A TTL value submitted as a string can cause the sensu-server to die.

[jbehrends]

We recently had a sensu-server die for a few days unknowingly. The last log entry before dieing was this:

{"timestamp":"2016-03-04T09:45:18.687212-0800","level":"warn","message":"reconnecting to redis"}
/opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/sensu-0.20.1/lib/sensu/server/process.rb:672:in `>=': comparison of Fixnum with String failed (ArgumentError)
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/sensu-0.20.1/lib/sensu/server/process.rb:672:in `block (5 levels) in determine_stale_check_results'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/em-redis-unified-1.0.0/lib/em-redis/redis_protocol.rb:489:in `call'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/em-redis-unified-1.0.0/lib/em-redis/redis_protocol.rb:489:in `dispatch_response'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/em-redis-unified-1.0.0/lib/em-redis/redis_protocol.rb:436:in `process_cmd'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/em-redis-unified-1.0.0/lib/em-redis/redis_protocol.rb:408:in `receive_data'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:in `run_machine'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:in `run'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/sensu-0.20.1/lib/sensu/server/process.rb:23:in `run'
    from /opt/sensu/embedded/lib/ruby/gems/2.0.0/gems/sensu-0.20.1/bin/sensu-server:10:in `<top (required)>'
    from /opt/sensu/bin/sensu-server:23:in `load'
    from /opt/sensu/bin/sensu-server:23:in `<main>'

Looking at the code, the line it's complaining about is this:
if time_since_last_execution >= check[:ttl]

After a bunch of digging I found that someone had implemented a script to emit check results to port 3030 on a client, and the script was quoting the ttl value when it should have been unquoted.

I'm running v0.20.1 of sensu, but looking at the most recent code on github it appears this would happen in the most recent version.

Sensu server OR client should validate this value is actually an integer and log if not vs killing the sensu server.

[skurylo]

We recently ran into this issue. I've created a pull request with a possible solution.

The draw back of my solution is if the user supplies something like "foo" for the ttl, it will be changed to a zero.

I'm happy to implement a different solution, such ignoring the event or ttl and logging an error message.

[portertech]

Result check TTL needs to be validated on input, i.e. https://github.com/sensu/sensu/blob/master/lib/sensu/client/socket.rb#L121

[portertech]

Going to expedite this fix/feature for 0.23.2 👍