Skip to content

Restore single-argument Json.decode() in the DSL#10914

Merged
julianbrost merged 2 commits into
Icinga:masterfrom
eimann:bugfix/json-decode-single-argument-10913
Jun 30, 2026
Merged

Restore single-argument Json.decode() in the DSL#10914
julianbrost merged 2 commits into
Icinga:masterfrom
eimann:bugfix/json-decode-single-argument-10913

Conversation

@eimann

@eimann eimann commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Please note: I based this against support/2.16 as the security fix isn't on master yet (also explained below). Also this is my first contribution to the Icinga code base. But as we are a heavy Icinga user and discovered the bug I took the chance.

Since 2.16.2, Json.decode("...") fails with Too few arguments for function, an undocumented breaking change in a patch release (reported in #10913).

Cause

The recursion depth limit added to JsonDecode() in 2.16.2 (ed163a8) gave the C++ function a second parameter with a default value:

Value JsonDecode(const String& data, size_t depthLimit = JsonDecodeDefaultDepthLimit);

The DSL binding in json-script.cpp passed this function pointer directly to Function. Required-argument count is deduced from the function-pointer arity via boost::function_types::function_arity, and function pointers do not carry default arguments — so the arity became 2 and Json.decode() started requiring two arguments.

Fix

Wrap JsonDecode() in a single-argument shim (mirroring the existing JsonEncodeShim) so the registered function keeps its one-parameter contract while still applying the default depth limit internally. The 2.16.2 security hardening is fully preserved.

Adds a regression test that invokes the registered Json.decode function with a single argument (it fails against the unfixed binding with the exact Too few arguments error).

Notes

  • Targets support/2.16: the regression exists only there. master never received the depth-limit change, so it is unaffected. When the depth limit is forward-ported to master, this shim should accompany it.

fixes #10913

@cla-bot

cla-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

Thank you for your pull request. Before we can look at it, you'll need to sign a Contributor License Agreement (CLA).

Please follow instructions at https://icinga.com/company/contributor-agreement to sign the CLA.

After that, please reply here with a comment and we'll verify.

Contributors that have not signed yet: @eimann

Details
  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Please contact us if you think this is the case.

  • If you signed the CLA as a corporation, your GitHub username may not have been submitted to us. Please reach out to the responsible person in your organization.

@eimann

eimann commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

CLA is now signed.

@bobapple

Copy link
Copy Markdown
Member

@cla-bot check

@cla-bot cla-bot Bot added the cla/signed label Jun 30, 2026
@julianbrost

Copy link
Copy Markdown
Member

Ugh, that's annoying, there always has to be something that everyone misses... :(

Thanks for looking into this!

  • Targets support/2.16: the regression exists only there. master never received the depth-limit change, so it is unaffected. When the depth limit is forward-ported to master, this shim should accompany it.

It now is with #10908, it's just that we did the changes to the master branch as regular GitHub PRs, so they took a bit longer to merge.

@julianbrost

Copy link
Copy Markdown
Member

@eimann Judging from that emoji reaction, you're reading these messages in a timely manner. At first sight, your changes look good, would you mind just rebasing them onto the master and changing the target branch of the PR accordingly? Or just let us know if you don't have time for this right now, then we'd just take over from here as we'll probably want to get this fix out rather quickly.

@julianbrost julianbrost added this to the 2.17.0 milestone Jun 30, 2026
@julianbrost julianbrost added bug Something isn't working area/configuration DSL, parser, compiler, error handling backport-to-support/2.15 PRs with this label will automatically be backported to the v2.15 support branch. backport-to-support/2.14 PRs with this label will automatically be backported to the v2.14 support branch. backport-to-support/2.16 PRs with this label will automatically be backported to the v2.16 support branch. labels Jun 30, 2026
@eimann

eimann commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Gimme a sec, I'll get it done :)

eimann added 2 commits June 30, 2026 10:42
The recursion depth limit added to JsonDecode() in 2.16.2 gave the C++
function a second parameter with a default value. Function pointers do not
carry default arguments, so the DSL function binding deduced an arity of 2
via boost::function_types::function_arity and required two arguments. As a
result `Json.decode("...")` failed with "Too few arguments for function",
an undocumented breaking change in a patch release.

Wrap JsonDecode() in a single-argument shim (mirroring the existing
JsonEncodeShim) so the registered function keeps its one-parameter contract
while still applying the default depth limit internally.

refs Icinga#10913
@eimann eimann force-pushed the bugfix/json-decode-single-argument-10913 branch from 7a8de11 to 326cbde Compare June 30, 2026 08:45
@eimann eimann changed the base branch from support/2.16 to master June 30, 2026 08:45
@eimann

eimann commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Should be good now. I also deployed 2.16.2 with the fix on our test system, loading the config fine. No more errors on icinga console.

@julianbrost

Copy link
Copy Markdown
Member

Hint for anyone who will have a look at the backported PRs: even if they are created without conflicts, the older support branches don't include the refactoring that auto-detects test cases and needs them to be added to CMakeLists additionally.

@julianbrost julianbrost enabled auto-merge June 30, 2026 09:18
@julianbrost

Copy link
Copy Markdown
Member

Oh come on GitHub, why are you showing the Actions checks as "Expected", not "Queued" (as it's shown in other PRs where the jobs wait for a slot)? Looks like we can wait a long time for them to run then...

Don't be confused that I'll close the PR. I'll reopen it immediately, maybe that helps GitHub to get things going.

auto-merge was automatically disabled June 30, 2026 09:24

Pull request was closed

@julianbrost julianbrost reopened this Jun 30, 2026
@julianbrost julianbrost enabled auto-merge June 30, 2026 09:26
@eimann

eimann commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Unfortunately this seems to be a GitHub issue since ~ 45-60 Minutes, we see it on private repos as well but github status is showing all green :(

@Al2Klimov

Copy link
Copy Markdown
Member

Ah, yes, the good old close/open PR trick @yhabteab told me not to use for GHA))

@julianbrost

Copy link
Copy Markdown
Member

Closing and re-opening the PR made the "approve workflow runs" button appear again. After clicking that one, they are running now. So looks like we're good now.

@eimann

eimann commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Looks like choco install -y winflexbison3 got a 503 for the Win32 build so it failed

@Al2Klimov

Copy link
Copy Markdown
Member

We can retry it only once Windows completes.

@julianbrost julianbrost merged commit 27528c6 into Icinga:master Jun 30, 2026
32 of 33 checks passed
@backbot-ci

backbot-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

Successfully created backport PR for support/2.15:

@backbot-ci

backbot-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

Backport failed for support/2.14, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin support/2.14
git worktree add -d .worktree/backport-10914-to-support/2.14 origin/support/2.14
cd .worktree/backport-10914-to-support/2.14
git switch --create backport-10914-to-support/2.14
git cherry-pick -x d29ac491f231d6831e98cc614902faed78718598 326cbde4476f5d5a5695dca5ef8b2492c0280053

@backbot-ci

backbot-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

Successfully created backport PR for support/2.16:

@julianbrost

Copy link
Copy Markdown
Member

Backport failed for support/2.14, because it was unable to cherry-pick the commit(s).

I'll take care of that one.

@eimann eimann deleted the bugfix/json-decode-single-argument-10913 branch July 1, 2026 05:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/configuration DSL, parser, compiler, error handling backport-to-support/2.14 PRs with this label will automatically be backported to the v2.14 support branch. backport-to-support/2.15 PRs with this label will automatically be backported to the v2.15 support branch. backport-to-support/2.16 PRs with this label will automatically be backported to the v2.16 support branch. bug Something isn't working cla/signed

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Json.decode function expects two parameters

4 participants