New CRE Rule: Redis Rejects Writes Due to Maxmemory Limit#46
Merged
tonymeehan merged 4 commits intoprequel-dev:mainfrom Jun 3, 2025
Merged
New CRE Rule: Redis Rejects Writes Due to Maxmemory Limit#46tonymeehan merged 4 commits intoprequel-dev:mainfrom
tonymeehan merged 4 commits intoprequel-dev:mainfrom
Conversation
|
Welcome to the Problem Detection Community and thank you for your pull request! New contributors need to sign the Contributor License Agreement. In order for us to review and merge your code, please click the CLA link and fill out the form. |
Contributor
|
Looks like there's a conflict on the CRE rule. Can you change this to 0073? Please also make sure the tags/categories are updated in rules/tags/*.yaml. Once these changes are completed this is good to merge! |
Contributor
Author
|
@tonymeehan I've added two more specific tags and changed the others to some existing ones that already fit the context. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a new CRE (Common Remediation Enumeration) detection rule for a common and critical Redis failure. The failure occurs when a Redis instance reaches its configured
maxmemorylimit and, due to its active memory management policy (typically 'noeviction', which is often the default), begins rejecting client write commands.Closes #42
/claim #42
Rule Added
Failure Scenario Details
The rule is designed to detect the specific error message
(error) OOM command not allowed when used memory > 'maxmemory'that Redis sends to clients under these conditions. This indicates that the server cannot allocate memory for new write operations and is not configured to evict existing keys to make space.Video Demonstration
Screencast.2025-06-01.02.08.19.mp4
Reproduction Environment & Logs
A complete, minimal setup to reproduce this failure scenario is available in a separate GitHub repository:
➡️ Reproduction Repository: `https://github.com/amuta/cre-2025-0071-setup
This repository includes:
docker-compose.ymlto set up the Redis instance with appropriatemaxmemorylimits.run_oom_test.shscript to trigger the OOM condition by writing data.test.logwhich contains example logs. Crucially,test.logcaptures the timestamped output directly from theredis-cliclient, demonstrating the exact error message as an application would receive and log it.Detection Logic within the Rule
The CRE rule identifies this failure by using a regular expression to match the distinct error string
"OOM command not allowed when used memory > 'maxmemory'"within logs originating from applications or clients interacting with Redis