Syntax error at offset #143
Assignees
Labels
kind/bug
Something isn't working
Comments
|
Thanks for this very detailed report, I'll replace the escape function to handle more characters. FYI, I didn't use the Redis TAGS for the values. |
Issif
added a commit
that referenced
this issue
Apr 26, 2024
…character and conversion error for the groupby Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
poiana
pushed a commit
that referenced
this issue
Apr 30, 2024
…character and conversion error for the groupby Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
|
The PR #145 fixes that issue, it will be included in the next release. The ETA is before summer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We are getting the error
Syntax error at offsetin our logs. The occurs when any special character of,.<>{}[]"':;!@#$%^&*()+=~is added to theSearchbar of theEventssection in the UI.How to reproduce it
Install the Falco Helm chart with Falcosidekick (using version
4.3.0, which corresponds to app version0.37.1) and search for an event (with any of the following special character:,.<>{}[]"':;!@#$%^&*()+=~) in theSearchbar of theEventssection.Expected behaviour
No
Syntax error at offsetwhen special characters,.<>{}[]"':;!@#$%^&*()+=~is added to theSearchbar of theEventssection in the UI.Screenshots
When I search for the event time
06:47:14:398, that has the special character:, I get the error:But then when I properly escape the
:using\(i.e.,06\:47\:14\:398), I don't get the error:Environment
0.37.1
Linux version 5.15.148.2-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) UI updates #1 SMP Fri Feb 23 23:44:30 UTC 2024
AKS
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.10
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
/app $
Linux falco-falcosidekick-ui-5f89b8bc9d-zn869 5.15.148.2-2.cm2 UI updates #1 SMP Fri Feb 23 23:44:30 UTC 2024 x86_64 Linux
Kubernetes
Additional context
I believe the issue occurs with the API call
/api/v1/events/count/:groupbythat calls theCountByfunction, then theCountKeyByfunction, then thenewQueryfunction that calls the erroneousEscapefunction that doesn’t escape all punctuation correctly (see screenshot below). The function correctly escapes hyphens (with the use of a single backslash), but then incorrectly escapes forward slashes and periods by using two backslashes (and omits all other special characters). This is why when we put one of those characters in the search field, we get the error.In Redis, when you query for tags that contain punctuation, you must escape that punctuation with a backslash character (). If not, then you’ll get the error we are seeing (see: https://redis.io/docs/latest/develop/interact/search-and-query/advanced-concepts/tags/ and https://redis.io/docs/latest/develop/interact/search-and-query/advanced-concepts/escaping/).
The text was updated successfully, but these errors were encountered: