Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10449

Trigger function last() for text values can be legally used in expressions

    XMLWordPrintable

Details

    Description

      Documentation says that supported item types for last() and prev() trigger functions are float, int, str, text, log and result type is same as input type. This leads to several problems.

      1. Confusion. Support of string output values of trigger functions makes user think that strings can be directly operated upon in expressions. For example, compared using "=", "<", ">", "<=", ">=" and "<>" operators. This is not true.
      2. Injection. Generally speaking, text value inserted instead of numeric value will break expression evaluation. But strings like "2+2" or "1G" can exploit our way of evaluating expressions and silently produce invalid result.
      3. Unexpected result. If someone will use previous "feature" intentionally, he might get not what he expects. For example, expression "2*{host:key.last()}" for "2+2" will evaluate to 6, not 8.

      Different solutions are possible and therefore different components will need to be fixed.

      1. Prohibit last() and prev() usage for string, text and log items. I struggle to imagine any use for them without ZBXNEXT-702/ZBXNEXT-1316 functionality.
      2. Validate values for being numeric before insertion like we do for macros.

      Attachments

        Issue Links

          Activity

            People

              sasha Alexander Vladishev
              glebs.ivanovskis Glebs Ivanovskis (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: