search

TwiN / gatus

⛑ Automated developer-oriented status page
https://gatus.io
Apache License 2.0
6.17k stars 410 forks source link

`Failed to send an serviceAlert` errors due to unescaped quotes in the request body #188

Closed tiwood closed 2 years ago

tiwood commented 2 years ago

I've noticed that some of our alerts where failing with the following error message:

Failed to send an serviceAlert for service=Very Cool Service "ServiceYXZ": call to provider alert returned status code 400: Bad payload received by generic incoming webhook.

It seems the issue is caused by unescaped quotes (") in the HTTP POST - in this specific case in the text property:

{
  "@type": "MessageCard",
  "@context": "http://schema.org/extensions",
  "themeColor": "#DD0000",
  "title": "🚨 Gatus",
  "text": "An alert for *Very Cool Service "ServiceYXZ" * has been triggered due to having failed 3 time(s) in a row:\n> The health check failed",
  "sections": [
    {
      "activityTitle": "URL",
      "text": "yxz"
    },
    {
      "activityTitle": "Condition results",
      "text": "&#x2705; - `[STATUS] == 200`<br/>&#x274C; - `[BODY].value.availabilityState (Available) == Degraded`<br/>"
    }
  ]
}
jrwren commented 2 years ago

I'm trying to reproduce this, but I am very new to gatos and I can't seem to build a config which will trigger an alert.

It seems like if the alert is configured as:

alerting:
  custom:                                                                                                 
     url: "http://jrwren.xmtp.net/customalert"                                                             
     method: "POST"                                                                                        
     body: |                                                                                               
       {                                                                                                   
         "text": "[ALERT_TRIGGERED_OR_RESOLVED]: [ENDPOINT_NAME] - [ALERT_DESCRIPTION]"                    
        }

then the issue isn't the quotes so much as that the body is json but it might not be. e.g.

     body: |                                                                                               
       [ALERT_TRIGGERED_OR_RESOLVED]: [ENDPOINT_NAME] - [ALERT_DESCRIPTION]

It may make sense to not escape the quotes in some cases and to escape them in others.

I guess it is very likely that this will always be json and somewhat rare that variables will have quotes? But maybe this needs to be conditional on some "escape variables" config option?

tiwood commented 2 years ago

In our case the error was caused by the name of our "check", which is passed to the alert itself.

  - name: ExpressRoute Circuit "foo-bar"
    group: core/networking