From d91d02619d4c1330b871a5418e436b2f81db533a Mon Sep 17 00:00:00 2001
From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>
Date: Thu, 27 Nov 2025 23:42:56 +0100
Subject: check_dig: Move flag parsing to parameter processing and out of main

The processing of the forbid-flags and the require-flags parameter
was done in the main function previous to this.
Since no further information is actually needed during runtime,
I moved the processing in the cli param processing stage to
reduce actual complexity later.
---
 plugins/check_dig.c          | 67 +++++++++++++++++---------------------------
 plugins/check_dig.d/config.h | 14 +++++----
 2 files changed, 34 insertions(+), 47 deletions(-)

(limited to 'plugins')

diff --git a/plugins/check_dig.c b/plugins/check_dig.c
index 2db0f66b..9ea19e6a 100644
--- a/plugins/check_dig.c
+++ b/plugins/check_dig.c
@@ -58,10 +58,6 @@ void print_usage(void);
 static int verbose = 0;
 
 /* helpers for flag parsing */
-typedef struct {
-	char **items;
-	size_t count;
-} flag_list;
 static flag_list parse_flags_line(const char *line);
 static flag_list split_csv_trim(const char *csv);
 static bool flag_list_contains(const flag_list *list, const char *needle);
@@ -208,49 +204,36 @@ int main(int argc, char **argv) {
 	}
 
 	/* Optional: evaluate dig flags only if -E/-X were provided */
-	if ((config.require_flags && *config.require_flags) ||
-		(config.forbid_flags && *config.forbid_flags)) {
-
+	if ((config.require_flags.count > 0) || (config.forbid_flags.count > 0)) {
 		if (dig_flags.count > 0) {
-
-			if (config.require_flags && *config.require_flags) {
-				flag_list req = split_csv_trim(config.require_flags);
-
-				for (size_t r = 0; r < req.count; r++) {
-					if (!flag_list_contains(&dig_flags, req.items[r])) {
-						result = STATE_CRITICAL;
-						if (!msg) {
-							xasprintf(&msg, _("Missing required DNS flag: %s"), req.items[r]);
-						} else {
-							char *newmsg = NULL;
-							xasprintf(&newmsg, _("%s; missing required DNS flag: %s"), msg,
-									  req.items[r]);
-							msg = newmsg;
-						}
+			for (size_t r = 0; r < config.require_flags.count; r++) {
+				if (!flag_list_contains(&dig_flags, config.require_flags.items[r])) {
+					result = STATE_CRITICAL;
+					if (!msg) {
+						xasprintf(&msg, _("Missing required DNS flag: %s"),
+								  config.require_flags.items[r]);
+					} else {
+						char *newmsg = NULL;
+						xasprintf(&newmsg, _("%s; missing required DNS flag: %s"), msg,
+								  config.require_flags.items[r]);
+						msg = newmsg;
 					}
 				}
-
-				free_flag_list(&req);
 			}
 
-			if (config.forbid_flags && *config.forbid_flags) {
-				flag_list bad = split_csv_trim(config.forbid_flags);
-
-				for (size_t r = 0; r < bad.count; r++) {
-					if (flag_list_contains(&dig_flags, bad.items[r])) {
-						result = STATE_CRITICAL;
-						if (!msg) {
-							xasprintf(&msg, _("Forbidden DNS flag present: %s"), bad.items[r]);
-						} else {
-							char *newmsg = NULL;
-							xasprintf(&newmsg, _("%s; forbidden DNS flag present: %s"), msg,
-									  bad.items[r]);
-							msg = newmsg;
-						}
+			for (size_t r = 0; r < config.forbid_flags.count; r++) {
+				if (flag_list_contains(&dig_flags, config.forbid_flags.items[r])) {
+					result = STATE_CRITICAL;
+					if (!msg) {
+						xasprintf(&msg, _("Forbidden DNS flag present: %s"),
+								  config.forbid_flags.items[r]);
+					} else {
+						char *newmsg = NULL;
+						xasprintf(&newmsg, _("%s; forbidden DNS flag present: %s"), msg,
+								  config.forbid_flags.items[r]);
+						msg = newmsg;
 					}
 				}
-
-				free_flag_list(&bad);
 			}
 		}
 	}
@@ -351,10 +334,10 @@ check_dig_config_wrapper process_arguments(int argc, char **argv) {
 			result.config.dig_args = strdup(optarg);
 			break;
 		case 'E': /* require flags */
-			result.config.require_flags = strdup(optarg);
+			result.config.require_flags = split_csv_trim(optarg);
 			break;
 		case 'X': /* forbid flags */
-			result.config.forbid_flags = strdup(optarg);
+			result.config.forbid_flags = split_csv_trim(optarg);
 			break;
 		case 'v': /* verbose */
 			verbose++;
diff --git a/plugins/check_dig.d/config.h b/plugins/check_dig.d/config.h
index 392848e5..dd1f58b5 100644
--- a/plugins/check_dig.d/config.h
+++ b/plugins/check_dig.d/config.h
@@ -7,6 +7,11 @@
 #define DEFAULT_PORT  53
 #define DEFAULT_TRIES 2
 
+typedef struct {
+	char **items;
+	size_t count;
+} flag_list;
+
 typedef struct {
 	char *query_address;
 	char *record_type;
@@ -19,8 +24,8 @@ typedef struct {
 
 	double warning_interval;
 	double critical_interval;
-	char *require_flags;
-	char *forbid_flags;
+	flag_list require_flags;
+	flag_list forbid_flags;
 } check_dig_config;
 
 check_dig_config check_dig_config_init() {
@@ -36,9 +41,8 @@ check_dig_config check_dig_config_init() {
 
 		.warning_interval = UNDEFINED,
 		.critical_interval = UNDEFINED,
-		.require_flags = NULL,
-		.forbid_flags = NULL,
-
+		.require_flags = {.count = 0, .items = NULL},
+		.forbid_flags = {.count = 0, .items = NULL},
 	};
 	return tmp;
 }
-- 
cgit v1.2.3-74-g34f1