Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10449

Trigger function last() for text values can be legally used in expressions

    XMLWordPrintable

    Details

      Description

      Documentation says that supported item types for last() and prev() trigger functions are float, int, str, text, log and result type is same as input type. This leads to several problems.

      1. Confusion. Support of string output values of trigger functions makes user think that strings can be directly operated upon in expressions. For example, compared using "=", "<", ">", "<=", ">=" and "<>" operators. This is not true.
      2. Injection. Generally speaking, text value inserted instead of numeric value will break expression evaluation. But strings like "2+2" or "1G" can exploit our way of evaluating expressions and silently produce invalid result.
      3. Unexpected result. If someone will use previous "feature" intentionally, he might get not what he expects. For example, expression "2*{host:key.last()}" for "2+2" will evaluate to 6, not 8.

      Different solutions are possible and therefore different components will need to be fixed.

      1. Prohibit last() and prev() usage for string, text and log items. I struggle to imagine any use for them without ZBXNEXT-702/ZBXNEXT-1316 functionality.
      2. Validate values for being numeric before insertion like we do for macros.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sasha Alexander Vladishev
              Reporter:
              glebs.ivanovskis Glebs Ivanovskis (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: