[ZBX-10449] Trigger function last() for text values can be legally used in expressions Created: 2016 Feb 24  Updated: 2019 Dec 10

Status: Open
Project: ZABBIX BUGS AND ISSUES
Component/s: Documentation (D), Frontend (F), Server (S)
Affects Version/s: 3.0.0
Fix Version/s: None

Type: Incident report Priority: Trivial
Reporter: Glebs Ivanovskis (Inactive) Assignee: Alexander Vladishev
Resolution: Unresolved Votes: 2
Labels: expressions, strings, triggerfunctions
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2018-03-03 at 10.45.50.png    
Issue Links:
Duplicate
is duplicated by ZBX-11369 Last() don't work with char/text Closed
is duplicated by ZBX-11776 Trigger issue when dealing with text Closed

 Description   

Documentation says that supported item types for last() and prev() trigger functions are float, int, str, text, log and result type is same as input type. This leads to several problems.

  1. Confusion. Support of string output values of trigger functions makes user think that strings can be directly operated upon in expressions. For example, compared using "=", "<", ">", "<=", ">=" and "<>" operators. This is not true.
  2. Injection. Generally speaking, text value inserted instead of numeric value will break expression evaluation. But strings like "2+2" or "1G" can exploit our way of evaluating expressions and silently produce invalid result.
  3. Unexpected result. If someone will use previous "feature" intentionally, he might get not what he expects. For example, expression "2*{host:key.last()}" for "2+2" will evaluate to 6, not 8.

Different solutions are possible and therefore different components will need to be fixed.

  1. Prohibit last() and prev() usage for string, text and log items. I struggle to imagine any use for them without ZBXNEXT-702/ZBXNEXT-1316 functionality.
  2. Validate values for being numeric before insertion like we do for macros.


 Comments   
Comment by Aleksandrs Saveljevs [ 2016 Feb 29 ]

Initially discussed in ZBX-10429. Note that after the fix in ZBX-10429 expression "2*{host:key.last()}" for "2+2" evaluates to 8, not 6.

Comment by Oleg Ivanivskyi [ 2018 Mar 03 ]

The testing trigger form doesn't accept text value in the Frontend also. The test item has "text" value type but value in the testing form accepts numeric value only (see screenshot).

Comment by Glebs Ivanovskis [ 2018 Sep 19 ]

Causing some confusion in ZBX-14869.

Generated at Thu Mar 28 22:51:24 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.