Skip to content

Apache rawrequest escaping binary characters#4303

Merged
MrAnno merged 2 commits into
syslog-ng:masterfrom
bazsi:apache-rawrequest-escaping-binary-characters
Feb 20, 2023
Merged

Apache rawrequest escaping binary characters#4303
MrAnno merged 2 commits into
syslog-ng:masterfrom
bazsi:apache-rawrequest-escaping-binary-characters

Conversation

@bazsi
Copy link
Copy Markdown
Collaborator

@bazsi bazsi commented Feb 1, 2023

This branch fixes #4274 by:

  1. making sure that apache style escaping in access.logs are parsed properly, even if it contains escaped binary characters
  2. on output uses \xXX escaping style for binary characters, instead of \uXXXX, which shouldn't be needed for control characters anyway.

This might still be a change compared to our 3.38 behaviour, I guess in that case these binary characters were considered a single field and then re-escaped as it was sent out in JSON to ElasticSearch.

So it was probably sent to Elastic as: "\\x16\\x03\\x01" Note the double backslashes.

This patch will make that use binary, e.g. elastic would receive the original: "\x16\x03\x01" string, which it would de-escape probably. So this is still a change compared to 3.38 but I think this behaviour is better than our previous one, as we are not able to process the binary characters properly.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 1, 2023

No news file has been detected. Please write one, if applicable.

@kira-syslogng
Copy link
Copy Markdown
Contributor

kira-syslogng commented Feb 1, 2023

Build FAILURE

bazsi added 2 commits February 7, 2023 12:40
@bazsi
utf8utils: don't use \u escape sequences for control characters
4b41664 
This branch was only taken for control characters (e.g. below 32), so
\xXX sequences should be enough, no need for \u even if we are trying
to represent utf8 strings.

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
@bazsi
csv-scanner: decode \xXX sequences in addition to escaped special cha…
ae0291a 
…racters

Fixes syslog-ng#4274 that shows this access.log entry:

main:80 152.89.196.211 "-" - [23/Dec/2022:19:04:19 +0100] "\x16\x03\x01" 400 226 "-" "-"

Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
@bazsi bazsi force-pushed the apache-rawrequest-escaping-binary-characters branch from 7db54da to ae0291a Compare February 7, 2023 11:40
MrAnno
MrAnno approved these changes Feb 20, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@MrAnno MrAnno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need a news entry for this.

@MrAnno MrAnno merged commit 70b99df into syslog-ng:master Feb 20, 2023
MrAnno added a commit to MrAnno/syslog-ng that referenced this pull request Feb 28, 2023
@MrAnno
news: add bugfix syslog-ng#4303
64aeb05 
Signed-off-by: László Várady <laszlo.varady@anno.io>
Genfood pushed a commit to Genfood/syslog-ng that referenced this pull request Jun 14, 2023
@MrAnno @Genfood
news: add bugfix syslog-ng#4303
65afe50 
Signed-off-by: László Várady <laszlo.varady@anno.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@MrAnno MrAnno MrAnno approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Regression in rawrequest extraction with Apache SCL

3 participants

@bazsi @kira-syslogng @MrAnno