Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add logging middleware for server #785

Merged
merged 5 commits into from
May 31, 2021
Merged

Conversation

devang-gaur
Copy link
Contributor

fixes #784

@devang-gaur
Copy link
Contributor Author

Here's how the logs look :

./bin/terrascan server
2021-05-18T18:33:14.591+0530	info	http-server/start.go:61	registering routes...
2021-05-18T18:33:14.591+0530	info	http-server/start.go:65	Route GET - /health
2021-05-18T18:33:14.591+0530	info	http-server/start.go:65	Route POST - /v1/{iac}/{iacVersion}/{cloud}/local/file/scan
2021-05-18T18:33:14.591+0530	info	http-server/start.go:65	Route POST - /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan
2021-05-18T18:33:14.591+0530	info	http-server/start.go:65	Route GET - /k8s/webhooks/{apiKey}/logs
2021-05-18T18:33:14.591+0530	info	http-server/start.go:65	Route GET - /k8s/webhooks/logs/{uid}
2021-05-18T18:33:14.592+0530	info	http-server/start.go:65	Route POST - /v1/k8s/webhooks/{apiKey}/scan/validate
2021-05-18T18:33:14.592+0530	info	http-server/start.go:95	http server listening at port 9010
2021-05-18T18:33:19.345+0530	info	logging/logwriter.go:25	::1 - - "GET /health HTTP/1.1" 200 0
2021-05-18T18:33:42.464+0530	info	logging/logwriter.go:25	::1 - - "GET /health HTTP/1.1" 200 0
2021-05-18T18:33:53.427+0530	info	logging/logwriter.go:25	::1 - - "GET /health HTTP/1.1" 200 0
2021-05-18T18:34:01.815+0530	info	logging/logwriter.go:25	::1 - - "GET / HTTP/1.1" 404 0

In JSON fomat :

./bin/terrascan server --log-type json
{"level":"info","time":"2021-05-18T18:34:47.494+0530","file":"http-server/start.go:61","msg":"registering routes..."}
{"level":"info","time":"2021-05-18T18:34:47.494+0530","file":"http-server/start.go:65","msg":"Route GET - /health"}
{"level":"info","time":"2021-05-18T18:34:47.494+0530","file":"http-server/start.go:65","msg":"Route POST - /v1/{iac}/{iacVersion}/{cloud}/local/file/scan"}
{"level":"info","time":"2021-05-18T18:34:47.494+0530","file":"http-server/start.go:65","msg":"Route POST - /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan"}
{"level":"info","time":"2021-05-18T18:34:47.494+0530","file":"http-server/start.go:65","msg":"Route GET - /k8s/webhooks/{apiKey}/logs"}
{"level":"info","time":"2021-05-18T18:34:47.494+0530","file":"http-server/start.go:65","msg":"Route GET - /k8s/webhooks/logs/{uid}"}
{"level":"info","time":"2021-05-18T18:34:47.495+0530","file":"http-server/start.go:65","msg":"Route POST - /v1/k8s/webhooks/{apiKey}/scan/validate"}
{"level":"info","time":"2021-05-18T18:34:47.495+0530","file":"http-server/start.go:95","msg":"http server listening at port 9010"}
{"level":"info","time":"2021-05-18T18:34:52.123+0530","file":"logging/logwriter.go:25","msg":"::1 - - \"GET /health HTTP/1.1\" 200 0"}
{"level":"info","time":"2021-05-18T18:34:53.262+0530","file":"logging/logwriter.go:25","msg":"::1 - - \"GET /health HTTP/1.1\" 200 0"}
{"level":"info","time":"2021-05-18T18:34:54.702+0530","file":"logging/logwriter.go:25","msg":"::1 - - \"GET /health HTTP/1.1\" 200 0"}
{"level":"info","time":"2021-05-18T18:35:01.599+0530","file":"logging/logwriter.go:25","msg":"::1 - - \"GET / HTTP/1.1\" 404 0"}
{"level":"info","time":"2021-05-18T18:35:03.543+0530","file":"logging/logwriter.go:25","msg":"::1 - - \"GET / HTTP/1.1\" 404 0"}
{"level":"info","time":"2021-05-18T18:35:10.529+0530","file":"logging/logwriter.go:25","msg":"::1 - - \"GET /health HTTP/1.1\" 200 0"}

@devang-gaur devang-gaur changed the title added logging middleware add logging middleware May 18, 2021
@devang-gaur devang-gaur changed the title add logging middleware add logging middleware for incoming http(s) requests on server May 18, 2021
@devang-gaur devang-gaur changed the title add logging middleware for incoming http(s) requests on server add logging middleware for server May 18, 2021
@codecov
Copy link

codecov bot commented May 18, 2021

Codecov Report

Merging #785 (1282b93) into master (fafdda4) will decrease coverage by 0.21%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #785      +/-   ##
==========================================
- Coverage   75.20%   74.99%   -0.22%     
==========================================
  Files         112      113       +1     
  Lines        3453     3463      +10     
==========================================
  Hits         2597     2597              
- Misses        665      675      +10     
  Partials      191      191              
Impacted Files Coverage Δ
pkg/http-server/start.go 0.00% <0.00%> (ø)
pkg/utils/http/response.go 0.00% <0.00%> (ø)

go.mod Show resolved Hide resolved
@@ -54,14 +56,20 @@ func (g *APIServer) start(routes []*Route, port, certFile, privateKeyFile string
router = mux.NewRouter() // new router
)

logWriter := logging.GetLogWriter(logger)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering, why do we need a separate logwriter? The already created logger won't help in this case?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the logwriter consumes the logger.

logger object doesn't implement the Writer interface. so had to create a logwriter object that does.

pkg/utils/http/response.go Show resolved Hide resolved
pkg/logging/logwriter.go Outdated Show resolved Hide resolved
return buf
}

// WriteRequestLog logs an http(s) request to a write object
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if gorillaHandlers should be a part of the logging package? Looks more like a candiate for http utils.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but its logging :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the log formatter which is used by the gorilla handler would be only writing http(s) logs. So, I agree with @kanchwala-yusuf.
the log formatter (if required) can be moved.

// buildCommonLogLine builds a log entry for req in Apache Common Log Format.
// ts is the timestamp with which the entry should be logged.
// status and size are used to provide the response HTTP status and size.
func buildCommonLogLine(req *http.Request, url url.URL, ts time.Time, status int, size int) []byte {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This functions accepts a var of type time.Time but never uses it.

}

router.NotFoundHandler = gorillaHandlers.CustomLoggingHandler(logWriter, http.HandlerFunc(httputils.NotFound), logging.WriteRequestLog)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was the sole purpose of using a custom logging handler to remove the timestamp that is logged by the default log formatter provided by gorilla handlers?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nope. its more than that. its apache standard http server log format.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I asked is because, it seems to be the only difference between the default log formatter and the log formatter you have implemented. Can you please check once?
https://github.com/gorilla/handlers/blob/master/logging.go#L144

buf = append(buf, ` "`...)
buf = append(buf, req.Method...)
buf = append(buf, " "...)
buf = append(buf, uri...)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the log writer only logs at the info level, we would end up logging the webhook apikey at info level. Is that expected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch. @kanchwala-yusuf wdyt? would that we severe security threat?

@devang-gaur
Copy link
Contributor Author

Updated the PR as per the reviews. PTAL

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@devang-gaur
Copy link
Contributor Author

This is how the logging output looks now.
image

@devang-gaur devang-gaur merged commit 0ed8ef7 into tenable:master May 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add a middleware to log incoming http(s) requests on terrascan server
3 participants