Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache rawrequest escaping binary characters #4303

Merged
merged 2 commits into from Feb 20, 2023
Merged

Apache rawrequest escaping binary characters #4303

merged 2 commits into from Feb 20, 2023

Conversation

bazsi
Copy link
Collaborator

@bazsi bazsi commented Feb 1, 2023

This branch fixes #4274 by:

  1. making sure that apache style escaping in access.logs are parsed properly, even if it contains escaped binary characters
  2. on output uses \xXX escaping style for binary characters, instead of \uXXXX, which shouldn't be needed for control characters anyway.

This might still be a change compared to our 3.38 behaviour, I guess in that case these binary characters were considered a single field and then re-escaped as it was sent out in JSON to ElasticSearch.

So it was probably sent to Elastic as: "\\x16\\x03\\x01" Note the double backslashes.

This patch will make that use binary, e.g. elastic would receive the original: "\x16\x03\x01" string, which it would de-escape probably. So this is still a change compared to 3.38 but I think this behaviour is better than our previous one, as we are not able to process the binary characters properly.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 1, 2023

No news file has been detected. Please write one, if applicable.

@kira-syslogng
Copy link
Contributor

Build FAILURE

@bazsi
utf8utils: don't use \u escape sequences for control characters
4b41664 
This branch was only taken for control characters (e.g. below 32), so
\xXX sequences should be enough, no need for \u even if we are trying
to represent utf8 strings.

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
@bazsi
csv-scanner: decode \xXX sequences in addition to escaped special cha…
ae0291a 
…racters

Fixes syslog-ng#4274 that shows this access.log entry:

main:80 152.89.196.211 "-" - [23/Dec/2022:19:04:19 +0100] "\x16\x03\x01" 400 226 "-" "-"

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
@bazsi bazsi force-pushed the apache-rawrequest-escaping-binary-characters branch from 7db54da to ae0291a Compare February 7, 2023 11:40
MrAnno
MrAnno approved these changes Feb 20, 2023
View reviewed changes
Copy link
Collaborator

@MrAnno MrAnno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need a news entry for this.

@MrAnno MrAnno merged commit 70b99df into syslog-ng:master Feb 20, 2023
MrAnno added a commit to MrAnno/syslog-ng that referenced this pull request Feb 28, 2023
@MrAnno
news: add bugfix syslog-ng#4303
64aeb05 
Signed-off-by: László Várady <laszlo.varady@anno.io>
Genfood pushed a commit to Genfood/syslog-ng that referenced this pull request Jun 14, 2023
@MrAnno @Genfood
news: add bugfix syslog-ng#4303
65afe50 
Signed-off-by: László Várady <laszlo.varady@anno.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrAnno MrAnno MrAnno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Regression in rawrequest extraction with Apache SCL
3 participants
@bazsi @kira-syslogng @MrAnno