Alert user to misuse of reserved literals in the rule source editor

[fungusakafungus]

Calling a variable "match" breaks parsing and produces {"type":"ApiError","message":""} error response.

Expected Behavior

Rule can be parsed and saved

Current Behavior

XHR returns {"type":"ApiError","message":""} Server log has

2019-12-17T18:17:54.798+01:00 ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
java.lang.NullPointerException: null
    at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser$RuleAstBuilder.exitVarAssignStmt(PipelineRuleParser.java:319) ~[graylog.jar:?]
    at org.graylog.plugins.pipelineprocessor.parser.RuleLangParser$VarAssignStmtContext.exitRule(RuleLangParser.java:1357) ~[graylog.jar:?]
    at org.antlr.v4.runtime.tree.ParseTreeWalker.exitRule(ParseTreeWalker.java:47) ~[graylog.jar:?]
    at org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:30) ~[graylog.jar:?]
    at org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:28) ~[graylog.jar:?]
    at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser.parseRule(PipelineRuleParser.java:169) ~[graylog.jar:?]
    at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser.parseRule(PipelineRuleParser.java:134) ~[graylog.jar:?]
    at org.graylog.plugins.pipelineprocessor.rest.RuleResource.parse(RuleResource.java:119) ~[graylog.jar:?]
    at sun.reflect.GeneratedMethodAccessor666.invoke(Unknown Source) ~[?:?]

Possible Solution

Should either be accepted or documented or at least show a better error message.

Steps to Reproduce (for bugs)

put this into create rule dialog:

rule "test match" when true
then let match = ""; end

Changing var name to "mach" fixes it.

Context

I was trying to write let match = regex(...);

Your Environment

• Graylog Version: Graylog 3.1.3+cda805f
• Operating System: Mac OS X
• Browser version: Google Chrome 78.0.3904.108

[patrickmann]

This popped up again in the community. This reproduces all the way up to GL 5.2. The exception in the log now looks like this:

2023-11-30 09:51:38,751 ERROR: org.graylog2.shared.rest.exceptionmappers.AnyExceptionClassMapper - Unhandled exception in REST resource java.lang.NullPointerException: Cannot invoke "org.antlr.v4.runtime.Token.getText()" because "ctx.varName" is null at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser$RuleAstBuilder.exitVarAssignStmt(PipelineRuleParser.java:297) ~[classes/:?] at org.graylog.plugins.pipelineprocessor.parser.RuleLangParser$VarAssignStmtContext.exitRule(RuleLangParser.java:1406) ~[classes/:?] at org.antlr.v4.runtime.tree.ParseTreeWalker.exitRule(ParseTreeWalker.java:62) ~[antlr4-runtime-4.13.1.jar:4.13.1] at org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:38) ~[antlr4-runtime-4.13.1.jar:4.13.1] at org.antlr.v4.runtime.tree.ParseTreeWalker.walk(ParseTreeWalker.java:36) ~[antlr4-runtime-4.13.1.jar:4.13.1] at org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser.parseRule(PipelineRuleParser.java:158) ~[classes/:?] at org.graylog.plugins.pipelineprocessor.rest.PipelineRuleService.parseRuleOrThrow(PipelineRuleService.java:39) ~[classes/:?] at org.graylog.plugins.pipelineprocessor.rest.RuleResource.parse(RuleResource.java:165) ~[classes/:?]

The rule editor UI does not show any error. Clicking the create or update button has no effect. Very frustrating. At least we should list all reserved names in the documentation.

[patrickmann]

All of these literals from the ANTRL grammar are problematic: https://github.com/Graylog2/graylog2-server/blob/ac960a5725f27a73ea604358e25a81f9c6c82a6a/graylog2-server/src/main/antlr4/org/graylog/plugins/pipelineprocessor/parser/RuleLang.g4#L127

That can't be helped. But we should give the user some indication of what the problem is.

[patrickmann]

Rulebuilder UI does not have this problem since you can only use existing values as parameters. We'll add the list of reserved words in the documentation. And revisit for Rulebuilder if we ever allow custom variable names.