[ZBX-12963] Unable to pass $ sign to external check Created: 2017 Oct 30 Updated: 2024 Apr 10 Resolved: 2018 Nov 02 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F), Proxy (P), Server (S) |
Affects Version/s: | None |
Fix Version/s: | 4.2 (plan) |
Type: | Problem report | Priority: | Minor |
Reporter: | Vitaly Zhuravlev | Assignee: | Martins Valkovskis |
Resolution: | Fixed | Votes: | 0 |
Labels: | externalchecks | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
||||||||
Team: | Team D | ||||||||
Sprint: | Sprint 23, Sprint 24, Sprint 46, Nov 2018 | ||||||||
Story Points: | 1 |
Description |
Unable to pass argument to external check containing literal $ since everything is wrapped in double quotes. Escaping $ doesn't work also since sequence \${code} would become
svn blame svn://svn.zabbix.com/trunk/src/zabbix_server/poller/checks_external.c 49450 wiper param_esc = zbx_dyn_escape_string(param, "\"\\"); 49450 wiper zbx_snprintf_alloc(&cmd, &cmd_alloc, &cmd_offset, " \"%s\"", param_esc); Steps to reproduce: script.sh[login,passwor$d] and file script.sh #!/bin/bash echo $1 $2 Result: login passwor Expected: login passwor$d Suggested zabbix key -> command script.sh[login,passwor$d] -> script.sh 'login' 'passwor$d' script.sh['login','passwor$d'] -> script.sh 'login' 'passwor$d' script.sh["login","passwor$d"] -> script.sh "login" "passwor$d" |
Comments |
Comment by Glebs Ivanovskis (Inactive) [ 2017 Oct 30 ] |
wiper isn't guilty, this logic is since palivoda Do you agree with suggested solution? - glebs.ivanovskis glebs.ivanovskis I have no idea how to fix this without breaking backwards compatibility. |
Comment by Glebs Ivanovskis (Inactive) [ 2017 Nov 01 ] |
This problem partially stems from the fact that we have very permissive item key parameter syntax and poorly thought-through quoting/escaping rules. This does not allow us to introduce "parameter preprocessing options" for escaping shell special characters, ignoring macros, etc. If item key parameters required all strings to be quoted and allowed only numeric values to be unquoted solution for this problem could look like: script.sh[escape_shell_spec_chars("login"), escape_shell_spec_chars("passwor$d")] |
Comment by Sergejs Paskevics [ 2017 Dec 13 ] |
Resolved in svn://svn.zabbix.com/branches/dev/ZBX-12963 |
Comment by Sergejs Paskevics [ 2018 Jan 03 ] |
Implemented in 4.0.0alpha2 (trunk) in r76522. |
Comment by richlv [ 2018 Feb 12 ] |
(1) the what's new entry at https://zabbix.com/documentation/4.0/manual/introduction/whatsnew400 says :
three potential issues here :
it might be worth also changing "wrapped to" to "wrapped in", and maybe changing "sign" to more common "character" or "symbol". martins-v Thanks, richlv for the useful suggestions. The wording has been updated. RESOLVED sasha CLOSED |