to a
comma, the match also fails

      http://xxxx.yyyy.com/test.html - Testing URL yields:

      ,a href="foo/bar">

Ralph Mitchell


On Wed, Oct 4, 2017 at 4:55 PM, John Thurston <user-ce4d79d99bab@xymon.invalid
<mailto:user-ce4d79d99bab@xymon.invalid>> wrote:

    I'm fighting with the correct escaping and encoding for http content
    checks using the "cont=" tag:

        cont[=COLUMN];URL;[expected_data_regexp|#digesttype:digest]
          This tag is used to specify a http/https check, where it is also
          checked that specific content is present in the server response.

    . . .

          The regex is pre-processed for backslash "\" escape
        sequences.  . .


    I can't find the expression to match the string:
       <a href="foo/bar">
    (Which I hope your email client isn't going to try to render as html!)

    The closest I can manage is:
      a\x20href=\x22foo/bar\x22>

    Where \x20 is an ASCII space, and \x22 is a double-quote

    If I put a leading \x3D (which is an equal-sign), that renders in
    the search string and obviously doesn't match my supplied content.
    If, however, I put a leading \x3C (which is the less-than sign) the
    rest of the expression is eaten and is not rendered. I've tried
    leading the \x3C with \x5C (which is a backslash), with no effect.

    I also tried leading with \x5C\x78\x33\x43 (which is \x3C), which
    renders as such, but does not match my string.

    The upshot is, I can match enough of my string to be unique on my
    page. But it seems like something isn't right in the regex escaping
    and cleansing for this test. The supplied string should be accepted
    as a string, but the "<" seems to be interpreted during the parsing
    instead.

    Can anyone else find a way to use a "<" in the regex of the cont= test?


    --
       Do things because you should, not just because you can.

wrote:

With eager fingers, I went to adjust my hosts.cfg, and .. ... no diff.
I've tried both single and double quotes. Single quotes caused nothing to
be parsed from the cont= tag. Double quotes made no difference in behavior.

Maybe this is another oddity stemming from my ancient OS and underlying
libraries. (Solaris 10)

Do you see the behavior I described if you _don't_ wrap in quotes?

--
   Do things because you should, not just because you can.

John Thurston    XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska

On 10/6/2017 9:21 AM, Ralph Mitchell wrote:

Did you try quoting the entire 'cont;URL;[expected_data]" string?

I just tried this:

192.168.1.4   xxxx.yyyy.com <http://xxxx.yyyy.com>;        #
"cont;http://xxxx.yyyy.com/test.html <http://xxxx.yyyy.com/test.html>;<a
href=\x22foo/bar\x22>"

and the page source for the "info" column shows:

<tr><th align=left>Content checks:</th><td align=left>
<a href="http://xxxx.yyyy.com/test.html
<http://xxxx.yyyy.com/test.html>">http://xxxx.yyyy.com/test.html
<http://xxxx.yyyy.com/test.html></a>&nbsp; must return '<a
href="foo/bar">'<br>
</td></tr>

so you can see it picked up the whole  '<a href="foo/bar">' string.  The
test.html file on the server contains nothing but the opening and
closing html/body tags, and the match string.  If I change "foo" to
"fod" in test.html, the match fails and if I change the leading "<" to a
comma, the match also fails

      http://xxxx.yyyy.com/test.html - Testing URL yields:

      ,a href="foo/bar">

Ralph Mitchell


On Wed, Oct 4, 2017 at 4:55 PM, John Thurston <user-ce4d79d99bab@xymon.invalid
<mailto:user-ce4d79d99bab@xymon.invalid>> wrote:

    I'm fighting with the correct escaping and encoding for http content
    checks using the "cont=" tag:

        cont[=COLUMN];URL;[expected_data_regexp|#digesttype:digest]
          This tag is used to specify a http/https check, where it is also
          checked that specific content is present in the server response.

    . . .

          The regex is pre-processed for backslash "\" escape
        sequences.  . .


    I can't find the expression to match the string:
       <a href="foo/bar">
    (Which I hope your email client isn't going to try to render as html!)

    The closest I can manage is:
      a\x20href=\x22foo/bar\x22>

    Where \x20 is an ASCII space, and \x22 is a double-quote

    If I put a leading \x3D (which is an equal-sign), that renders in
    the search string and obviously doesn't match my supplied content.
    If, however, I put a leading \x3C (which is the less-than sign) the
    rest of the expression is eaten and is not rendered. I've tried
    leading the \x3C with \x5C (which is a backslash), with no effect.

    I also tried leading with \x5C\x78\x33\x43 (which is \x3C), which
    renders as such, but does not match my string.

    The upshot is, I can match enough of my string to be unique on my
    page. But it seems like something isn't right in the regex escaping
    and cleansing for this test. The supplied string should be accepted
    as a string, but the "<" seems to be interpreted during the parsing
    instead.

    Can anyone else find a way to use a "<" in the regex of the cont=
test?


    --
       Do things because you should, not just because you can.

    John Thurston    XXX-XXX-XXXX <tel:XXX-XXX-XXXX>
    user-ce4d79d99bab@xymon.invalid <mailto:user-ce4d79d99bab@xymon.invalid>
    Department of Administration
    State of Alaska

On 10/6/2017 6:37 PM, Ralph Mitchell wrote:

Took the quotes out, had to change the space to \x20 to get it to show
in the info page.

Maybe the parser is broken in your version and fixed in mine, or vice
versa??  I'm running  Xymon 4.3.28-rc2 on CentOS 7.

--
    Do things because you should, not just because you can.

John Thurston    XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska