Added a watch_json() plugin (Velocidex#3298)

This is based on the watch_syslog() plugin. Also added tests and bugfixes to watch_syslog() Also suppress detailed errors to non-API HTTP requests like the public directory handler.
Genio40921 · Feb 19, 2024 · 16287fa · 16287fa
1 parent 9133e74
commit 16287fa
Show file tree

Hide file tree

Showing 17 changed files with 920 additions and 325 deletions.
diff --git a/api/authenticators/logging.go b/api/authenticators/logging.go
@@ -10,29 +10,9 @@ import (
 	"www.velocidex.com/golang/velociraptor/constants"
 	"www.velocidex.com/golang/velociraptor/json"
 	"www.velocidex.com/golang/velociraptor/logging"
+	http_utils "www.velocidex.com/golang/velociraptor/utils/http"
 )
 
-// Record the status of the request so we can log it.
-type statusRecorder struct {
-	http.ResponseWriter
-	http.Flusher
-	status int
-	error  []byte
-}
-
-func (self *statusRecorder) WriteHeader(code int) {
-	self.status = code
-	self.ResponseWriter.WriteHeader(code)
-}
-
-func (self *statusRecorder) Write(buf []byte) (int, error) {
-	if self.status == 500 {
-		self.error = buf
-	}
-
-	return self.ResponseWriter.Write(buf)
-}
-
 func GetUserInfo(ctx context.Context,
 	config_obj *config_proto.Config) *api_proto.VelociraptorUser {
 	result := &api_proto.VelociraptorUser{}
@@ -51,22 +31,23 @@ func GetUserInfo(ctx context.Context,
 
 func GetLoggingHandler(config_obj *config_proto.Config) func(http.Handler) http.Handler {
 	logger := logging.GetLogger(config_obj, &logging.GUIComponent)
+
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			rec := &statusRecorder{
+			rec := &http_utils.StatusRecorder{
 				w,
 				w.(http.Flusher),
 				200, nil}
 			defer func() {
-				if rec.status == 500 {
+				if rec.Status == 500 {
 					logger.WithFields(
 						logrus.Fields{
 							"method":     r.Method,
 							"url":        r.URL.Path,
 							"remote":     r.RemoteAddr,
-							"error":      string(rec.error),
+							"error":      string(rec.Error),
 							"user-agent": r.UserAgent(),
-							"status":     rec.status,
+							"status":     rec.Status,
 							"user": GetUserInfo(
 								r.Context(), config_obj).Name,
 						}).Error("")
@@ -78,7 +59,7 @@ func GetLoggingHandler(config_obj *config_proto.Config) func(http.Handler) http.
 							"url":        r.URL.Path,
 							"remote":     r.RemoteAddr,
 							"user-agent": r.UserAgent(),
-							"status":     rec.status,
+							"status":     rec.Status,
 							"user": GetUserInfo(
 								r.Context(), config_obj).Name,
 						}).Info("")

diff --git a/api/handlers.go b/api/handlers.go
@@ -27,29 +27,9 @@ import (
 	"www.velocidex.com/golang/velociraptor/constants"
 	"www.velocidex.com/golang/velociraptor/json"
 	"www.velocidex.com/golang/velociraptor/logging"
+	http_utils "www.velocidex.com/golang/velociraptor/utils/http"
 )
 
-// Record the status of the request so we can log it.
-type statusRecorder struct {
-	http.ResponseWriter
-	http.Flusher
-	status int
-	error  []byte
-}
-
-func (self *statusRecorder) WriteHeader(code int) {
-	self.status = code
-	self.ResponseWriter.WriteHeader(code)
-}
-
-func (self *statusRecorder) Write(buf []byte) (int, error) {
-	if self.status == 500 {
-		self.error = buf
-	}
-
-	return self.ResponseWriter.Write(buf)
-}
-
 func GetUserInfo(ctx context.Context,
 	config_obj *config_proto.Config) *api_proto.VelociraptorUser {
 	result := &api_proto.VelociraptorUser{}
@@ -70,20 +50,20 @@ func GetLoggingHandler(config_obj *config_proto.Config) func(http.Handler) http.
 	logger := logging.GetLogger(config_obj, &logging.GUIComponent)
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			rec := &statusRecorder{
+			rec := &http_utils.StatusRecorder{
 				w,
 				w.(http.Flusher),
 				200, nil}
 			defer func() {
-				if rec.status == 500 {
+				if rec.Status == 500 {
 					logger.WithFields(
 						logrus.Fields{
 							"method":     r.Method,
 							"url":        r.URL.Path,
 							"remote":     r.RemoteAddr,
-							"error":      string(rec.error),
+							"error":      string(rec.Error),
 							"user-agent": r.UserAgent(),
-							"status":     rec.status,
+							"status":     rec.Status,
 							"user": GetUserInfo(
 								r.Context(), config_obj).Name,
 						}).Error("")
@@ -95,7 +75,7 @@ func GetLoggingHandler(config_obj *config_proto.Config) func(http.Handler) http.
 							"url":        r.URL.Path,
 							"remote":     r.RemoteAddr,
 							"user-agent": r.UserAgent(),
-							"status":     rec.status,
+							"status":     rec.Status,
 							"user": GetUserInfo(
 								r.Context(), config_obj).Name,
 						}).Info("")

diff --git a/bin/debug.go b/bin/debug.go
@@ -309,6 +309,8 @@ func handleIndex(w http.ResponseWriter, r *http.Request) {
 
 func initDebugServer(config_obj *config_proto.Config) error {
 	if *debug_flag {
+		config_obj.DebugMode = true
+
 		logger := logging.GetLogger(config_obj, &logging.FrontendComponent)
 		logger.Info("<green>Starting</> debug server on <cyan>http://127.0.0.1:%v/debug/pprof", *debug_flag_port)