chore: HF iteration 53

.github/workflows/dev-ci.yaml

@@ -0,0 +1,38 @@
+name: dev build image
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@main
+
+      - name: Create tag name
+        run: echo "tag=$(date +'%Y-%m-%dT%H-%M-%S')_$GITHUB_SHA" >> $GITHUB_ENV
+
+      - name: Install AWS cli
+        uses: unfor19/install-aws-cli-action@master
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build and Push Agent Image
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: 'Dockerfile'
+          push: true
+          tags: |
+            280501305789.dkr.ecr.us-east-1.amazonaws.com/nudgebee-node-agent:${{ env.tag }}

.github/workflows/prod-ci.yaml

@@ -0,0 +1,38 @@
+name: dev build image
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "prod" ]
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@main
+
+      - name: Create tag name
+        run: echo "tag=$(date +'%Y-%m-%dT%H-%M-%S')_$GITHUB_SHA" >> $GITHUB_ENV
+
+      - name: Install AWS cli
+        uses: unfor19/install-aws-cli-action@master
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build and Push Agent Image
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: 'Dockerfile'
+          push: true
+          tags: |
+            740395098545.dkr.ecr.us-east-1.amazonaws.com/nudgebee-node-agent:${{ env.tag }}

containers/l7.go

@@ -1,6 +1,7 @@
 package containers
 
 import (
+	"log"
 	"time"
 
 	"github.com/coroot/coroot-node-agent/common"
@@ -68,7 +69,11 @@ func (s L7Stats) get(protocol l7.Protocol, destination, actualDestination netadd
 		case l7.ProtocolRabbitmq, l7.ProtocolNats:
 			labels = append(labels, "method")
 		case l7.ProtocolHTTP:
-			method, path := l7.ParseHttp(r.Payload)
+			method, path, payload := l7.ParseHttpAndRest(r.Payload)
+			if r.Status.Http() == "400" || r.Status.Http() == "500" {
+				log.Printf("Captured failed request actual body %s, converted body %s, status %s", string(r.Payload), payload, r.Status.Http())
+				constLabels["payload"] = payload
+			}
 			constLabels["path"] = path
 			constLabels["method"] = method
 			hOpts := L7Latency[protocol]

ebpftracer/l7/http.go

@@ -2,6 +2,9 @@ package l7
 
 import (
 	"bytes"
+	"encoding/base64"
+	"regexp"
+	"strings"
 )
 
 func ParseHttp(payload []byte) (string, string) {
@@ -18,3 +21,58 @@ func ParseHttp(payload []byte) (string, string) {
 	}
 	return string(method), string(uri)
 }
+
+func ParseHttpAndRest(payload []byte) (string, string, string) {
+	method, rest, ok := bytes.Cut(payload, space)
+	if !ok {
+		return "", "", ""
+	}
+	if !isHttpMethod(string(method)) {
+		return "", "", ""
+	}
+	uri, rest, ok := bytes.Cut(rest, space)
+	if !ok {
+		uri = append(uri, []byte("...")...)
+	}
+	return string(method), string(uri), SanitizeString(string(rest))
+}
+
+func SanitizeString(input string) string {
+	// Regular expression patterns to match various sensitive data formats
+	sensitivePatterns := []*regexp.Regexp{
+		// Authorization header (Bearer or Basic)
+		// Example: Authorization: Basic c3FhXzdhODNiZTRjY2Y0M2E2NzFhMTI0ODViYmMyY2I4ZGU4MDk0MDQyMzE6
+		// Reason: Matches common formats for authorization tokens.
+		regexp.MustCompile(`(?i)Authorization: (Bearer|Basic)\s+[a-zA-Z0-9\-_\.=]+`),
+
+		// API key
+		// Example: ApiKey abcdef1234567890
+		// Reason: Matches common formats for API keys.
+		regexp.MustCompile(`(?i)ApiKey\s+[a-zA-Z0-9\-_\.=]+`),
+
+		// JWT token
+		// Example: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
+		// Reason: Matches common formats for JWT tokens.
+		regexp.MustCompile(`(?i)JWT\s+[a-zA-Z0-9\-_\.=]+`),
+
+		// OAuth token
+		// Example: OAuth token1234567890
+		// Reason: Matches common formats for OAuth tokens.
+		regexp.MustCompile(`(?i)OAuth\s+[a-zA-Z0-9\-_\.=]+`),
+	}
+
+	// Replace sensitive data with placeholder '*'
+	sanitized := input
+	for _, pattern := range sensitivePatterns {
+		sanitized = pattern.ReplaceAllStringFunc(sanitized, func(match string) string {
+			// Only replace the sensitive part, keeping the structure intact
+			return strings.Repeat("*", len(match))
+		})
+	}
+
+	byteData := []byte(sanitized)
+
+	// Encode byte slice to Base64
+	base64String := base64.StdEncoding.EncodeToString(byteData)
+	return base64String
+}

ebpftracer/l7/l7.go

@@ -119,4 +119,5 @@ type RequestData struct {
 	Method      Method
 	StatementId uint32
 	Payload     []byte
+	PayloadSize uint64
 }

ebpftracer/tracer.go

@@ -350,6 +350,7 @@ func runEventsReader(name string, r *perf.Reader, ch chan<- Event, typ perfMapTy
 				Duration:    time.Duration(v.Duration),
 				Method:      l7.Method(v.Method),
 				StatementId: v.StatementId,
+				PayloadSize: v.PayloadSize,
 			}
 			switch {
 			case v.PayloadSize == 0:

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/containerd/containerd v1.6.26
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/coroot/logparser v1.1.2
-	github.com/docker/docker v25.0.0+incompatible
+	github.com/docker/docker v25.0.5+incompatible
 	github.com/florianl/go-conntrack v0.3.0
 	github.com/go-kit/log v0.2.1
 	github.com/google/uuid v1.5.0

go.sum

@@ -328,8 +328,8 @@ github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TT
 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v25.0.0+incompatible h1:g9b6wZTblhMgzOT2tspESstfw6ySZ9kdm94BLDKaZac=
-github.com/docker/docker v25.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE=
+github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=