Support osquery logger_tls_compress flag (#1346)

2026-05-23 17:08:53 +00:00 · 2017-03-03 14:43:11 -08:00 · 2017-03-03 14:43:11 -08:00 · fa84415c13
commit fa84415c13
parent acca55ec74
2 changed files with 84 additions and 14 deletions
--- a/server/service/transport_osquery.go
+++ b/server/service/transport_osquery.go
@ -1,10 +1,12 @@
 package service

 import (
+	"compress/gzip"
 	"encoding/json"
 	"net/http"

 	"github.com/kolide/kolide/server/kolide"
+	"github.com/pkg/errors"

 	"golang.org/x/net/context"
 )
@ -78,9 +80,19 @@ func decodeSubmitDistributedQueryResultsRequest(ctx context.Context, r *http.Req
 }

 func decodeSubmitLogsRequest(ctx context.Context, r *http.Request) (interface{}, error) {
+	var err error
+	body := r.Body
+	if r.Header.Get("content-encoding") == "gzip" {
+		body, err = gzip.NewReader(body)
+		if err != nil {
+			return nil, errors.Wrap(err, "decoding gzip")
+		}
+		defer body.Close()
+	}
+
 	var req submitLogsRequest
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		return nil, err
+	if err = json.NewDecoder(body).Decode(&req); err != nil {
+		return nil, errors.Wrap(err, "decoding JSON")
 	}

 	return req, nil
--- a/server/service/transport_osquery_test.go
+++ b/server/service/transport_osquery_test.go
@ -2,6 +2,7 @@ package service

 import (
 	"bytes"
+	"compress/gzip"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@ -11,13 +12,14 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/kolide/kolide/server/kolide"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestDecodeEnrollAgentRequest(t *testing.T) {
 	router := mux.NewRouter()
-	router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) {
+	router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
 		r, err := decodeEnrollAgentRequest(context.Background(), request)
-		assert.Nil(t, err)
+		require.Nil(t, err)

 		params := r.(enrollAgentRequest)
 		assert.Equal(t, "secret", params.EnrollSecret)
@ -32,15 +34,15 @@ func TestDecodeEnrollAgentRequest(t *testing.T) {

 	router.ServeHTTP(
 		httptest.NewRecorder(),
-		httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body),
+		httptest.NewRequest("POST", "/", &body),
 	)
 }

 func TestDecodeGetClientConfigRequest(t *testing.T) {
 	router := mux.NewRouter()
-	router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) {
+	router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
 		r, err := decodeGetClientConfigRequest(context.Background(), request)
-		assert.Nil(t, err)
+		require.Nil(t, err)

 		params := r.(getClientConfigRequest)
 		assert.Equal(t, "key", params.NodeKey)
@ -53,15 +55,15 @@ func TestDecodeGetClientConfigRequest(t *testing.T) {

 	router.ServeHTTP(
 		httptest.NewRecorder(),
-		httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body),
+		httptest.NewRequest("POST", "/", &body),
 	)
 }

 func TestDecodeGetDistributedQueriesRequest(t *testing.T) {
 	router := mux.NewRouter()
-	router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) {
+	router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
 		r, err := decodeGetDistributedQueriesRequest(context.Background(), request)
-		assert.Nil(t, err)
+		require.Nil(t, err)

 		params := r.(getDistributedQueriesRequest)
 		assert.Equal(t, "key", params.NodeKey)
@ -74,15 +76,15 @@ func TestDecodeGetDistributedQueriesRequest(t *testing.T) {

 	router.ServeHTTP(
 		httptest.NewRecorder(),
-		httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body),
+		httptest.NewRequest("POST", "/", &body),
 	)
 }

 func TestDecodeSubmitDistributedQueryResultsRequest(t *testing.T) {
 	router := mux.NewRouter()
-	router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) {
+	router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
 		r, err := decodeSubmitDistributedQueryResultsRequest(context.Background(), request)
-		assert.Nil(t, err)
+		require.Nil(t, err)

 		params := r.(submitDistributedQueryResultsRequest)
 		assert.Equal(t, "key", params.NodeKey)
@ -119,6 +121,62 @@ func TestDecodeSubmitDistributedQueryResultsRequest(t *testing.T) {

 	router.ServeHTTP(
 		httptest.NewRecorder(),
-		httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body),
+		httptest.NewRequest("POST", "/", &body),
+	)
+}
+
+func TestDecodeSubmitLogsRequest(t *testing.T) {
+	router := mux.NewRouter()
+	router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
+		r, err := decodeSubmitLogsRequest(context.Background(), request)
+		require.Nil(t, err)
+
+		params := r.(submitLogsRequest)
+		assert.Equal(t, "xOCmmaTJJvGRi8prh4kdjkFMyh7K1bXb", params.NodeKey)
+		assert.Equal(t, "status", params.LogType)
+	}).Methods("POST")
+
+	bodyJSON := []byte(`
+            {
+              "node_key":"xOCmmaTJJvGRi8prh4kdjkFMyh7K1bXb",
+              "log_type":"status",
+              "data":[
+                {
+                  "severity":"0",
+                  "filename":"tls.cpp",
+                  "line":"205",
+                  "message":"TLS\/HTTPS POST request to URI: https:\/\/dockerhost:8080\/api\/v1\/osquery\/log",
+                  "version":"2.3.2",
+                  "decorations":{
+                    "host_uuid":"EB714C9D-C1F8-A436-B6DA-3F853C5502EA",
+                    "hostname":"9bed9dc098d9"
+                  }
+                }
+              ]
+            }
+`)
+
+	body := new(bytes.Buffer)
+	_, err := body.Write(bodyJSON)
+	require.Nil(t, err)
+
+	router.ServeHTTP(
+		httptest.NewRecorder(),
+		httptest.NewRequest("POST", "/", body),
+	)
+
+	// Now try gzipped
+	body.Reset()
+	gzWriter := gzip.NewWriter(body)
+	_, err = gzWriter.Write(bodyJSON)
+	require.Nil(t, err)
+	require.Nil(t, gzWriter.Close())
+
+	req := httptest.NewRequest("POST", "/", body)
+	req.Header.Add("Content-Encoding", "gzip")
+
+	router.ServeHTTP(
+		httptest.NewRecorder(),
+		req,
 	)
 }