trackme Using double-backslash for regular expression in blocklist fails trackme

Using double-backslash for regular expression in blocklist fails trackme

Open weiss-h opened this issue 2 years ago • 1 comments

Describe the bug We have corrupted index names (getting from somewhere we don't know) which results in trackme data names like "abc\x00\x00". I built a data_name blocklist entry and entered this string: (?i)\\ TrackMe puts this in the list but as (?i)
(a single backslash) Then the main page of TrackMe fails to load (because search filter with wrong regex failes I guess). I manually corrected the entry in the kv store with lookkup editor (added the second backslash), then it works again.

To Reproduce Steps to reproduce the behavior: Create a data_name blocklist entry: (?i)\\

Expected behavior main page of TrackMe does not fail to load

Splunk version and deployment:

Splunk Version: 8.2.2.1
TrackMe version 1.2.58
TrackMe is deployed within a Search Head Cluster (SHC)

Apr 11 '22 15:04 weiss-h

Thank you @weiss-h for raising this issue, sounds very fair.

Apr 11 '22 15:04 guilhemmarchand

trackme trackme copied to clipboard

Using double-backslash for regular expression in blocklist fails trackme

trackme
trackme copied to clipboard