[ZBX-10199] backslash is not escaped in API response (at least in event.get and trigger.get) Created: 2015 Dec 24  Updated: 2017 May 30  Resolved: 2016 Jan 26

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A)
Affects Version/s: 2.4.5, 3.0.0alpha5
Fix Version/s: None

Type: Incident report Priority: Major
Reporter: Vitaly Zhuravlev Assignee: Unassigned
Resolution: Won't fix Votes: 0
Labels: api, escaping, json
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File backslash description.PNG    

 Description   

\ is not escaped in API response with another \

But it should be as JSON spec suggests:
http://www.json.org/
http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf

Not escaping backslash means that Zabbix would returns invalid JSON object.

How to reproduce
1. Put a backslash inside a trigger's description in Zabbix somewhere. To make it more meanful, it could be a Windows performance counter's description:

\?????????? ????(_Total)\% ?????????? ????? - ??? ?? ????? ???????, ????? ??????? ???? ??????? ?? ??????? ????? ?????????? ???????????.

2. Now grab triggers with API:

{
    "jsonrpc": "2.0",
    "method": "trigger.get",
    "params": {
        "output": "extend",
        "filter": {"triggerid":13096}
    },
    "auth": "ab092dc5a9436b548db72cec71287eae",
    "id": 1
}

you will get an object:

{
  "jsonrpc": "2.0",
  "result": [
    {
      "triggerid": "13096",
        "expression": "({880099}>80)and({880100}=0)",
        "description": "[PERF.HDD] ??????? ???? ??????? ?????? ????????: {ITEM.LASTVALUE}%",
      "url": "",
      "status": "0",
      "value": "0",
      "priority": "3",
      "lastchange": "0",
      "comments": "\?????????? ????(_Total)\% ?????????? ????? - ??? ?? ????? ???????, ????? ??????? ???? ??????? ?? ??????? ????? ?????????? ???????????.",
      "error": "",
      "templateid": "0",
      "type": "0",
      "state": "0",
      "flags": "0"
    }
  ],
  "id": 1
}

That is not a valid JSON object because \ is not escaped with another backslash inside the string comments . Can be double checked by pasting it to https://jsonformatter.curiousconcept.com

Checked on 2.4.2 and 3.0 alpha5

 Comments   
Comment by richlv [ 2015 Dec 25 ]

also see ZBX-5116 (excess escaping and newlines in api xml export)

Comment by Vitaly Zhuravlev [ 2016 Jan 11 ]

Some environment about where bug could be found:

OS: Debian 7: Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64

PHP: PHP 5.4.39-0+deb7u2 (cli) (built: Mar 25 2015 08:33:29) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

PHP JSON:
json version => 1.2.1

and another installation where I got this bug:

OS: Debian 7: Linux 3.2.0-2-amd64 #1 SMP Fri Jun 1 17:49:08 UTC 2012 x86_64

PHP: PHP 5.4.5-dev (cli) (built: May 31 2012 09:26:33) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

json version => 1.2.1
Comment by Vitaly Zhuravlev [ 2016 Jan 12 ]

gunarspujats, It seems that the problem is with my API client, I checked raw TCP packets and found that everything is properly escaped. Sorry for this time waster

gunarspujats Thank for the info, it's good that we finally resolved this issue

Generated at Sat Apr 20 00:35:09 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.