[Nagiosplug-devel] Guidelines

[Andreas Ericsson]

I've been going through the plugin guidelines and noticed a couple of 
weird things and hints in them, for example;

* "Print only one line of text"
This should be changed to "Always make sure the first line of output 
contains something useful", as it's usually useful to (by default) print 
any error messages later on so the user sees them when running them from 
command-line. I'd be happy to print a queuing system for error messages 
so they can be printed at plugin exit.

* "The plugins are copyrighted by their respective authors", and later 
on, "The copyright for the changes will then revert to the Nagios Plugin 
Development Team".
This second statement is just pure BS anyway, as the signover of 
copyrights requires a fair amount of paperwork and cannot be automated 
by a statement on a webpage. If anything, you can force authors to make 
their changes GPL'd (the GPL already states this explicitly, but it's 
still a good idea to make it painfully obvious on the webpage). The code 
submitted to the project *IS* GPL, but may be copyrighted by others. If 
those others choose to change the copyright of their copy of the code, 
they cannot make those changes apply retroactively to the code-versions 
in the nagiosplug repository.

* "Don't execute system commands without specifying their full path".
The reason given (trojans earlier in the path) is fairly moot given that 
if someone can add files to any element of the path the game is most 
certainly lost. It's good for making sure idiots don't write code that 
wildly spawn external programs though.

* "Validate all input"
Considering the fact that not a single plugin does this today (unless 
you're thinking validate_arguments()), this is just a waste of 
web-space. The fact that the spopen()-enabled plugins run commands on a 
large array of hosts which produce vastly different output, this turns 
somewhat impossible.

* "All network plugins should use DEFAULT_SOCKET_TIMEOUT to timeout".
For many plugins, this is largely meaningless as most of them can 
calculate how long they will have to run at a maximum before they return 
CRITICAL anyway (check_tcp with -w and -c flags, check_ping, etc). 
Having them hung in kernel-space when they'll still return CRITICAL 
won't make anybody happier.
This should be changed to "Use DEFAULT_SOCKET_TIMEOUT as default unless 
a value can be properly calculated".

* "In addition to the reserved options" .... and what follows.
I notice that there are no less than 4 of the 5 listed "standard" 
options that are supposed to denote username in one form or another. 
Please just drop this section entirely, or decide on ONE thing to use. 
the --url option, currently applying to a single plugin (check_http) 
isn't exactly what I would call "standard".


In addition, it would be nice to see a section called "Don't waste 
return values just so you can (possibly inaccurately) recalculate them 
later". Another section, named "Use the appropriate function for the 
job" would also be nice as well as "Prefer ANSI C over non-standard 
functions". For reasons to this, take a look at the use of strstr() 
(which isn't an intrinsic function) being used as strchr() (which IS an 
intrinsic function) in too many of the plugins, as well as strpbrk(), 
strspn() and friends.
All of those new sections could be bundled under "Optimization", which 
would then incorporate the "Allow sibling call optimizations" and "How 
To Make Life Easy For The Compiler".

end rant;

Sorry to those of you whom I'm sure took offense. None was actually 
intended.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer