Syntax error at offset #143
Comments
|
Thanks for this very detailed report, I'll replace the escape function to handle more characters. FYI, I didn't use the Redis TAGS for the values. |
…character and conversion error for the groupby Signed-off-by: Thomas Labarussias <[email protected]>
…character and conversion error for the groupby Signed-off-by: Thomas Labarussias <[email protected]>
|
The PR #145 fixes that issue, it will be included in the next release. The ETA is before summer. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
|
Rotten issues close after 30d of inactivity. Reopen the issue with Mark the issue as fresh with Provide feedback via https://github.com/falcosecurity/community. |
|
@poiana: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Describe the bug
We are getting the error
Syntax error at offsetin our logs. The occurs when any special character of,.<>{}[]"':;!@#$%^&*()+=~is added to theSearchbar of theEventssection in the UI.How to reproduce it
Install the Falco Helm chart with Falcosidekick (using version
4.3.0, which corresponds to app version0.37.1) and search for an event (with any of the following special character:,.<>{}[]"':;!@#$%^&*()+=~) in theSearchbar of theEventssection.Expected behaviour
No
Syntax error at offsetwhen special characters,.<>{}[]"':;!@#$%^&*()+=~is added to theSearchbar of theEventssection in the UI.Screenshots
When I search for the event time
06:47:14:398, that has the special character:, I get the error:But then when I properly escape the
:using\(i.e.,06\:47\:14\:398), I don't get the error:Environment
0.37.1
Linux version 5.15.148.2-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) UI updates #1 SMP Fri Feb 23 23:44:30 UTC 2024
AKS
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.10
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
/app $
Linux falco-falcosidekick-ui-5f89b8bc9d-zn869 5.15.148.2-2.cm2 UI updates #1 SMP Fri Feb 23 23:44:30 UTC 2024 x86_64 Linux
Kubernetes
Additional context
I believe the issue occurs with the API call
/api/v1/events/count/:groupbythat calls theCountByfunction, then theCountKeyByfunction, then thenewQueryfunction that calls the erroneousEscapefunction that doesn’t escape all punctuation correctly (see screenshot below). The function correctly escapes hyphens (with the use of a single backslash), but then incorrectly escapes forward slashes and periods by using two backslashes (and omits all other special characters). This is why when we put one of those characters in the search field, we get the error.In Redis, when you query for tags that contain punctuation, you must escape that punctuation with a backslash character (). If not, then you’ll get the error we are seeing (see: https://redis.io/docs/latest/develop/interact/search-and-query/advanced-concepts/tags/ and https://redis.io/docs/latest/develop/interact/search-and-query/advanced-concepts/escaping/).
The text was updated successfully, but these errors were encountered: