Regex changes from yaml input to what is used internally

Question

Regex changes from yaml input to what is used internally

vinicentus opened this issue 7 months ago · 4 comments

Describe the bug
The regex string changes form the input in yaml to the actually used value in the program. Somewhere along the way extra \ characters get added before the existing \ characters in the string, resulting in a double backslash: \\.

To Reproduce

Start the following docker-compose file:

services:
  socket-proxy:
    image: wollomatic/socket-proxy:1
    user: 65534:998
    command:
      - '-loglevel=debug'
      - '-listenip=0.0.0.0'
      - '-allowGET=/v1\.\d{1,2}/containers/json\?all=1&filters=%7B%22label%22%3A%7B%22lazytainer\.group%3Dminecraft%22%3Atrue%7D%7D'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

Observe the log:

time=2024-04-16T10:26:59.439Z level=INFO msg="starting socket-proxy" version=1.1.3 os=linux arch=amd64 runtime=go1.22.2 URL=github.com/wollomatic/socket-proxy
time=2024-04-16T10:26:59.439Z level=INFO msg="configuration info" socketpath=/var/run/docker.sock listenaddress=0.0.0.0:2375 loglevel=DEBUG logjson=false allowfrom=127.0.0.1/32 shutdowngracetime=10
time=2024-04-16T10:26:59.439Z level=INFO msg="watchdog disabled"
time=2024-04-16T10:26:59.439Z level=INFO msg="configured allowed request" method=GET regex="^/v1\\.\\d{1,2}/containers/json\\?all=1&filters=%7B%22label%22%3A%7B%22lazytainer\\.group%3Dminecraft%22%3Atrue%7D%7D$"
time=2024-04-16T10:26:59.439Z level=DEBUG msg="checking socket availability" origin=checkSocketAvailability

The log says that the used regular expression is ^/v1\\.\\d{1,2}/containers/json\\?all=1&filters=%7B%22label%22%3A%7B%22lazytainer\\.group%3Dminecraft%22%3Atrue%7D%7D$.

Expected behavior
The expected regex line is ^/v1\.\d{1,2}/containers/json\?all=1&filters=%7B%22label%22%3A%7B%22lazytainer\.group%3Dminecraft%22%3Atrue%7D%7D$, without any double backslashes.

Additional context
regex101.com is perfectly happy with this when selecting the golang syntax:

Note that what I'm trying to match is actually an url-encoded version of /v1.45/containers/json?all=1&filters={"label":{"lazytainer.group=minecraft":true}}'

I don't think this is a problem with yaml as enclosing strings in single quotes (') should mean that no characters are escaped except that you can input an ' by using ''.

Hopefully I haven't overlooked some simple mistake here, but I can't figure this out :D

Answer 1 · 2024-04-16T18:40:45.000Z

Hi @vinicentus,

thanks for your detailed report. Indeed, I can reproduce the behaviour. I found out that it is caused by the = character in the regex string.

The issue does not happen in the processing of the regular expression. socket-proxy works like expected.

It is an unexpected behaviour of the slog package, so that the logger escapes all the \. I'll examine it tomorrow.

Best regards,
Wolfgang

Answer 2 · 2024-04-17T17:01:03.000Z

This is indeed the documented behaviour of slog: https://pkg.go.dev/log/slog#TextHandler.Handle :

Keys and values are quoted with strconv.Quote if they contain Unicode space characters, non-printing characters, '"' or '='.

In our case, this is a confusing behaviour, so I will change the console output.

Answer 3 · 2024-04-17T17:37:34.000Z

So this is what the new allow list would look like:

I just deployed a test image: docker pull wollomatic/socket-proxy:testing

Answer 4 · 2024-04-23T19:53:40.000Z

Solved in socket-proxy 1.2.0
docker pull wollomatic/socket-proxy:1.2.0