Ellipsis

Here’s a noobie mistake. A daemon I have running to report on new files being uploaded to a webserver started dying on me when the filenames had a ’%’ in them.

I was doing a complete ‘Duh!’ coding mistake. Take this program:

#!/usr/bin/ruby  -w
require 'syslog'

PROGRAM_NAME="testlog" 
LOG_FACILITY=Syslog::LOG_LOCAL2

$log=Syslog.open(PROGRAM_NAME, Syslog::LOG_PID, LOG_FACILITY)
$log.info("Starting args: " + ARGV.join(" "))

exit

If you run it:

t.rb my message

You’ll get this in the log file:

Oct 23 08:14:06 raymond testlog[7570]: Starting args: my message

However try this:

$ .rb my "%message" 

./t.rb:11:in `info': malformed format string - %m (ArgumentError)
        from ./t.rb:11

The problem is that syslog interprets ’%’ in the message string as a printf style format character. That’s the way of the underlying Unix library, like it or not. And the code will barf if you try @$log.info(“Starting args #{variable}”). The correct way to code is this:

$log.info("Starting args: %s", ARGV.join(" "))

and the ’%s’ gets the argument string value substituted in.

One could write here about the need to sanitize tainted input, but I won’t.