Closed fungusakafungus closed 10 months ago
This popped up again in the community. This reproduces all the way up to GL 5.2. The exception in the log now looks like this:
2023-11-30 09:51:38,751 ERROR: org.graylog2.shared.rest.exceptionmappers.AnyExceptionClassMapper - Unhandled exception in REST resource java.lang.NullPointerException: Cannot invoke "org.antlr.v4.runtime.Token.getText()" because "ctx.varName" is null at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser$RuleAstBuilder.exitVarAssignStmt(PipelineRuleParser.java:297) ~[classes/:?] at org.graylog.plugins.pipelineprocessor.parser.RuleLangParser$VarAssignStmtContext.exitRule(RuleLangParser.java:1406) ~[classes/:?] at org.antlr.v4.runtime.tree.ParseTreeWalker.exitRule(ParseTreeWalker.java:62) ~[antlr4-runtime-4.13.1.jar:4.13.1] at org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:38) ~[antlr4-runtime-4.13.1.jar:4.13.1] at org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:36) ~[antlr4-runtime-4.13.1.jar:4.13.1] at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser.parseRule(PipelineRuleParser.java:158) ~[classes/:?] at org.graylog.plugins.pipelineprocessor.rest.PipelineRuleService.parseRuleOrThrow(PipelineRuleService.java:39) ~[classes/:?] at org.graylog.plugins.pipelineprocessor.rest.RuleResource.parse(RuleResource.java:165) ~[classes/:?]
The rule editor UI does not show any error. Clicking the create or update button has no effect. Very frustrating. At least we should list all reserved names in the documentation.
All of these literals from the ANTRL grammar are problematic: https://github.com/Graylog2/graylog2-server/blob/ac960a5725f27a73ea604358e25a81f9c6c82a6a/graylog2-server/src/main/antlr4/org/graylog/plugins/pipelineprocessor/parser/RuleLang.g4#L127
That can't be helped. But we should give the user some indication of what the problem is.
Rulebuilder UI does not have this problem since you can only use existing values as parameters. We'll add the list of reserved words in the documentation. And revisit for Rulebuilder if we ever allow custom variable names.
Calling a variable "match" breaks parsing and produces
{"type":"ApiError","message":""}
error response.Expected Behavior
Rule can be parsed and saved
Current Behavior
XHR returns
{"type":"ApiError","message":""}
Server log hasPossible Solution
Should either be accepted or documented or at least show a better error message.
Steps to Reproduce (for bugs)
put this into create rule dialog:
Changing var name to "mach" fixes it.
Context
I was trying to write
let match = regex(...);
Your Environment