From 2324a11c1328f83d982a3b8de8a32b12626282a5 Mon Sep 17 00:00:00 2001 From: Alex Kesler Date: Wed, 12 Feb 2025 11:08:19 -0700 Subject: [PATCH] Replace Fastly VCL cstr_escape w/ json.escape --- docs/integrations/saas-cloud/fastly.md | 116 ++++++++++++------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/docs/integrations/saas-cloud/fastly.md b/docs/integrations/saas-cloud/fastly.md index 4045dbe58e..a8e7ad6b93 100644 --- a/docs/integrations/saas-cloud/fastly.md +++ b/docs/integrations/saas-cloud/fastly.md @@ -69,39 +69,39 @@ When you configure the Sumo Logic endpoint in Fastly: "protocol": "%{req.proto}V", "host": "%{req.http.Fastly-Orig-Host}V", "origin_host": "%{req.http.Host}V", - "url": "%{cstr_escape(req.url)}V", + "url": "%{json.escape(req.url)}V", "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V", "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V", - "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V", - "tls_client_servername": "%{cstr_escape(tls.client.servername)}V", - "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V", - "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V", - "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V", + "tls_client_protocol": "%{json.escape(tls.client.protocol)}V", + "tls_client_servername": "%{json.escape(tls.client.servername)}V", + "tls_client_cipher": "%{json.escape(tls.client.cipher)}V", + "tls_client_cipher_sha": "%{json.escape(tls.client.ciphers_sha)}V", + "tls_client_tlsexts_sha": "%{json.escape(tls.client.tlsexts_sha)}V", "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V", "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V", "h2_stream_id": "%{fastly_info.h2.stream_id}V", - "request_referer": "%{cstr_escape(req.http.Referer)}V", - "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V", - "request_accept_content": "%{cstr_escape(req.http.Accept)}V", - "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V", - "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V", - "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V", - "request_connection": "%{cstr_escape(req.http.Connection)}V", - "request_dnt": "%{cstr_escape(req.http.DNT)}V", - "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V", - "request_via": "%{cstr_escape(req.http.Via)}V", - "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V", - "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V", - "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V", + "request_referer": "%{json.escape(req.http.Referer)}V", + "request_user_agent": "%{json.escape(req.http.User-Agent)}V", + "request_accept_content": "%{json.escape(req.http.Accept)}V", + "request_accept_language": "%{json.escape(req.http.Accept-Language)}V", + "request_accept_encoding": "%{json.escape(req.http.Accept-Encoding)}V", + "request_accept_charset": "%{json.escape(req.http.Accept-Charset)}V", + "request_connection": "%{json.escape(req.http.Connection)}V", + "request_dnt": "%{json.escape(req.http.DNT)}V", + "request_forwarded": "%{json.escape(req.http.Forwarded)}V", + "request_via": "%{json.escape(req.http.Via)}V", + "request_cache_control": "%{json.escape(req.http.Cache-Control)}V", + "request_x_requested_with": "%{json.escape(req.http.X-Requested-With)}V", + "request_x_forwarded_for": "%{json.escape(req.http.X-Forwarded-For)}V", "status": "%{resp.status}V", - "content_type": "%{cstr_escape(resp.http.Content-Type)}V", + "content_type": "%{json.escape(resp.http.Content-Type)}V", "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V", "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V", - "response_age": "%{cstr_escape(resp.http.Age)}V", - "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V", - "response_expires": "%{cstr_escape(resp.http.Expires)}V", - "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V", - "response_tsv": "%{cstr_escape(resp.http.TSV)}V", + "response_age": "%{json.escape(resp.http.Age)}V", + "response_cache_control": "%{json.escape(resp.http.Cache-Control)}V", + "response_expires": "%{json.escape(resp.http.Expires)}V", + "response_last_modified": "%{json.escape(resp.http.Last-Modified)}V", + "response_tsv": "%{json.escape(resp.http.TSV)}V", "geo_datacenter": "%{server.datacenter}V", "geo_city": "%{client.geo.city}V", "geo_country_code": "%{client.geo.country_code}V", @@ -152,39 +152,39 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda "protocol": "%{req.proto}V", "host": "%{req.http.Fastly-Orig-Host}V", "origin_host": "%{req.http.Host}V", - "url": "%{cstr_escape(req.url)}V", + "url": "%{json.escape(req.url)}V", "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V", "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V", - "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V", - "tls_client_servername": "%{cstr_escape(tls.client.servername)}V", - "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V", - "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V", - "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V", + "tls_client_protocol": "%{json.escape(tls.client.protocol)}V", + "tls_client_servername": "%{json.escape(tls.client.servername)}V", + "tls_client_cipher": "%{json.escape(tls.client.cipher)}V", + "tls_client_cipher_sha": "%{json.escape(tls.client.ciphers_sha)}V", + "tls_client_tlsexts_sha": "%{json.escape(tls.client.tlsexts_sha)}V", "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V", "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V", "h2_stream_id": "%{fastly_info.h2.stream_id}V", - "request_referer": "%{cstr_escape(req.http.Referer)}V", - "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V", - "request_accept_content": "%{cstr_escape(req.http.Accept)}V", - "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V", - "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V", - "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V", - "request_connection": "%{cstr_escape(req.http.Connection)}V", - "request_dnt": "%{cstr_escape(req.http.DNT)}V", - "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V", - "request_via": "%{cstr_escape(req.http.Via)}V", - "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V", - "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V", - "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V", + "request_referer": "%{json.escape(req.http.Referer)}V", + "request_user_agent": "%{json.escape(req.http.User-Agent)}V", + "request_accept_content": "%{json.escape(req.http.Accept)}V", + "request_accept_language": "%{json.escape(req.http.Accept-Language)}V", + "request_accept_encoding": "%{json.escape(req.http.Accept-Encoding)}V", + "request_accept_charset": "%{json.escape(req.http.Accept-Charset)}V", + "request_connection": "%{json.escape(req.http.Connection)}V", + "request_dnt": "%{json.escape(req.http.DNT)}V", + "request_forwarded": "%{json.escape(req.http.Forwarded)}V", + "request_via": "%{json.escape(req.http.Via)}V", + "request_cache_control": "%{json.escape(req.http.Cache-Control)}V", + "request_x_requested_with": "%{json.escape(req.http.X-Requested-With)}V", + "request_x_forwarded_for": "%{json.escape(req.http.X-Forwarded-For)}V", "status": "%{resp.status}V", - "content_type": "%{cstr_escape(resp.http.Content-Type)}V", + "content_type": "%{json.escape(resp.http.Content-Type)}V", "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V", "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V", - "response_age": "%{cstr_escape(resp.http.Age)}V", - "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V", - "response_expires": "%{cstr_escape(resp.http.Expires)}V", - "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V", - "response_tsv": "%{cstr_escape(resp.http.TSV)}V", + "response_age": "%{json.escape(resp.http.Age)}V", + "response_cache_control": "%{json.escape(resp.http.Cache-Control)}V", + "response_expires": "%{json.escape(resp.http.Expires)}V", + "response_last_modified": "%{json.escape(resp.http.Last-Modified)}V", + "response_tsv": "%{json.escape(resp.http.TSV)}V", "geo_datacenter": "%{server.datacenter}V", "geo_city": "%{client.geo.city}V", "geo_country_code": "%{client.geo.country_code}V", @@ -214,7 +214,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda "waf_rule_id": "%{waf.rule_id}V", "waf_severity": "%{waf.severity}V", "waf_passed": "%{waf.passed}V", - "waf_logdata": "%{cstr_escape(waf.logdata)}V", + "waf_logdata": "%{json.escape(waf.logdata)}V", "waf_executed": "%{waf.executed}V", "waf_anomaly_score": "%{waf.anomaly_score}V", "waf_sql_score": "%{waf.sql_injection_score}V", @@ -225,7 +225,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda "waf_php_score": "%{waf.php_injection_score}V", "waf_rce_score": "%{waf.rce_score}V", "waf_session_fixation_score": "%{waf.session_fixation_score}V", - "waf_message": "%{cstr_escape(waf.message)}V" + "waf_message": "%{json.escape(waf.message)}V" } ``` @@ -251,10 +251,10 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add "request": "%{req.request}V", "protocol": "%{req.proto}V", "origin_host": "%{req.http.Host}V", - "url": "%{cstr_escape(req.url)}V", - "request_referer": "%{cstr_escape(req.http.Referer)}V", - "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V", - "request_accept_content": "%{cstr_escape(req.http.Accept)}V", + "url": "%{json.escape(req.url)}V", + "request_referer": "%{json.escape(req.http.Referer)}V", + "request_user_agent": "%{json.escape(req.http.User-Agent)}V", + "request_accept_content": "%{json.escape(req.http.Accept)}V", "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE|NONE)).*\", \"\\2\\3\")}V", "geo_datacenter": "%{server.datacenter}V", "geo_city": "%{client.geo.city}V", @@ -268,7 +268,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add "waf_rule_id": "%{waf.rule_id}V", "waf_severity": "%{waf.severity}V", "waf_passed": "%{waf.passed}V", - "waf_logdata": "%{cstr_escape(waf.logdata)}V", + "waf_logdata": "%{json.escape(waf.logdata)}V", "waf_executed": "%{waf.executed}V", "waf_anomaly_score": "%{waf.anomaly_score}V", "waf_sql_score": "%{waf.sql_injection_score}V", @@ -279,7 +279,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add "waf_php_score": "%{waf.php_injection_score}V", "waf_rce_score": "%{waf.rce_score}V", "waf_session_fixation_score": "%{waf.session_fixation_score}V", - "waf_message": "%{cstr_escape(waf.message)}V" + "waf_message": "%{json.escape(waf.message)}V" } ```