Plugin nagioscorepassivecheck Logging Fatal Errors #69
Description
Questionable use of a variable in SQL table name in server/plugins/nagioscorepassivecheck/nagioscorepassivecheck.inc.php
The only table that has column service_object_id, is nagios_servicestatus, so why use a variable in the name?
$sql = "UPDATE nagios_{$type}status
SET status_update_time = FROM_UNIXTIME({$time}),
has_been_checked = 1,
output = '{$output}',
long_output = '{$long_output}',
current_state = {$state},
state_type = {$state_type},
last_check = FROM_UNIXTIME({$time}),
check_type = 1,
execution_time = 0,
{$update_status_sql}
latency = 0
WHERE service_object_id = {$object_id}";
An instance has been reported on an Ubuntu 22 instance, where the log file is filling up with the following error:
[Mon Nov 18 11:40:41.537174 2024] [php:error] [pid 552303] [client 192.168.80.36:57068] PHP Fatal error: Uncaught mysqli_sql_exception:
Unknown column 'service_object_id' in 'where clause' in usr/local/nrdp/server/plugins/nagioscorepassivecheck/nagioscorepassivecheck.inc.php:480
Stack trace:
#0 /usr/local/nrdp/server/plugins/nagioscorepassivecheck/nagioscorepassivecheck.inc.php(480): mysqli->query()
#1 /usr/local/nrdp/server/plugins/nagioscorepassivecheck/nagioscorepassivecheck.inc.php(162): nrdp_write_check_output_to_ndo()
#2 /usr/local/nrdp/server/plugins/nagioscorepassivecheck/nagioscorepassivecheck.inc.php(44): nagioscorepassivecheck_submit_check_data()
#3 /usr/local/nrdp/server/includes/utils.inc.php(560): nagioscorepassivecheck_process_request()
#4 /usr/local/nrdp/server/index.php(103): do_callbacks()
#5 /usr/local/nrdp/server/index.php(80): route_request()
#6 {main}
thrown in /usr/local/nrdp/server/plugins/nagioscorepassivecheck/nagioscorepassivecheck.inc.php on line 480
This pattern could additionally match up with these tables that do not have the service_object_id column:
nagios_contactstatus
nagios_customvariablestatus
nagios_hoststatus
nagios_programstatus