As an example, with a configuration like this one, we are trying to sanitize our URLs by removing any reference to the value in [@metadata][passwd] in lines like this:
mutate {
gsub => [ "[location]", "sext2=%{[@metadata][passwd]}", "sext2=xxx" ]
gsub => [ "[location]", "Password=%{[@metadata][passwd]}", "Password=xxx" ]
gsub => [ "[location]", "password=%{[@metadata][passwd]}", "password=xxx" ]
}
The crash bug can be reproduced when the password field contains a [.
To prevent the bug, we have to escape these metacharacters like this:
mutate {
gsub => [ "[@metadata][passwd]", "\)", "\\)" ]
gsub => [ "[@metadata][passwd]", "\(", "\\(" ]
gsub => [ "[@metadata][passwd]", "\*", "\\*" ]
...
}
The problem is that Logstash crashes instead of just dropping the message.
As an example, with a configuration like this one, we are trying to sanitize our URLs by removing any reference to the value in
[@metadata][passwd]in lines like this:The crash bug can be reproduced when the password field contains a
[.To prevent the bug, we have to escape these metacharacters like this:
The problem is that Logstash crashes instead of just dropping the message.