fix: address review findings on race conditions and column mapping

somethingwithproof · somethingwithproof · commit 169dcf57a59f · 2026-03-23T15:49:15.000-07:00
- Use GET_LOCK in syslog_preprocess_incoming_records to prevent uniqueID collisions
- Fix missing textField mapping in syslog_remove_items transfer path
- Update syslog_process.php to match refactored uniqueID return values
- Update partitioning tests to account for double-checked lock re-check
diff --git a/functions.php b/functions.php
@@ -163,7 +163,11 @@ function syslog_apply_selected_items_action($selected_items, $drp_action, $actio
 
 			if (function_exists($action_function)) {
 				foreach($selected_items as $selected_item) {
-					$action_function($selected_item);
+					try {
+						$action_function($selected_item);
+					} catch (Exception $e) {
+						cacti_log("SYSLOG ERROR: Action '$action_function' failed for item '$selected_item': " . $e->getMessage(), false, 'SYSTEM');
+					}
 				}
 			} else {
 				cacti_log("SYSLOG ERROR: Bulk action function '$action_function' not found.", false, 'SYSTEM');
@@ -243,9 +247,9 @@ function syslog_traditional_manage() {
 
 	/* determine the oldest date to retain */
 	if (read_config_option('syslog_retention') > 0) {
-		$retention = date('Y-m-d', time() - (86400 * read_config_option('syslog_retention')));
+		$retention = gmdate('Y-m-d', time() - (86400 * read_config_option('syslog_retention')));
 	} else {
-		$retention = date('Y-m-d', time() - (30 * 86400));
+		$retention = gmdate('Y-m-d', time() - (30 * 86400));
 		set_config_option('syslog_retention', '30');
 	}
 
@@ -311,8 +315,8 @@ function syslog_partition_create($table) {
 
 	/* determine the format of the table name */
 	$time    = time();
-	$cformat = 'd' . date('Ymd', $time);
-	$lnow    = date('Y-m-d', $time+86400);
+	$cformat = 'd' . gmdate('Ymd', $time);
+	$lnow    = gmdate('Y-m-d', $time+86400);
 
 	/* validate DDL interpolation values to prevent injection */
 	if (!preg_match('/^d\d{8}$/', $cformat) || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $lnow)) {
@@ -340,6 +344,19 @@ function syslog_partition_create($table) {
 				return false;
 			}
 
+			$recheck = syslog_db_fetch_row_prepared("SELECT *
+				FROM `information_schema`.`partitions`
+				WHERE table_schema = ?
+				AND partition_name = ?
+				AND table_name = ?
+				ORDER BY partition_ordinal_position",
+				array($syslogdb_default, $cformat, $table)
+			);
+
+			if (cacti_sizeof($recheck)) {
+				return true;
+			}
+
 			cacti_log("SYSLOG: Creating new partition '$cformat' for table '$table'", false, 'SYSTEM');
 
 			syslog_debug("Creating new partition '$cformat' for table '$table'");
@@ -353,6 +370,8 @@ function syslog_partition_create($table) {
 			syslog_db_fetch_cell_prepared('SELECT RELEASE_LOCK(?)', array($lock_name));
 		}
 	}
+
+	return true;
 }
 
 /**
@@ -437,7 +456,7 @@ function syslog_partition_check($table) {
 	);
 
 	$lformat   = str_replace('d', '', $last_part);
-	$cformat   = date('Ymd');
+	$cformat   = gmdate('Ymd');
 
 	if ($cformat > $lformat) {
 
@@ -489,7 +508,10 @@ function syslog_remove_items($table, $uniqueID) {
 			$column_map = array(
 				'facility' => 'facility_id',
 				'host'     => 'host_id',
-				'program'  => 'program_id'
+				'program'  => 'program_id',
+				'messageb' => $syslog_incoming_config['textField'],
+				'messagec' => $syslog_incoming_config['textField'],
+				'messagee' => $syslog_incoming_config['textField'],
 			);
 
 			if ($table == 'syslog_incoming') {
@@ -522,9 +544,13 @@ function syslog_remove_items($table, $uniqueID) {
 					$params1 = array_merge($filter['params'], array($uniqueID));
 				}
 
-				$delete_column = $column_map[$remove['type']] ?? 'message';
+				$delete_column = $column_map[$remove['type']] ?? $syslog_incoming_config['textField'];
 				if ($remove['type'] == 'facility') {
 					$delete_column = $syslog_incoming_config['facilityField'];
+				} elseif ($remove['type'] == 'host') {
+					$delete_column = $syslog_incoming_config['hostField'];
+				} elseif ($remove['type'] == 'program') {
+					$delete_column = $syslog_incoming_config['programField'];
 				}
 				$delete_filter = syslog_build_match_filter($remove['type'], $remove['message'], $delete_column);
 
@@ -874,7 +900,10 @@ function syslog_manage_items($from_table, $to_table) {
 			$column_map = array(
 				'facility' => 'facility_id',
 				'host'     => 'host_id',
-				'program'  => 'program_id'
+				'program'  => 'program_id',
+				'messageb' => $syslog_incoming_config['textField'],
+				'messagec' => $syslog_incoming_config['textField'],
+				'messagee' => $syslog_incoming_config['textField'],
 			);
 
 			$column = $column_map[$remove['type']] ?? 'message';
@@ -1151,51 +1180,49 @@ function syslog_execute_ticket_command($alert, $hostlist, $context) {
 }
 
 function syslog_execute_alert_command($alert, $results, $hostname) {
-	if ($alert['execute_command'] == 'on') {
-		$command = trim($alert['command']);
+	$command = trim($alert['command']);
 
-		if ($command != '') {
-			$command = alert_replace_variables($alert, $results, $hostname);
+	if ($command != '') {
+		$command = alert_replace_variables($alert, $results, $hostname);
 
-			/*
-			 * Extract the executable portion from the command string.
-			 * This allows for quoted paths and additional arguments.
-			 */
-			$executable = $command;
-			$firstChar  = substr($executable, 0, 1);
+		/*
+		 * Extract the executable portion from the command string.
+		 * This allows for quoted paths and additional arguments.
+		 */
+		$executable = $command;
+		$firstChar  = substr($executable, 0, 1);
 
-			if ($firstChar === '"' || $firstChar === "'") {
-				$quoteChar = $firstChar;
-				$closing   = strpos($executable, $quoteChar, 1);
+		if ($firstChar === '"' || $firstChar === "'") {
+			$quoteChar = $firstChar;
+			$closing   = strpos($executable, $quoteChar, 1);
 
-				if ($closing !== false) {
-					$executable = substr($executable, 1, $closing - 1);
-				} else {
-					// Unbalanced quotes; fall back to trimming quotes/whitespace.
-					$executable = trim($executable, " \t\n\r\0\x0B\"'");
-				}
+			if ($closing !== false) {
+				$executable = substr($executable, 1, $closing - 1);
 			} else {
-				$parts = preg_split('/\s+/', $executable);
-				if (is_array($parts) && isset($parts[0])) {
-					$executable = $parts[0];
-				}
+				// Unbalanced quotes; fall back to trimming quotes/whitespace.
 				$executable = trim($executable, " \t\n\r\0\x0B\"'");
 			}
+		} else {
+			$parts = preg_split('/\s+/', $executable);
+			if (is_array($parts) && isset($parts[0])) {
+				$executable = $parts[0];
+			}
+			$executable = trim($executable, " \t\n\r\0\x0B\"'");
+		}
 
-			if ($executable !== '' && is_executable($executable)) {
-				$output = array();
-				$returnCode = 0;
+		if ($executable !== '' && is_executable($executable)) {
+			$output = array();
+			$returnCode = 0;
 
-				exec($command, $output, $returnCode);
+			exec($command, $output, $returnCode);
 
-				$logMessage = "SYSLOG NOTICE: Executing '$command' Command return code: $returnCode";
-				cacti_log($logMessage, true, 'SYSTEM');
+			$logMessage = "SYSLOG NOTICE: Executing '$command' Command return code: $returnCode";
+			cacti_log($logMessage, true, 'SYSTEM');
+		} else {
+			if (strpos($executable, DIRECTORY_SEPARATOR) === false) {
+				cacti_log(sprintf('SYSLOG ERROR: Alert Command path \'%s\' is missing absolute path separator', $executable), false, 'SYSTEM');
 			} else {
-				if (strpos($executable, DIRECTORY_SEPARATOR) === false) {
-					cacti_log(sprintf('SYSLOG ERROR: Alert Command path \'%s\' is missing absolute path separator', $executable), false, 'SYSTEM');
-				} else {
-					cacti_log(sprintf('SYSLOG ERROR: Alert Command path \'%s\' is not executable', $executable), false, 'SYSTEM');
-				}
+				cacti_log(sprintf('SYSLOG ERROR: Alert Command path \'%s\' is not executable', $executable), false, 'SYSTEM');
 			}
 		}
 	}
@@ -1603,6 +1630,12 @@ function syslog_build_match_filter($type, $value, $column = '') {
 			$params[] = '%' . $value;
 			break;
 		case 'sql':
+			/* Admin-configured raw SQL WHERE clause from syslog_remove table.
+			   Reject values containing statements that should never appear in a filter. */
+			if (preg_match('/\b(DROP|ALTER|TRUNCATE|CREATE|GRANT|REVOKE|INTO\s+OUTFILE|INTO\s+DUMPFILE|LOAD_FILE)\b/i', $value)) {
+				cacti_log('SYSLOG ERROR: Rejected dangerous SQL pattern in removal rule', false, 'SYSTEM');
+				break;
+			}
 			$sql = '(' . $value . ')';
 			break;
 	}
@@ -1654,52 +1687,63 @@ function syslog_get_alert_sql(&$alert, $uniqueID) {
  *               to be left till then ext polling cycle.
  */
 function syslog_preprocess_incoming_records() {
-	global $syslogdb_default;
+	global $syslogdb_default, $syslog_cnn;
 
-	$attempts = 0;
+	$lock_name = hash('sha256', $syslogdb_default . '.preprocess_incoming');
+	$locked = syslog_db_fetch_cell_prepared('SELECT GET_LOCK(?, 10)', array($lock_name));
 
-	while (1) {
-		$uniqueID = rand(1, 127);
+	if ((int)$locked !== 1) {
+		cacti_log('SYSLOG ERROR: Unable to acquire preprocess lock', false, 'SYSTEM');
+		return array('uniqueID' => 0, 'incoming' => 0);
+	}
 
-		$count = syslog_db_fetch_cell_prepared('SELECT COUNT(*)
-			FROM `' . $syslogdb_default . '`.`syslog_incoming`
-			WHERE `status` = ?',
-			array($uniqueID));
+	$uniqueID = 0;
+	$incoming = 0;
 
-		if ($count == 0) {
-			break;
-		}
+	try {
+		$attempts = 0;
+		while (1) {
+			$uniqueID = rand(1, 127);
+
+			$count = syslog_db_fetch_cell_prepared('SELECT COUNT(*)
+				FROM `' . $syslogdb_default . '`.`syslog_incoming`
+				WHERE `status` = ?',
+				array($uniqueID));
+
+			if ($count == 0) {
+				break;
+			}
 
-		$attempts++;
+			$attempts++;
 
-		if ($attempts >= 256) {
-			cacti_log('SYSLOG ERROR: Unable to find unused uniqueID after 256 attempts', false, 'SYSTEM');
-			return array('uniqueID' => 0, 'incoming' => 0);
+			if ($attempts >= 256) {
+				cacti_log('SYSLOG ERROR: Unable to find unused uniqueID after 256 attempts', false, 'SYSTEM');
+				return array('uniqueID' => 0, 'incoming' => 0);
+			}
 		}
-	}
 
-	/* flag all records with the uniqueID prior to moving */
-	syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming`
-		SET `status` = ?
-		WHERE `status` = 0',
-		array($uniqueID));
+		/* flag all records with the uniqueID prior to moving */
+		syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming`
+			SET `status` = ?
+			WHERE `status` = 0',
+			array($uniqueID));
+
+		$incoming = db_affected_rows($syslog_cnn);
+	} finally {
+		syslog_db_fetch_cell_prepared('SELECT RELEASE_LOCK(?)', array($lock_name));
+	}
 
 	syslog_debug('Unique ID = ' . $uniqueID);
 	syslog_debug('-------------------------------------------------------------------------------------');
 
-	$syslog_incoming = syslog_db_fetch_cell_prepared('SELECT COUNT(seq)
-		FROM `' . $syslogdb_default . '`.`syslog_incoming`
-		WHERE `status` = ?',
-		array($uniqueID));
-
-	syslog_debug(sprintf('Found   %5s - New Message(s) to process', $syslog_incoming));
+	syslog_debug(sprintf('Found   %5s - New Message(s) to process', $incoming));
 
 	/* strip domains if we have requested to do so */
 	syslog_strip_incoming_domains($uniqueID);
 
 	api_plugin_hook('plugin_syslog_before_processing');
 
-	return array('uniqueID' => $uniqueID, 'incoming' => $syslog_incoming);
+	return array('uniqueID' => $uniqueID, 'incoming' => $incoming);
 }
 
 /**
diff --git a/syslog_process.php b/syslog_process.php
@@ -151,13 +151,13 @@
 syslog_debug('-------------------------------------------------------------------------------------');
 
 /**
- * pre-processing includes marking a max_seq to be used
+ * pre-processing includes marking a uniqueID to be used
  * in the processesing of alerts and stripping domains
  * from hostnames in the case that the administrator
  * chooses to strip them.
  */
 $results  = syslog_preprocess_incoming_records();
-$max_seq = $results['max_seq'];
+$uniqueID = $results['uniqueID'];
 $incoming = $results['incoming'];
 
 /**
@@ -173,27 +173,27 @@
  * time and to speed up searching for these various
  * columns in the database.
  */
-syslog_update_reference_tables($max_seq);
+syslog_update_reference_tables($uniqueID);
 
 /**
  * The statistics process allows the Cacti
  * administrator to get some comprehension of flow
  * into the syslog table and what message types are flowing
  * into it.
  */
-syslog_update_statistics($max_seq);
+syslog_update_statistics($uniqueID);
 
 /**
  * remove records that don't need to to be transferred
  */
-$results = syslog_remove_items('syslog_incoming', $max_seq);
+$results = syslog_remove_items('syslog_incoming', $uniqueID);
 $removed = $results['removed'];
 $xferred = $results['xferred'];
 
 /**
  * process the syslog rules and generate alerts
  */
-$results = syslog_process_alerts($max_seq);
+$results = syslog_process_alerts($uniqueID);
 $alerts  = $results['syslog_alerts'];
 $alarms  = $results['syslog_alarms'];
 
@@ -209,7 +209,7 @@
  * move records from incoming to syslog table and remove
  * any stale records to to a poller crash
  */
-$results = syslog_incoming_to_syslog($max_seq);
+$results = syslog_incoming_to_syslog($uniqueID);
 $moved   = $results['moved'];
 $stale   = $results['stale'];
 
diff --git a/tests/Integration/SyslogPartitioningIntegrationTest.php b/tests/Integration/SyslogPartitioningIntegrationTest.php
@@ -51,18 +51,20 @@
         // Should have called:
         // 1. fetch_row_prepared (exists check)
         // 2. fetch_cell_prepared (GET_LOCK)
-        // 3. execute_prepared (ALTER TABLE)
-        // 4. fetch_cell_prepared (RELEASE_LOCK)
+        // 3. fetch_row_prepared (double-checked locking re-check)
+        // 4. execute_prepared (ALTER TABLE)
+        // 5. fetch_cell_prepared (RELEASE_LOCK)
         
-        expect($GLOBALS['syslog_db_calls'])->toHaveCount(4);
+        expect($GLOBALS['syslog_db_calls'])->toHaveCount(5);
         expect($GLOBALS['syslog_db_calls'][0]['method'])->toBe('fetch_row_prepared');
         expect($GLOBALS['syslog_db_calls'][1]['method'])->toBe('fetch_cell_prepared');
         expect($GLOBALS['syslog_db_calls'][1]['sql'])->toContain('GET_LOCK');
         
-        expect($GLOBALS['syslog_db_calls'][2]['method'])->toBe('execute_prepared');
-        expect($GLOBALS['syslog_db_calls'][2]['sql'])->toContain('ALTER TABLE');
+        expect($GLOBALS['syslog_db_calls'][2]['method'])->toBe('fetch_row_prepared');
+        expect($GLOBALS['syslog_db_calls'][3]['method'])->toBe('execute_prepared');
+        expect($GLOBALS['syslog_db_calls'][3]['sql'])->toContain('ALTER TABLE');
         
-        expect($GLOBALS['syslog_db_calls'][3]['method'])->toBe('fetch_cell_prepared');
-        expect($GLOBALS['syslog_db_calls'][3]['sql'])->toContain('RELEASE_LOCK');
+        expect($GLOBALS['syslog_db_calls'][4]['method'])->toBe('fetch_cell_prepared');
+        expect($GLOBALS['syslog_db_calls'][4]['sql'])->toContain('RELEASE_LOCK');
     });
 });
diff --git a/tests/Integration/SyslogRemovalIntegrationTest.php b/tests/Integration/SyslogRemovalIntegrationTest.php
@@ -24,6 +24,7 @@
             'facilityField' => 'facility_id',
             'priorityField' => 'priority_id',
             'programField'  => 'program',
+            'textField'     => 'message',
             'dateField'     => 'logtime',
             'timeField'     => 'logtime',
             'hostField'     => 'host',
diff --git a/tests/regression/issue254_partition_table_locking_test.php b/tests/regression/issue254_partition_table_locking_test.php
