github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-09 04:19:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update main.go, messageSensitiveDataCleaner.go, and 3 more files...

Browse Source
This commit is contained in:
RamiBerm 2021-06-01 14:27:19 +03:00
parent 4bc16fa0b4
commit 107c2d5b59
5 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/main.go
View File

@ -34,7 +34,7 @@ func main() {
if *standalone { if *standalone {
harOutputChannel := tap.StartPassiveTapper() harOutputChannel := tap.StartPassiveTapper()
filteredHarChannel := make(chan *tap.OutputChannelItem) filteredHarChannel := make(chan *tap.OutputChannelItem)
go filterHarHeaders(harOutputChannel, filteredHarChannel, getFilteringOptions()) go filterHarHeaders(harOutputChannel, filteredHarChannel, getTrafficFilteringOptions())
go api.StartReadingEntries(filteredHarChannel, nil) go api.StartReadingEntries(filteredHarChannel, nil)
hostApi(nil) hostApi(nil)
} else if *shouldTap { } else if *shouldTap {
@ -58,7 +58,7 @@ func main() {
socketHarOutChannel := make(chan *tap.OutputChannelItem, 1000) socketHarOutChannel := make(chan *tap.OutputChannelItem, 1000)
filteredHarChannel := make(chan *tap.OutputChannelItem) filteredHarChannel := make(chan *tap.OutputChannelItem)
go api.StartReadingEntries(filteredHarChannel, nil) go api.StartReadingEntries(filteredHarChannel, nil)
go filterHarHeaders(socketHarOutChannel, filteredHarChannel, getFilteringOptions()) go filterHarHeaders(socketHarOutChannel, filteredHarChannel, getTrafficFilteringOptions())
hostApi(socketHarOutChannel) hostApi(socketHarOutChannel)
} }
@ -101,21 +101,21 @@ func getTapTargets() []string {
return tappedAddressesPerNodeDict[nodeName] return tappedAddressesPerNodeDict[nodeName]
} }
func getFilteringOptions() *shared.FilteringOptions { func getTrafficFilteringOptions() *shared.TrafficFilteringOptions {
filteringOptionsJson := os.Getenv(shared.MizuFilteringOptionsEnvVar) filteringOptionsJson := os.Getenv(shared.MizuFilteringOptionsEnvVar)
if filteringOptionsJson == "" { if filteringOptionsJson == "" {
return nil return nil
} }
var filteringOptions shared.FilteringOptions var filteringOptions shared.TrafficFilteringOptions
err := json.Unmarshal([]byte(filteringOptionsJson), &filteringOptions) err := json.Unmarshal([]byte(filteringOptionsJson), &filteringOptions)
if err != nil { if err != nil {
panic(fmt.Sprintf("env var %s's value of %s is invalid! json must match the shared.FilteringOptions struct %v", shared.MizuFilteringOptionsEnvVar, filteringOptionsJson, err)) panic(fmt.Sprintf("env var %s's value of %s is invalid! json must match the shared.TrafficFilteringOptions struct %v", shared.MizuFilteringOptionsEnvVar, filteringOptionsJson, err))
} }
return &filteringOptions return &filteringOptions
} }
func filterHarHeaders(inChannel <- chan *tap.OutputChannelItem, outChannel chan *tap.OutputChannelItem, filterOptions *shared.FilteringOptions) { func filterHarHeaders(inChannel <- chan *tap.OutputChannelItem, outChannel chan *tap.OutputChannelItem, filterOptions *shared.TrafficFilteringOptions) {
for message := range inChannel { for message := range inChannel {
sensitiveDataFiltering.FilterSensitiveInfoFromHarRequest(message, filterOptions) sensitiveDataFiltering.FilterSensitiveInfoFromHarRequest(message, filterOptions)
outChannel <- message outChannel <- message

10
api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go
View File

@ -12,7 +12,7 @@ import (
"github.com/google/martian/har" "github.com/google/martian/har"
) )
func FilterSensitiveInfoFromHarRequest(harOutputItem *tap.OutputChannelItem, options *shared.FilteringOptions) { func FilterSensitiveInfoFromHarRequest(harOutputItem *tap.OutputChannelItem, options *shared.TrafficFilteringOptions) {
filterHarHeaders(harOutputItem.HarEntry.Request.Headers) filterHarHeaders(harOutputItem.HarEntry.Request.Headers)
filterHarHeaders(harOutputItem.HarEntry.Response.Headers) filterHarHeaders(harOutputItem.HarEntry.Response.Headers)
@ -74,7 +74,7 @@ func isFieldNameSensitive(fieldName string) bool {
return false return false
} }
func filterHttpBody(bytes []byte, contentType string, options *shared.FilteringOptions) ([]byte, error) { func filterHttpBody(bytes []byte, contentType string, options *shared.TrafficFilteringOptions) ([]byte, error) {
mimeType := strings.Split(contentType, ";")[0] mimeType := strings.Split(contentType, ";")[0]
switch strings.ToLower(mimeType) { switch strings.ToLower(mimeType) {
case "application/json": case "application/json":
@ -88,15 +88,15 @@ func filterHttpBody(bytes []byte, contentType string, options *shared.FilteringO
case "application/xml": case "application/xml":
return filterXmlEtree(bytes) return filterXmlEtree(bytes)
case "text/plain": case "text/plain":
if options != nil && options.PlainTextFilterRegexes != nil { if options != nil && options.PlainTextMaskingRegexes != nil {
return filterPlainText(bytes, options), nil return filterPlainText(bytes, options), nil
} }
} }
return bytes, nil return bytes, nil
} }
func filterPlainText(bytes []byte, options *shared.FilteringOptions) []byte { func filterPlainText(bytes []byte, options *shared.TrafficFilteringOptions) []byte {
for _, regex := range options.PlainTextFilterRegexes { for _, regex := range options.PlainTextMaskingRegexes {
bytes = regex.ReplaceAll(bytes, []byte(maskedFieldPlaceholderValue)) bytes = regex.ReplaceAll(bytes, []byte(maskedFieldPlaceholderValue))
} }
return bytes return bytes

8
cli/cmd/tapRunner.go
View File

@ -62,7 +62,7 @@ func RunMizuTap(podRegexQuery *regexp.Regexp, tappingOptions *MizuTapOptions) {
// TODO handle incoming traffic from tapper using a channel // TODO handle incoming traffic from tapper using a channel
} }
func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.FilteringOptions) error { func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.TrafficFilteringOptions) error {
if err := createMizuAggregator(ctx, kubernetesProvider, tappingOptions, mizuApiFilteringOptions); err != nil { if err := createMizuAggregator(ctx, kubernetesProvider, tappingOptions, mizuApiFilteringOptions); err != nil {
return err return err
} }
@ -74,7 +74,7 @@ func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Pro
return nil return nil
} }
func createMizuAggregator(ctx context.Context, kubernetesProvider *kubernetes.Provider, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.FilteringOptions) error { func createMizuAggregator(ctx context.Context, kubernetesProvider *kubernetes.Provider, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.TrafficFilteringOptions) error {
var err error var err error
mizuServiceAccountExists = createRBACIfNecessary(ctx, kubernetesProvider) mizuServiceAccountExists = createRBACIfNecessary(ctx, kubernetesProvider)
@ -93,7 +93,7 @@ func createMizuAggregator(ctx context.Context, kubernetesProvider *kubernetes.Pr
return nil return nil
} }
func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.FilteringOptions, error) { func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.TrafficFilteringOptions, error) {
if tappingOptions.PlainTextFilterRegexes == nil || len(tappingOptions.PlainTextFilterRegexes) == 0 { if tappingOptions.PlainTextFilterRegexes == nil || len(tappingOptions.PlainTextFilterRegexes) == 0 {
return nil, nil return nil, nil
} }
@ -108,7 +108,7 @@ func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.Filteri
compiledRegexSlice = append(compiledRegexSlice, compiledRegex) compiledRegexSlice = append(compiledRegexSlice, compiledRegex)
} }
return &shared.FilteringOptions{PlainTextFilterRegexes: compiledRegexSlice}, nil return &shared.TrafficFilteringOptions{PlainTextMaskingRegexes: compiledRegexSlice}, nil
} }
func createMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions) error { func createMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions) error {

2
cli/kubernetes/provider.go
View File

@ -86,7 +86,7 @@ func (provider *Provider) GetPods(ctx context.Context, namespace string) {
fmt.Printf("There are %d pods in Namespace %s\n", len(pods.Items), namespace) fmt.Printf("There are %d pods in Namespace %s\n", len(pods.Items), namespace)
} }
func (provider *Provider) CreateMizuAggregatorPod(ctx context.Context, namespace string, podName string, podImage string, linkServiceAccount bool, mizuApiFilteringOptions *shared.FilteringOptions) (*core.Pod, error) { func (provider *Provider) CreateMizuAggregatorPod(ctx context.Context, namespace string, podName string, podImage string, linkServiceAccount bool, mizuApiFilteringOptions *shared.TrafficFilteringOptions) (*core.Pod, error) {
marshaledFilteringOptions, err := json.Marshal(mizuApiFilteringOptions) marshaledFilteringOptions, err := json.Marshal(mizuApiFilteringOptions)
if err != nil { if err != nil {
return nil, err return nil, err

4
shared/models.go
View File

@ -34,6 +34,6 @@ func CreateWebSocketStatusMessage(tappingStatus TapStatus) WebSocketStatusMessag
} }
} }
type FilteringOptions struct { type TrafficFilteringOptions struct {
PlainTextFilterRegexes []*SerializableRegexp PlainTextMaskingRegexes []*SerializableRegexp
} }