hoss-agent 1.0.7

data/lib/hoss/transport/connection/http.rb

@@ -0,0 +1,139 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+require 'hoss/transport/connection/proxy_pipe'
+
+module Hoss
+  module Transport
+    class Connection
+      # @api private
+      class Http
+        include Logging
+
+        def initialize(config, headers: nil)
+          @config = config
+          @headers = headers || Headers.new(config)
+          @client = build_client
+          @closed = Concurrent::AtomicBoolean.new(true)
+        end
+
+        def open(url)
+          @closed.make_false
+          @rd, @wr = ProxyPipe.pipe(compress: @config.http_compression?)
+          @request = open_request_in_thread(url)
+        end
+
+        def self.open(config, url)
+          new(config).tap do |http|
+            http.open(url)
+          end
+        end
+
+        def post(url, body: nil, headers: nil)
+          request(:post, url, body: body, headers: headers)
+        end
+
+        def get(url, headers: nil)
+          request(:get, url, headers: headers)
+        end
+
+        def request(method, url, body: nil, headers: nil)
+          @client.send(
+            method,
+            url,
+            body: body,
+            headers: (headers ? @headers.merge(headers) : @headers).to_h,
+            ssl_context: @config.ssl_context
+          ).flush
+        end
+
+        def write(str)
+          @wr.write(str)
+          @wr.bytes_sent
+        end
+
+        def close(reason)
+          return if closed?
+
+          debug '%s: Closing request with reason %s', thread_str, reason
+          @closed.make_true
+
+          @wr&.close(reason)
+          return if @request.nil? || @request&.join(5)
+
+          error(
+            '%s: APM Server not responding in time, terminating request',
+            thread_str
+          )
+          @request.kill
+        end
+
+        def closed?
+          @closed.true?
+        end
+
+        def inspect
+          format(
+            '%s closed: %s>',
+            super.split.first,
+            closed?
+          )
+        end
+
+        private
+
+        def thread_str
+          format('[THREAD:%s]', Thread.current.object_id)
+        end
+
+        def open_request_in_thread(url)
+          debug '%s: Opening new request', thread_str
+          Thread.new do
+            begin
+              resp = post(url, body: @rd, headers: @headers.chunked.to_h)
+
+              if resp&.status == 202
+                debug 'APM Server responded with status 202'
+              elsif resp
+                error "APM Server responded with an error:\n%p", resp.body.to_s
+              end
+            rescue Exception => e
+              error(
+                "Couldn't establish connection to APM Server:\n%p", e.inspect
+              )
+            end
+          end
+        end
+
+        def build_client
+          client = HTTP.headers(@headers)
+          return client unless @config.proxy_address && @config.proxy_port
+
+          client.via(
+            @config.proxy_address,
+            @config.proxy_port,
+            @config.proxy_username,
+            @config.proxy_password,
+            @config.proxy_headers
+          )
+        end
+      end
+    end
+  end
+end

data/lib/hoss/transport/connection/proxy_pipe.rb

@@ -0,0 +1,94 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+module Hoss
+  module Transport
+    class Connection
+      # @api private
+      class ProxyPipe
+        def initialize(enc = nil, compress: true)
+          rd, wr = IO.pipe(enc)
+
+          @read = rd
+          @write = Write.new(wr, compress: compress)
+
+          # Http.rb<4 calls rewind on the request bodies, but IO::Pipe raises
+          # ~mikker
+          return if HTTP::VERSION.to_i >= 4
+          def rd.rewind; end
+        end
+
+        attr_reader :read, :write
+
+        # @api private
+        class Write
+          include Logging
+
+          def initialize(io, compress: true)
+            @io = io
+            @compress = compress
+            @bytes_sent = Concurrent::AtomicFixnum.new(0)
+            @config = Hoss.agent&.config # this is silly, fix Logging
+
+            return unless compress
+            enable_compression!
+            ObjectSpace.define_finalizer(self, self.class.finalize(@io))
+          end
+
+          def self.finalize(io)
+            proc { io.close }
+          end
+
+          attr_reader :io
+
+          def enable_compression!
+            io.binmode
+            @io = Zlib::GzipWriter.new(io)
+          end
+
+          def close(reason = nil)
+            debug("Closing writer with reason #{reason}")
+            io.close
+          end
+
+          def closed?
+            io.closed?
+          end
+
+          def write(str)
+            io.puts(str).tap do
+              @bytes_sent.update do |curr|
+                @compress ? io.tell : curr + str.bytesize
+              end
+            end
+          end
+
+          def bytes_sent
+            @bytes_sent.value
+          end
+        end
+
+        def self.pipe(**args)
+          pipe = new(**args)
+          [pipe.read, pipe.write]
+        end
+      end
+    end
+  end
+end

data/lib/hoss/transport/filters.rb

@@ -0,0 +1,60 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+require 'hoss/transport/filters/secrets_filter'
+
+module Hoss
+  module Transport
+    # @api private
+    module Filters
+      SKIP = :skip
+
+      def self.new(config)
+        Container.new(config)
+      end
+
+      # @api private
+      class Container
+        def initialize(config)
+          @filters = { secrets: SecretsFilter.new(config) }
+        end
+
+        def add(key, filter)
+          @filters = @filters.merge(key => filter)
+        end
+
+        def remove(key)
+          @filters.delete(key)
+        end
+
+        def apply!(payload)
+          @filters.reduce(payload) do |result, (_key, filter)|
+            result = filter.call(result)
+            break SKIP if result.nil?
+            result
+          end
+        end
+
+        def length
+          @filters.length
+        end
+      end
+    end
+  end
+end

data/lib/hoss/transport/filters/hash_sanitizer.rb

@@ -0,0 +1,77 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+module Hoss
+  module Transport
+    module Filters
+      class HashSanitizer
+        FILTERED = '[FILTERED]'
+
+        KEY_FILTERS = [
+          /passw(or)?d/i,
+          /auth/i,
+          /^pw$/,
+          /secret/i,
+          /token/i,
+          /api[-._]?key/i,
+          /session[-._]?id/i,
+          /(set[-_])?cookie/i
+        ].freeze
+
+        VALUE_FILTERS = [
+          # (probably) credit card number
+          /^\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}$/
+        ].freeze
+
+        attr_accessor :key_filters
+
+        def initialize
+          @key_filters = KEY_FILTERS
+        end
+
+        def strip_from!(obj, key_filters = KEY_FILTERS)
+          return unless obj&.is_a?(Hash)
+
+          obj.each do |k, v|
+            if filter_key?(k)
+              next obj[k] = FILTERED
+            end
+
+            case v
+            when Hash
+              strip_from!(v)
+            when String
+              if filter_value?(v)
+                obj[k] = FILTERED
+              end
+            end
+          end
+        end
+
+        def filter_key?(key)
+          @key_filters.any? { |regex| regex.match(key) }
+        end
+
+        def filter_value?(value)
+          VALUE_FILTERS.any? { |regex| regex.match(value) }
+        end
+      end
+    end
+  end
+end

data/lib/hoss/transport/filters/secrets_filter.rb

@@ -0,0 +1,48 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+require 'hoss/transport/filters/hash_sanitizer'
+
+module Hoss
+  module Transport
+    module Filters
+      # @api private
+      class SecretsFilter
+        def initialize(config)
+          @config = config
+          @sanitizer = HashSanitizer.new
+          @sanitizer.key_filters += config.custom_key_filters +
+                                     config.sanitize_field_names
+        end
+
+        def call(payload)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :headers)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :env)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :cookies)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :response, :headers)
+          @sanitizer.strip_from! payload.dig(:error, :context, :request, :headers)
+          @sanitizer.strip_from! payload.dig(:error, :context, :response, :headers)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :body)
+
+          payload
+        end
+      end
+    end
+  end
+end

data/lib/hoss/transport/headers.rb

@@ -0,0 +1,74 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+module Hoss
+  module Transport
+    # @api private
+    class Headers
+      HEADERS = {
+        'Content-Type' => 'application/x-ndjson',
+        'Transfer-Encoding' => 'chunked'
+      }.freeze
+      GZIP_HEADERS = HEADERS.merge(
+        'Content-Encoding' => 'gzip'
+      ).freeze
+
+      def initialize(config, initial: {})
+        @config = config
+        @hash = build!(initial)
+      end
+
+      attr_accessor :hash
+
+      def [](key)
+        @hash[key]
+      end
+
+      def []=(key, value)
+        @hash[key] = value
+      end
+
+      def merge(other)
+        self.class.new(@config, initial: @hash.merge(other))
+      end
+
+      def merge!(other)
+        @hash.merge!(other)
+        self
+      end
+
+      def to_h
+        @hash
+      end
+
+      def chunked
+        merge(
+          @config.http_compression? ? GZIP_HEADERS : HEADERS
+        )
+      end
+
+      private
+
+      def build!(headers)
+        headers[:'User-Agent'] = UserAgent.new(@config).to_s
+        headers
+      end
+    end
+  end
+end