Affected Version
All versions since Druid expression was introduced.
Description
Each expression function can take different parameters depending on their implementation. For now, they just assume that the passed parameters are something what they want but never validate them. For example, strlen() function expects a single-valued parameter, but you can still do strlen(['a', 'b', 'c']) in your query which returns a string length of a hex string of an array currently. Instead, they should validate the given parameters before evaluating the expression, probably in validateArguments().
Affected Version
All versions since Druid expression was introduced.
Description
Each expression function can take different parameters depending on their implementation. For now, they just assume that the passed parameters are something what they want but never validate them. For example,
strlen()function expects a single-valued parameter, but you can still dostrlen(['a', 'b', 'c'])in your query which returns a string length of a hex string of an array currently. Instead, they should validate the given parameters before evaluating the expression, probably invalidateArguments().