Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 4 additions & 6 deletions ebpftracer/l7/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func ParseHTTPRequest(data []byte) (*http.Request, error) {
sensitiveHeaders := make(map[string]bool)
sensitiveKeysList := strings.Split(*flags.SensitiveHeader, ",")
for _, key := range sensitiveKeysList {
sensitiveHeaders[strings.TrimSpace(key)] = true
sensitiveHeaders[strings.ToLower(strings.TrimSpace(key))] = true
}
for _, line := range headerLines {
part1, part2, ok := bytes.Cut(line, []byte(":"))
Expand All @@ -84,7 +84,7 @@ func ParseHTTPRequest(data []byte) (*http.Request, error) {

key := strings.TrimSpace(string(part1))
val := strings.TrimSpace(string(part2))
if sensitiveHeaders[key] {
if sensitiveHeaders[strings.ToLower(key)] {
val = SanitizeString(val)
}
header.Add(key, val)
Expand Down Expand Up @@ -143,10 +143,8 @@ func ConvertHeadersToString(headers http.Header) string {

func SanitizeString(value string) string {
if !*flags.SanitizeHeaders {

return value
}
if len(value) <= 10 {
return strings.Repeat("*", len(value))
}
return strings.Repeat("*", 10) + value[10:]
return strings.Repeat("*", len(value))
}
9 changes: 8 additions & 1 deletion ebpftracer/l7/l7_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"io"
"testing"

"github.com/coroot/coroot-node-agent/flags"
"github.com/stretchr/testify/assert"
"go.mongodb.org/mongo-driver/bson"
)
Expand Down Expand Up @@ -91,12 +92,18 @@ func TestParseMongo(t *testing.T) {
}

func TestParseHost(t *testing.T) {
requestString := "HEAD /1 HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/8.0.1\r\nAccept: */*\r\n\r\nxzxxxxxxzx"
SanitizeHeaders := "Authorization, cookie"
f := true
flags.SensitiveHeader = &SanitizeHeaders
flags.SanitizeHeaders = &f
requestString := "HEAD /1 HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/8.0.1\r\nAuthorization: abcd\r\nCookie: abcd\r\nAccept: */*\r\n\r\nxzxxxxxxzx"
req, err := ParseHTTPRequest([]byte(requestString))
assert.Nil(t, nil, err)
assert.Equal(t, "/1", req.URL.Path)
assert.Equal(t, "127.0.0.1", req.Host)
assert.Equal(t, "HEAD", req.Method)
assert.Equal(t, "****", req.Header.Get("Authorization"))
assert.Equal(t, "****", req.Header.Get("Cookie"))
body, err := io.ReadAll(req.Body)
assert.Nil(t, nil, err)
assert.Equal(t, "xzxxxxxxzx", string(body))
Expand Down
2 changes: 1 addition & 1 deletion flags/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ var (
ResolveDns = kingpin.Flag("resolve-dns", "should resolve DNS").Default("true").Envar("RESOLVE_DNS").Bool()
IgnoreControlPlane = kingpin.Flag("ignore-control-plane", "ignore control plane like loki").Default("karpenter,loki,prometheus,grafana,kubelet,etcd,apiserver,victoria").Envar("IGNORE_CONTROL_PLANE").String()
SanitizeHeaders = kingpin.Flag("sanitize-headers", "should sanitize headers").Default("true").Envar("SANITIZE_HEADERS").Bool()
SensitiveHeader = kingpin.Flag("sensitive-headers", "sanitize headers using patterns").Default("Authorization, Cookie").Envar("SENSITIVE_HEADERS").String()
SensitiveHeader = kingpin.Flag("sensitive-headers", "sanitize headers using patterns").Default("Authorization, Cookie, X-Action-Token").Envar("SENSITIVE_HEADERS").String()
)

func GetString(fl *string) string {
Expand Down
1 change: 1 addition & 0 deletions tracing/tracing.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ func (t *Trace) HttpRequest(method, path string, status l7.Status, duration time
attribute.Key("http.request_payload").String(payload),
attribute.Key("http.headers").String(headers),
attribute.Key("http.response").String(response),
attribute.Key("http.path").String(path),
)
}

Expand Down