From fa84415c13dd388601d5a41ce4e633ab742288c5 Mon Sep 17 00:00:00 2001 From: Zachary Wasserman Date: Fri, 3 Mar 2017 14:43:11 -0800 Subject: [PATCH] Support osquery logger_tls_compress flag (#1346) --- server/service/transport_osquery.go | 16 ++++- server/service/transport_osquery_test.go | 82 ++++++++++++++++++++---- 2 files changed, 84 insertions(+), 14 deletions(-) diff --git a/server/service/transport_osquery.go b/server/service/transport_osquery.go index 7368c5dcc2..698fcd112b 100644 --- a/server/service/transport_osquery.go +++ b/server/service/transport_osquery.go @@ -1,10 +1,12 @@ package service import ( + "compress/gzip" "encoding/json" "net/http" "github.com/kolide/kolide/server/kolide" + "github.com/pkg/errors" "golang.org/x/net/context" ) @@ -78,9 +80,19 @@ func decodeSubmitDistributedQueryResultsRequest(ctx context.Context, r *http.Req } func decodeSubmitLogsRequest(ctx context.Context, r *http.Request) (interface{}, error) { + var err error + body := r.Body + if r.Header.Get("content-encoding") == "gzip" { + body, err = gzip.NewReader(body) + if err != nil { + return nil, errors.Wrap(err, "decoding gzip") + } + defer body.Close() + } + var req submitLogsRequest - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - return nil, err + if err = json.NewDecoder(body).Decode(&req); err != nil { + return nil, errors.Wrap(err, "decoding JSON") } return req, nil diff --git a/server/service/transport_osquery_test.go b/server/service/transport_osquery_test.go index 33e4a9c3ee..9aa3aa072c 100644 --- a/server/service/transport_osquery_test.go +++ b/server/service/transport_osquery_test.go @@ -2,6 +2,7 @@ package service import ( "bytes" + "compress/gzip" "net/http" "net/http/httptest" "testing" @@ -11,13 +12,14 @@ import ( "github.com/gorilla/mux" "github.com/kolide/kolide/server/kolide" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestDecodeEnrollAgentRequest(t *testing.T) { router := mux.NewRouter() - router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) { + router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { r, err := decodeEnrollAgentRequest(context.Background(), request) - assert.Nil(t, err) + require.Nil(t, err) params := r.(enrollAgentRequest) assert.Equal(t, "secret", params.EnrollSecret) @@ -32,15 +34,15 @@ func TestDecodeEnrollAgentRequest(t *testing.T) { router.ServeHTTP( httptest.NewRecorder(), - httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body), + httptest.NewRequest("POST", "/", &body), ) } func TestDecodeGetClientConfigRequest(t *testing.T) { router := mux.NewRouter() - router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) { + router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { r, err := decodeGetClientConfigRequest(context.Background(), request) - assert.Nil(t, err) + require.Nil(t, err) params := r.(getClientConfigRequest) assert.Equal(t, "key", params.NodeKey) @@ -53,15 +55,15 @@ func TestDecodeGetClientConfigRequest(t *testing.T) { router.ServeHTTP( httptest.NewRecorder(), - httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body), + httptest.NewRequest("POST", "/", &body), ) } func TestDecodeGetDistributedQueriesRequest(t *testing.T) { router := mux.NewRouter() - router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) { + router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { r, err := decodeGetDistributedQueriesRequest(context.Background(), request) - assert.Nil(t, err) + require.Nil(t, err) params := r.(getDistributedQueriesRequest) assert.Equal(t, "key", params.NodeKey) @@ -74,15 +76,15 @@ func TestDecodeGetDistributedQueriesRequest(t *testing.T) { router.ServeHTTP( httptest.NewRecorder(), - httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body), + httptest.NewRequest("POST", "/", &body), ) } func TestDecodeSubmitDistributedQueryResultsRequest(t *testing.T) { router := mux.NewRouter() - router.HandleFunc("/api/v1/osquery/enroll", func(writer http.ResponseWriter, request *http.Request) { + router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { r, err := decodeSubmitDistributedQueryResultsRequest(context.Background(), request) - assert.Nil(t, err) + require.Nil(t, err) params := r.(submitDistributedQueryResultsRequest) assert.Equal(t, "key", params.NodeKey) @@ -119,6 +121,62 @@ func TestDecodeSubmitDistributedQueryResultsRequest(t *testing.T) { router.ServeHTTP( httptest.NewRecorder(), - httptest.NewRequest("POST", "/api/v1/osquery/enroll", &body), + httptest.NewRequest("POST", "/", &body), + ) +} + +func TestDecodeSubmitLogsRequest(t *testing.T) { + router := mux.NewRouter() + router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { + r, err := decodeSubmitLogsRequest(context.Background(), request) + require.Nil(t, err) + + params := r.(submitLogsRequest) + assert.Equal(t, "xOCmmaTJJvGRi8prh4kdjkFMyh7K1bXb", params.NodeKey) + assert.Equal(t, "status", params.LogType) + }).Methods("POST") + + bodyJSON := []byte(` + { + "node_key":"xOCmmaTJJvGRi8prh4kdjkFMyh7K1bXb", + "log_type":"status", + "data":[ + { + "severity":"0", + "filename":"tls.cpp", + "line":"205", + "message":"TLS\/HTTPS POST request to URI: https:\/\/dockerhost:8080\/api\/v1\/osquery\/log", + "version":"2.3.2", + "decorations":{ + "host_uuid":"EB714C9D-C1F8-A436-B6DA-3F853C5502EA", + "hostname":"9bed9dc098d9" + } + } + ] + } +`) + + body := new(bytes.Buffer) + _, err := body.Write(bodyJSON) + require.Nil(t, err) + + router.ServeHTTP( + httptest.NewRecorder(), + httptest.NewRequest("POST", "/", body), + ) + + // Now try gzipped + body.Reset() + gzWriter := gzip.NewWriter(body) + _, err = gzWriter.Write(bodyJSON) + require.Nil(t, err) + require.Nil(t, gzWriter.Close()) + + req := httptest.NewRequest("POST", "/", body) + req.Header.Add("Content-Encoding", "gzip") + + router.ServeHTTP( + httptest.NewRecorder(), + req, ) }