Replace Fastly VCL cstr_escape w/ json.escape (#5065)

akesle · jpipkin1 · web-flow · commit 4f1e912186ff · 2025-02-12T23:38:40.000Z
Co-authored-by: John Pipkin (Sumo Logic) &lt;jpipkin@sumologic.com&gt;
diff --git a/docs/integrations/saas-cloud/fastly.md b/docs/integrations/saas-cloud/fastly.md
@@ -69,39 +69,39 @@ When you configure the Sumo Logic endpoint in Fastly:
      "protocol": "%{req.proto}V",
      "host": "%{req.http.Fastly-Orig-Host}V",
      "origin_host": "%{req.http.Host}V",
-     "url": "%{cstr_escape(req.url)}V",
+     "url": "%{json.escape(req.url)}V",
      "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V",
      "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V",
-     "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V",
-     "tls_client_servername": "%{cstr_escape(tls.client.servername)}V",
-     "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V",
-     "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V",
-     "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V",
+     "tls_client_protocol": "%{json.escape(tls.client.protocol)}V",
+     "tls_client_servername": "%{json.escape(tls.client.servername)}V",
+     "tls_client_cipher": "%{json.escape(tls.client.cipher)}V",
+     "tls_client_cipher_sha": "%{json.escape(tls.client.ciphers_sha)}V",
+     "tls_client_tlsexts_sha": "%{json.escape(tls.client.tlsexts_sha)}V",
      "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V",
      "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V",
      "h2_stream_id": "%{fastly_info.h2.stream_id}V",
-     "request_referer": "%{cstr_escape(req.http.Referer)}V",
-     "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V",
-     "request_accept_content": "%{cstr_escape(req.http.Accept)}V",
-     "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V",
-     "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V",
-     "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V",
-     "request_connection": "%{cstr_escape(req.http.Connection)}V",
-     "request_dnt": "%{cstr_escape(req.http.DNT)}V",
-     "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V",
-     "request_via": "%{cstr_escape(req.http.Via)}V",
-     "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V",
-     "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V",
-     "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V",
+     "request_referer": "%{json.escape(req.http.Referer)}V",
+     "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
+     "request_accept_content": "%{json.escape(req.http.Accept)}V",
+     "request_accept_language": "%{json.escape(req.http.Accept-Language)}V",
+     "request_accept_encoding": "%{json.escape(req.http.Accept-Encoding)}V",
+     "request_accept_charset": "%{json.escape(req.http.Accept-Charset)}V",
+     "request_connection": "%{json.escape(req.http.Connection)}V",
+     "request_dnt": "%{json.escape(req.http.DNT)}V",
+     "request_forwarded": "%{json.escape(req.http.Forwarded)}V",
+     "request_via": "%{json.escape(req.http.Via)}V",
+     "request_cache_control": "%{json.escape(req.http.Cache-Control)}V",
+     "request_x_requested_with": "%{json.escape(req.http.X-Requested-With)}V",
+     "request_x_forwarded_for": "%{json.escape(req.http.X-Forwarded-For)}V",
      "status": "%{resp.status}V",
-     "content_type": "%{cstr_escape(resp.http.Content-Type)}V",
+     "content_type": "%{json.escape(resp.http.Content-Type)}V",
      "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V",
      "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V",
-     "response_age": "%{cstr_escape(resp.http.Age)}V",
-     "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V",
-     "response_expires": "%{cstr_escape(resp.http.Expires)}V",
-     "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V",
-     "response_tsv": "%{cstr_escape(resp.http.TSV)}V",
+     "response_age": "%{json.escape(resp.http.Age)}V",
+     "response_cache_control": "%{json.escape(resp.http.Cache-Control)}V",
+     "response_expires": "%{json.escape(resp.http.Expires)}V",
+     "response_last_modified": "%{json.escape(resp.http.Last-Modified)}V",
+     "response_tsv": "%{json.escape(resp.http.TSV)}V",
      "geo_datacenter": "%{server.datacenter}V",
      "geo_city": "%{client.geo.city}V",
      "geo_country_code": "%{client.geo.country_code}V",
@@ -152,39 +152,39 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda
     "protocol": "%{req.proto}V",
     "host": "%{req.http.Fastly-Orig-Host}V",
     "origin_host": "%{req.http.Host}V",
-    "url": "%{cstr_escape(req.url)}V",
+    "url": "%{json.escape(req.url)}V",
     "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V",
     "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V",
-    "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V",
-    "tls_client_servername": "%{cstr_escape(tls.client.servername)}V",
-    "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V",
-    "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V",
-    "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V",
+    "tls_client_protocol": "%{json.escape(tls.client.protocol)}V",
+    "tls_client_servername": "%{json.escape(tls.client.servername)}V",
+    "tls_client_cipher": "%{json.escape(tls.client.cipher)}V",
+    "tls_client_cipher_sha": "%{json.escape(tls.client.ciphers_sha)}V",
+    "tls_client_tlsexts_sha": "%{json.escape(tls.client.tlsexts_sha)}V",
     "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V",
     "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V",
     "h2_stream_id": "%{fastly_info.h2.stream_id}V",
-    "request_referer": "%{cstr_escape(req.http.Referer)}V",
-    "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V",
-    "request_accept_content": "%{cstr_escape(req.http.Accept)}V",
-    "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V",
-    "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V",
-    "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V",
-    "request_connection": "%{cstr_escape(req.http.Connection)}V",
-    "request_dnt": "%{cstr_escape(req.http.DNT)}V",
-    "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V",
-    "request_via": "%{cstr_escape(req.http.Via)}V",
-    "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V",
-    "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V",
-    "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V",
+    "request_referer": "%{json.escape(req.http.Referer)}V",
+    "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
+    "request_accept_content": "%{json.escape(req.http.Accept)}V",
+    "request_accept_language": "%{json.escape(req.http.Accept-Language)}V",
+    "request_accept_encoding": "%{json.escape(req.http.Accept-Encoding)}V",
+    "request_accept_charset": "%{json.escape(req.http.Accept-Charset)}V",
+    "request_connection": "%{json.escape(req.http.Connection)}V",
+    "request_dnt": "%{json.escape(req.http.DNT)}V",
+    "request_forwarded": "%{json.escape(req.http.Forwarded)}V",
+    "request_via": "%{json.escape(req.http.Via)}V",
+    "request_cache_control": "%{json.escape(req.http.Cache-Control)}V",
+    "request_x_requested_with": "%{json.escape(req.http.X-Requested-With)}V",
+    "request_x_forwarded_for": "%{json.escape(req.http.X-Forwarded-For)}V",
     "status": "%{resp.status}V",
-    "content_type": "%{cstr_escape(resp.http.Content-Type)}V",
+    "content_type": "%{json.escape(resp.http.Content-Type)}V",
     "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V",
     "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V",
-    "response_age": "%{cstr_escape(resp.http.Age)}V",
-    "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V",
-    "response_expires": "%{cstr_escape(resp.http.Expires)}V",
-    "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V",
-    "response_tsv": "%{cstr_escape(resp.http.TSV)}V",
+    "response_age": "%{json.escape(resp.http.Age)}V",
+    "response_cache_control": "%{json.escape(resp.http.Cache-Control)}V",
+    "response_expires": "%{json.escape(resp.http.Expires)}V",
+    "response_last_modified": "%{json.escape(resp.http.Last-Modified)}V",
+    "response_tsv": "%{json.escape(resp.http.TSV)}V",
     "geo_datacenter": "%{server.datacenter}V",
     "geo_city": "%{client.geo.city}V",
     "geo_country_code": "%{client.geo.country_code}V",
@@ -214,7 +214,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda
     "waf_rule_id": "%{waf.rule_id}V",
     "waf_severity": "%{waf.severity}V",
     "waf_passed": "%{waf.passed}V",
-    "waf_logdata": "%{cstr_escape(waf.logdata)}V",
+    "waf_logdata": "%{json.escape(waf.logdata)}V",
     "waf_executed": "%{waf.executed}V",
     "waf_anomaly_score": "%{waf.anomaly_score}V",
     "waf_sql_score": "%{waf.sql_injection_score}V",
@@ -225,7 +225,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda
     "waf_php_score": "%{waf.php_injection_score}V",
     "waf_rce_score": "%{waf.rce_score}V",
     "waf_session_fixation_score": "%{waf.session_fixation_score}V",
-    "waf_message": "%{cstr_escape(waf.message)}V"
+    "waf_message": "%{json.escape(waf.message)}V"
     }
     ```
     </details>
@@ -251,10 +251,10 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add
     "request": "%{req.request}V",
     "protocol": "%{req.proto}V",
     "origin_host": "%{req.http.Host}V",
-    "url": "%{cstr_escape(req.url)}V",
-    "request_referer": "%{cstr_escape(req.http.Referer)}V",
-    "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V",
-    "request_accept_content": "%{cstr_escape(req.http.Accept)}V",
+    "url": "%{json.escape(req.url)}V",
+    "request_referer": "%{json.escape(req.http.Referer)}V",
+    "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
+    "request_accept_content": "%{json.escape(req.http.Accept)}V",
     "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE|NONE)).*\", \"\\2\\3\")}V",
     "geo_datacenter": "%{server.datacenter}V",
     "geo_city": "%{client.geo.city}V",
@@ -268,7 +268,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add
     "waf_rule_id": "%{waf.rule_id}V",
     "waf_severity": "%{waf.severity}V",
     "waf_passed": "%{waf.passed}V",
-    "waf_logdata": "%{cstr_escape(waf.logdata)}V",
+    "waf_logdata": "%{json.escape(waf.logdata)}V",
     "waf_executed": "%{waf.executed}V",
     "waf_anomaly_score": "%{waf.anomaly_score}V",
     "waf_sql_score": "%{waf.sql_injection_score}V",
@@ -279,7 +279,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add
     "waf_php_score": "%{waf.php_injection_score}V",
     "waf_rce_score": "%{waf.rce_score}V",
     "waf_session_fixation_score": "%{waf.session_fixation_score}V",
-    "waf_message": "%{cstr_escape(waf.message)}V"
+    "waf_message": "%{json.escape(waf.message)}V"
   }
   ```
 
