From 8d4a10884de81d3a63e72e9416c89b0083db6b53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 19:15:58 +0530 Subject: [PATCH 1/3] Bump github.com/docker/docker (#16) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.0+incompatible to 25.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a7a590d3..306f2fb1 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/containerd/containerd v1.6.26 github.com/coreos/go-systemd/v22 v22.5.0 github.com/coroot/logparser v1.1.2 - github.com/docker/docker v25.0.0+incompatible + github.com/docker/docker v25.0.5+incompatible github.com/florianl/go-conntrack v0.3.0 github.com/go-kit/log v0.2.1 github.com/google/uuid v1.5.0 diff --git a/go.sum b/go.sum index 81bc6f1c..87d05dd6 100644 --- a/go.sum +++ b/go.sum @@ -328,8 +328,8 @@ github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TT github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v25.0.0+incompatible h1:g9b6wZTblhMgzOT2tspESstfw6ySZ9kdm94BLDKaZac= -github.com/docker/docker v25.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= +github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= From 5cac86e307f2fe3edd5b5b0c31889a658fc70797 Mon Sep 17 00:00:00 2001 From: Mayank Pande Date: Wed, 27 Mar 2024 16:55:58 +0530 Subject: [PATCH 2/3] feat: added request/headers in labels (#20) * fix: added ip resolver * feat: added dns resolver * feat: fix for dns and logging * feat: added pod ip resolution * feat: added request/headers in labels --- containers/l7.go | 5 +++- ebpftracer/l7/http.go | 58 +++++++++++++++++++++++++++++++++++++++++++ ebpftracer/l7/l7.go | 1 + ebpftracer/tracer.go | 1 + 4 files changed, 64 insertions(+), 1 deletion(-) diff --git a/containers/l7.go b/containers/l7.go index f4782eea..2d1c7c50 100644 --- a/containers/l7.go +++ b/containers/l7.go @@ -68,7 +68,10 @@ func (s L7Stats) get(protocol l7.Protocol, destination, actualDestination netadd case l7.ProtocolRabbitmq, l7.ProtocolNats: labels = append(labels, "method") case l7.ProtocolHTTP: - method, path := l7.ParseHttp(r.Payload) + method, path, payload := l7.ParseHttpAndRest(r.Payload) + if r.Status == l7.StatusFailed { + constLabels["payload"] = payload + } constLabels["path"] = path constLabels["method"] = method hOpts := L7Latency[protocol] diff --git a/ebpftracer/l7/http.go b/ebpftracer/l7/http.go index 00047b51..dea68e04 100644 --- a/ebpftracer/l7/http.go +++ b/ebpftracer/l7/http.go @@ -2,6 +2,9 @@ package l7 import ( "bytes" + "encoding/base64" + "regexp" + "strings" ) func ParseHttp(payload []byte) (string, string) { @@ -18,3 +21,58 @@ func ParseHttp(payload []byte) (string, string) { } return string(method), string(uri) } + +func ParseHttpAndRest(payload []byte) (string, string, string) { + method, rest, ok := bytes.Cut(payload, space) + if !ok { + return "", "", "" + } + if !isHttpMethod(string(method)) { + return "", "", "" + } + uri, rest, ok := bytes.Cut(rest, space) + if !ok { + uri = append(uri, []byte("...")...) + } + return string(method), string(uri), SanitizeString(string(rest)) +} + +func SanitizeString(input string) string { + // Regular expression patterns to match various sensitive data formats + sensitivePatterns := []*regexp.Regexp{ + // Authorization header (Bearer or Basic) + // Example: Authorization: Basic c3FhXzdhODNiZTRjY2Y0M2E2NzFhMTI0ODViYmMyY2I4ZGU4MDk0MDQyMzE6 + // Reason: Matches common formats for authorization tokens. + regexp.MustCompile(`(?i)Authorization: (Bearer|Basic)\s+[a-zA-Z0-9\-_\.=]+`), + + // API key + // Example: ApiKey abcdef1234567890 + // Reason: Matches common formats for API keys. + regexp.MustCompile(`(?i)ApiKey\s+[a-zA-Z0-9\-_\.=]+`), + + // JWT token + // Example: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... + // Reason: Matches common formats for JWT tokens. + regexp.MustCompile(`(?i)JWT\s+[a-zA-Z0-9\-_\.=]+`), + + // OAuth token + // Example: OAuth token1234567890 + // Reason: Matches common formats for OAuth tokens. + regexp.MustCompile(`(?i)OAuth\s+[a-zA-Z0-9\-_\.=]+`), + } + + // Replace sensitive data with placeholder '*' + sanitized := input + for _, pattern := range sensitivePatterns { + sanitized = pattern.ReplaceAllStringFunc(sanitized, func(match string) string { + // Only replace the sensitive part, keeping the structure intact + return strings.Repeat("*", len(match)) + }) + } + + byteData := []byte(sanitized) + + // Encode byte slice to Base64 + base64String := base64.StdEncoding.EncodeToString(byteData) + return base64String +} diff --git a/ebpftracer/l7/l7.go b/ebpftracer/l7/l7.go index 7479eaab..b2c14280 100644 --- a/ebpftracer/l7/l7.go +++ b/ebpftracer/l7/l7.go @@ -119,4 +119,5 @@ type RequestData struct { Method Method StatementId uint32 Payload []byte + PayloadSize uint64 } diff --git a/ebpftracer/tracer.go b/ebpftracer/tracer.go index c16b0900..8c86d93c 100644 --- a/ebpftracer/tracer.go +++ b/ebpftracer/tracer.go @@ -350,6 +350,7 @@ func runEventsReader(name string, r *perf.Reader, ch chan<- Event, typ perfMapTy Duration: time.Duration(v.Duration), Method: l7.Method(v.Method), StatementId: v.StatementId, + PayloadSize: v.PayloadSize, } switch { case v.PayloadSize == 0: From 475def5a66c3b4b63f62f1fe94d19baa4b314574 Mon Sep 17 00:00:00 2001 From: Mayank Pande Date: Sat, 30 Mar 2024 19:21:39 +0530 Subject: [PATCH 3/3] fix: fix for request body capture on failure (#22) * fix: fix for request body capture on failure * chore: added ci and fix build --- .github/workflows/dev-ci.yaml | 38 ++++++++++++++++++++++++++++++++++ .github/workflows/prod-ci.yaml | 38 ++++++++++++++++++++++++++++++++++ containers/l7.go | 4 +++- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/dev-ci.yaml create mode 100644 .github/workflows/prod-ci.yaml diff --git a/.github/workflows/dev-ci.yaml b/.github/workflows/dev-ci.yaml new file mode 100644 index 00000000..3b2ffb10 --- /dev/null +++ b/.github/workflows/dev-ci.yaml @@ -0,0 +1,38 @@ +name: dev build image +on: + workflow_dispatch: + push: + branches: [ "main" ] + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@main + + - name: Create tag name + run: echo "tag=$(date +'%Y-%m-%dT%H-%M-%S')_$GITHUB_SHA" >> $GITHUB_ENV + + - name: Install AWS cli + uses: unfor19/install-aws-cli-action@master + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and Push Agent Image + uses: docker/build-push-action@v3 + with: + context: . + file: 'Dockerfile' + push: true + tags: | + 280501305789.dkr.ecr.us-east-1.amazonaws.com/nudgebee-node-agent:${{ env.tag }} diff --git a/.github/workflows/prod-ci.yaml b/.github/workflows/prod-ci.yaml new file mode 100644 index 00000000..b83f59bc --- /dev/null +++ b/.github/workflows/prod-ci.yaml @@ -0,0 +1,38 @@ +name: dev build image +on: + workflow_dispatch: + push: + branches: [ "prod" ] + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@main + + - name: Create tag name + run: echo "tag=$(date +'%Y-%m-%dT%H-%M-%S')_$GITHUB_SHA" >> $GITHUB_ENV + + - name: Install AWS cli + uses: unfor19/install-aws-cli-action@master + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and Push Agent Image + uses: docker/build-push-action@v3 + with: + context: . + file: 'Dockerfile' + push: true + tags: | + 740395098545.dkr.ecr.us-east-1.amazonaws.com/nudgebee-node-agent:${{ env.tag }} diff --git a/containers/l7.go b/containers/l7.go index 2d1c7c50..6153616c 100644 --- a/containers/l7.go +++ b/containers/l7.go @@ -1,6 +1,7 @@ package containers import ( + "log" "time" "github.com/coroot/coroot-node-agent/common" @@ -69,7 +70,8 @@ func (s L7Stats) get(protocol l7.Protocol, destination, actualDestination netadd labels = append(labels, "method") case l7.ProtocolHTTP: method, path, payload := l7.ParseHttpAndRest(r.Payload) - if r.Status == l7.StatusFailed { + if r.Status.Http() == "400" || r.Status.Http() == "500" { + log.Printf("Captured failed request actual body %s, converted body %s, status %s", string(r.Payload), payload, r.Status.Http()) constLabels["payload"] = payload } constLabels["path"] = path