EQL: Forbid usage of ['] for string literals #62458
Conversation
The usage of single quotes to wrap a string literal is forbidden and an error encouraging the user to user double quotes is returned. Tests are properly adjusted. Related to elastic#61659
|
Pinging @elastic/es-ql (:Query Languages/EQL) |
elasticmachine
added
the
Team:QL (Deprecated)
|
Currently, the grammar is not touched so we have a nice error message to the user instead of an automated Parser generated exception. Also I choose to have the same message for Moreover, we chose to send an error instead of a deprecation log message so that it's easily visible to the user, who in turn should change existing queries to accommodate the change and therefore free the /cc @rw-access |
| @@ -178,7 +178,7 @@ public void testEqlRestUsage() throws IOException { | |||
| " [process where serial_event_id < 4] by exit_code" + | |||
| " [process where opcode == 1] by user" + | |||
| " [process where opcode == 2] by user" + | |||
| " [file where parent_process_name == 'file_delete_event'] by exit_code" + | |||
| " [file where parent_process_name == \\\"file_delete_event\\\"] by exit_code" + | |||
There was a problem hiding this comment.
It's because of the runEql() which constructs a json body, so with \" it's escaped in the java string but then it's interpreted as a closing " in json.
| private static void checkForSingleQuotedString(Source source, String text, int i) { | ||
| if (text.charAt(i) == '\'') { | ||
| throw new ParsingException(source, | ||
| "Single quotes ['] are not supported around literal strings, please use double quotes [\"]"); |
There was a problem hiding this comment.
Use double quotes ["] for defining string literals, not single quotes [']
There was a problem hiding this comment.
I will make it: Use double quotes ["] to define string literals, not single quotes [']
The usage of single quotes to wrap a string literal is forbidden
and an error encouraging the user to user double quotes is returned.
Tests are properly adjusted.
Relates to #61659