journal-triggerd icon indicating copy to clipboard operation
journal-triggerd copied to clipboard
verified publisher icon jjk-jacky

Problem with field substitution

Open wltb opened this issue 7 years ago • 1 comments

There is something wrong with field substitution, or maybe my understanding of the topic is off. I created a minimal working example. Rule file is:

[Rule]
trigger=sh -c "echo $'MESSAGE >> /tmp/log.txt"

[Filter]
PRIORITY<=3

Journal entries are created with logger:

logger -p 0 'lookup_init:136: lookup(yp): map auto.master: Local domain name not set'
logger -p 0 '()'
logger -p 0 '(y)'
logger -p 0 '555(y)555'
logger -p 0 '666555(y)555666'
logger -p 0 '777666555(y)555666777'
logger -p 0 '888777666555(y)555666777888'

(the first message is what made me investigate this, BTW), and then we get

$ cat /tmp/log.txt
()ESSAGE
(y)SSAGE
555(y)555

The journal entries may help with debugging:

$ journalctl -a --no-pager --since '-2h' -u journal-triggerd.service
journal-triggerd[10023]: Failed to execute trigger 'sh -c "echo $'MESSAGE >> /tmp/log.txt"': Text ended before matching quote was found for ". (The text was “sh -c "echo 'lookup_init:136: lookup(yp): map auto.master: Local domain name not set'”)
journal-triggerd[10023]: 666555(y)555666p/log.txt
journal-triggerd[10023]: 777666555(y)555666777txt
journal-triggerd[10023]: Failed to execute trigger 'sh -c "echo $'MESSAGE >> /tmp/log.txt"': Text ended before matching quote was found for ". (The text was “sh -c "echo '888777666555(y)555666777888'”)

Seems like the substituted text replaces the original one if it's longer than the field name, or something like that.

wltb avatar Jul 26 '18 21:07 wltb

Hello,

First off, let me apologize for the long delay -- I meant to at least acknowledge the issue before looking into it but managed to forget to do it, sorry about that.

So I took some time to look into this, and you're right field substitution with the $'FIELD syntax was indeed bugged, I just pushed a fix to branch next.

This whole parsing thing was never really well done to begin with, something I've long been aware of and intended to eventually address, so I did as well. Specifically, and to avoid any possible splitting issue and such, I've pushed a branch rewrite-parsing where the trigger is now first parsed/splitted into an argv for execution, and then field substitution is performed. Important change though: the $'FIELD syntax isn't supported anymore. (It's also not needed anymore, ofc.)

Note however that this won't address the fact that if the field value contains special characters (for your shell, e.g. quotes, redirections, etc), this might cause issue since it will be doing parsing of its own. (Using a script might be used to avoid such issue obviously.)

Thanks for the report, and sorry again for the delay.

Cheers,

jjk-jacky avatar Oct 01 '18 18:10 jjk-jacky