From 0a5343299c41de498d05f0f264ee5bc7f532f8d1 Mon Sep 17 00:00:00 2001
From: "M. Mert Yildiran" <me@mertyildiran.com>
Date: Mon, 26 Dec 2022 08:00:54 +0300
Subject: [PATCH] :fire: Remove `--insertion-filter` and `--redact` options
 from `tap` command

---
 cmd/tap.go                        |  2 -
 cmd/tapRunner.go                  |  1 -
 config/configStructs/tapConfig.go | 88 ++++---------------------------
 3 files changed, 9 insertions(+), 82 deletions(-)

diff --git a/cmd/tap.go b/cmd/tap.go
index 98704e0bc..9a8e79187 100644
--- a/cmd/tap.go
+++ b/cmd/tap.go
@@ -53,9 +53,7 @@ func init() {
 	tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.ProxyHost, "Provide a custom host for the proxy/port-forward.")
 	tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector.")
 	tapCmd.Flags().BoolP(configStructs.AllNamespacesLabel, "A", defaultTapConfig.AllNamespaces, "Tap all namespaces.")
-	tapCmd.Flags().Bool(configStructs.EnableRedactionLabel, defaultTapConfig.EnableRedaction, "Enables redaction of potentially sensitive request/response headers and body values.")
 	tapCmd.Flags().String(configStructs.HumanMaxEntriesDBSizeLabel, defaultTapConfig.HumanMaxEntriesDBSize, "Override the default max entries db size.")
-	tapCmd.Flags().String(configStructs.InsertionFilterName, defaultTapConfig.InsertionFilter, "Set the insertion filter. Accepts string or a file path.")
 	tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them.")
 	tapCmd.Flags().Bool(configStructs.ServiceMeshName, defaultTapConfig.ServiceMesh, "Record decrypted traffic if the cluster is configured with a service mesh and with mtls.")
 	tapCmd.Flags().Bool(configStructs.TlsName, defaultTapConfig.Tls, "Record tls traffic.")
diff --git a/cmd/tapRunner.go b/cmd/tapRunner.go
index b4c7fe347..6bae699c7 100644
--- a/cmd/tapRunner.go
+++ b/cmd/tapRunner.go
@@ -111,7 +111,6 @@ func finishTapExecution(kubernetesProvider *kubernetes.Provider) {
 func getTapConfig() *models.Config {
 	conf := models.Config{
 		MaxDBSizeBytes:     config.Config.Tap.MaxEntriesDBSizeBytes(),
-		InsertionFilter:    config.Config.Tap.GetInsertionFilter(),
 		PullPolicy:         config.Config.ImagePullPolicyStr,
 		WorkerResources:    config.Config.Tap.WorkerResources,
 		ResourcesNamespace: config.Config.ResourcesNamespace,
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index e1c23e353..2b29077a2 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -2,14 +2,10 @@ package configStructs
 
 import (
 	"fmt"
-	"io/fs"
-	"os"
 	"regexp"
-	"strings"
 
 	"github.com/kubeshark/base/pkg/models"
 	"github.com/kubeshark/kubeshark/utils"
-	"github.com/rs/zerolog/log"
 )
 
 const (
@@ -20,9 +16,7 @@ const (
 	ProxyHostLabel             = "proxy-host"
 	NamespacesLabel            = "namespaces"
 	AllNamespacesLabel         = "all-namespaces"
-	EnableRedactionLabel       = "redact"
 	HumanMaxEntriesDBSizeLabel = "max-entries-db-size"
-	InsertionFilterName        = "insertion-filter"
 	DryRunLabel                = "dry-run"
 	ServiceMeshName            = "service-mesh"
 	TlsName                    = "tls"
@@ -40,25 +34,16 @@ type FrontConfig struct {
 }
 
 type TapConfig struct {
-	Hub               HubConfig   `yaml:"hub"`
-	Front             FrontConfig `yaml:"front"`
-	DockerRegistry    string      `yaml:"docker-registry" default:"docker.io/kubeshark"`
-	DockerTag         string      `yaml:"docker-tag" default:"latest"`
-	PodRegexStr       string      `yaml:"regex" default:".*"`
-	ProxyHost         string      `yaml:"proxy-host" default:"127.0.0.1"`
-	Namespaces        []string    `yaml:"namespaces"`
-	AllNamespaces     bool        `yaml:"all-namespaces" default:"false"`
-	IgnoredUserAgents []string    `yaml:"ignored-user-agents"`
-	EnableRedaction   bool        `yaml:"redact" default:"false"`
-	RedactPatterns    struct {
-		RequestHeaders     []string `yaml:"request-headers"`
-		ResponseHeaders    []string `yaml:"response-headers"`
-		RequestBody        []string `yaml:"request-body"`
-		ResponseBody       []string `yaml:"response-body"`
-		RequestQueryParams []string `yaml:"request-query-params"`
-	} `yaml:"redact-patterns"`
+	Hub                   HubConfig        `yaml:"hub"`
+	Front                 FrontConfig      `yaml:"front"`
+	DockerRegistry        string           `yaml:"docker-registry" default:"docker.io/kubeshark"`
+	DockerTag             string           `yaml:"docker-tag" default:"latest"`
+	PodRegexStr           string           `yaml:"regex" default:".*"`
+	ProxyHost             string           `yaml:"proxy-host" default:"127.0.0.1"`
+	Namespaces            []string         `yaml:"namespaces"`
+	AllNamespaces         bool             `yaml:"all-namespaces" default:"false"`
+	IgnoredUserAgents     []string         `yaml:"ignored-user-agents"`
 	HumanMaxEntriesDBSize string           `yaml:"max-entries-db-size" default:"200MB"`
-	InsertionFilter       string           `yaml:"insertion-filter" default:""`
 	DryRun                bool             `yaml:"dry-run" default:"false"`
 	HubResources          models.Resources `yaml:"hub-resources"`
 	WorkerResources       models.Resources `yaml:"worker-resources"`
@@ -78,61 +63,6 @@ func (config *TapConfig) MaxEntriesDBSizeBytes() int64 {
 	return maxEntriesDBSizeBytes
 }
 
-func (config *TapConfig) GetInsertionFilter() string {
-	insertionFilter := config.InsertionFilter
-	if fs.ValidPath(insertionFilter) {
-		if _, err := os.Stat(insertionFilter); err == nil {
-			b, err := os.ReadFile(insertionFilter)
-			if err != nil {
-				log.Warn().Err(err).Str("insertion-filter-path", insertionFilter).Msg("Couldn't read the file! Defaulting to string.")
-			} else {
-				insertionFilter = string(b)
-			}
-		}
-	}
-
-	redactFilter := getRedactFilter(config)
-	if insertionFilter != "" && redactFilter != "" {
-		log.Info().Str("filter", insertionFilter).Msg("Using insertion filter:")
-		return fmt.Sprintf("(%s) and (%s)", insertionFilter, redactFilter)
-	} else if insertionFilter == "" && redactFilter != "" {
-		return redactFilter
-	}
-
-	return insertionFilter
-}
-
-func getRedactFilter(config *TapConfig) string {
-	if !config.EnableRedaction {
-		return ""
-	}
-
-	var redactValues []string
-	for _, requestHeader := range config.RedactPatterns.RequestHeaders {
-		redactValues = append(redactValues, fmt.Sprintf("request.headers['%s']", requestHeader))
-	}
-	for _, responseHeader := range config.RedactPatterns.ResponseHeaders {
-		redactValues = append(redactValues, fmt.Sprintf("response.headers['%s']", responseHeader))
-	}
-
-	for _, requestBody := range config.RedactPatterns.RequestBody {
-		redactValues = append(redactValues, fmt.Sprintf("request.postData.text.json()...%s", requestBody))
-	}
-	for _, responseBody := range config.RedactPatterns.ResponseBody {
-		redactValues = append(redactValues, fmt.Sprintf("response.content.text.json()...%s", responseBody))
-	}
-
-	for _, requestQueryParams := range config.RedactPatterns.RequestQueryParams {
-		redactValues = append(redactValues, fmt.Sprintf("request.queryString['%s']", requestQueryParams))
-	}
-
-	if len(redactValues) == 0 {
-		return ""
-	}
-
-	return fmt.Sprintf("redact(\"%s\")", strings.Join(redactValues, "\",\""))
-}
-
 func (config *TapConfig) Validate() error {
 	_, compileErr := regexp.Compile(config.PodRegexStr)
 	if compileErr != nil {