diff --git a/ee/audit/interceptor_ee.go b/ee/audit/interceptor_ee.go index aae82edbb21..2729753507b 100644 --- a/ee/audit/interceptor_ee.go +++ b/ee/audit/interceptor_ee.go @@ -192,7 +192,7 @@ func maskPasswordFieldsInGQL(req string) string { Input: gqlReq.Query, }) if gErr != nil { - glog.Errorf("unable to parse gql request %+v", err) + glog.Errorf("unable to parse gql request %+v", gErr) return req } if len(query.Operations) == 0 { diff --git a/ee/audit/run_ee.go b/ee/audit/run_ee.go index 6ffe624b011..648a86df08e 100644 --- a/ee/audit/run_ee.go +++ b/ee/audit/run_ee.go @@ -93,23 +93,40 @@ func run() error { block, err := aes.NewCipher(key) stat, err := os.Stat(decryptCmd.Conf.GetString("in")) x.Check(err) + if stat.Size() == 0 { + glog.Info("audit file is empty") + return nil + } + var iterator int64 = 0 + iv := make([]byte, aes.BlockSize) - x.Check2(file.ReadAt(iv, 0)) + x.Check2(file.ReadAt(iv, iterator)) + iterator = iterator + aes.BlockSize + + t := make([]byte, len(x.VerificationText)) + x.Check2(file.ReadAt(t, iterator)) + iterator = iterator + int64(len(x.VerificationText)) + + stream := cipher.NewCTR(block, iv) + stream.XORKeyStream(t, t) + if string(t) != x.VerificationText { + return errors.New("invalid encryption key provided. Please check your encryption key") + } - var iterator int64 = 16 for { - content := make([]byte, binary.BigEndian.Uint32(iv[12:])) - x.Check2(file.ReadAt(content, iterator)) - iterator = iterator + int64(binary.BigEndian.Uint32(iv[12:])) - stream := cipher.NewCTR(block, iv) - stream.XORKeyStream(content, content) - x.Check2(outfile.Write(content)) // if its the end of data. finish decrypting if iterator >= stat.Size() { break } x.Check2(file.ReadAt(iv[12:], iterator)) iterator = iterator + 4 + + content := make([]byte, binary.BigEndian.Uint32(iv[12:])) + x.Check2(file.ReadAt(content, iterator)) + iterator = iterator + int64(binary.BigEndian.Uint32(iv[12:])) + stream := cipher.NewCTR(block, iv) + stream.XORKeyStream(content, content) + x.Check2(outfile.Write(content)) } glog.Infof("Decryption of Audit file %s is Done. Decrypted file is %s", decryptCmd.Conf.GetString("in"), diff --git a/go.sum b/go.sum index fe43749bba0..6d22652e930 100644 --- a/go.sum +++ b/go.sum @@ -186,6 +186,7 @@ github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NB github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM= github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2/go.mod h1:/20jfyN9Y5QPEAprSgKAUr+glWDY39ZiUEAYOEv5dsE= github.com/glycerine/goconvey v0.0.0-20190410193231-58a59202ab31/go.mod h1:Ogl1Tioa0aV7gstGFO7KhffUsb9M4ydbEbbxpcEDc24= +github.com/go-check/check v0.0.0-20180628173108-788fd7840127 h1:0gkP6mzaMqkmpcJYCFOLkIBwI7xFExG03bbkOkCvUPI= github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98= github.com/go-chi/chi v3.3.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= diff --git a/t/t.go b/t/t.go index 7597152399f..703924aa1f4 100644 --- a/t/t.go +++ b/t/t.go @@ -145,8 +145,28 @@ func detectRace(prefix string) bool { return zeroRaceDetected || alphaRaceDetected } -func stopCluster(composeFile, prefix string, wg *sync.WaitGroup) { +func outputLogs(prefix string) { + printLogs := func(container string) { + in := testutil.GetContainerInstance(prefix, container) + c := in.GetContainer() + logCmd := exec.Command("docker", "logs", c.ID) + out, err := logCmd.CombinedOutput() + fmt.Printf("Docker logs for %d is %s with error %+v ", c.ID, string(out), err) + } + for i := 0; i <= 3; i++ { + printLogs("zero" + strconv.Itoa(i)) + } + + for i := 0; i <= 6; i++ { + printLogs("alpha" + strconv.Itoa(i)) + } +} + +func stopCluster(composeFile, prefix string, wg *sync.WaitGroup, err error) { go func() { + if err != nil { + outputLogs(prefix) + } cmd := command("docker-compose", "-f", composeFile, "-p", prefix, "down", "-v") cmd.Stderr = nil if err := cmd.Run(); err != nil { @@ -267,7 +287,7 @@ func runTests(taskCh chan task, closer *z.Closer) error { return } wg.Add(1) - stopCluster(defaultCompose, prefix, wg) + stopCluster(defaultCompose, prefix, wg, nil) stopped = true } defer stop() @@ -317,21 +337,21 @@ func getClusterPrefix() string { return fmt.Sprintf("%s%03d-%d", getGlobalPrefix(), procId, id) } -func runCustomClusterTest(ctx context.Context, pkg string, wg *sync.WaitGroup) error { +func runCustomClusterTest(ctx context.Context, pkg string, wg *sync.WaitGroup) (err error) { fmt.Printf("Bringing up cluster for package: %s\n", pkg) - compose := composeFileFor(pkg) prefix := getClusterPrefix() - err := startCluster(compose, prefix) + err = startCluster(compose, prefix) if err != nil { - return err + return } if !*keepCluster { wg.Add(1) - defer stopCluster(compose, prefix, wg) + defer stopCluster(compose, prefix, wg, err) } - return runTestsFor(ctx, pkg, prefix) + err = runTestsFor(ctx, pkg, prefix) + return } func findPackagesFor(testName string) []string { diff --git a/x/log_writer.go b/x/log_writer.go index aded2b6669a..9f4524773cc 100644 --- a/x/log_writer.go +++ b/x/log_writer.go @@ -19,6 +19,8 @@ package x import ( "bufio" "compress/gzip" + "crypto/aes" + "crypto/cipher" "encoding/binary" "fmt" "io" @@ -39,6 +41,7 @@ const ( backupTimeFormat = "2006-01-02T15-04-05.000" bufferSize = 256 * 1024 flushInterval = 10 * time.Second + VerificationText = "Hello World" ) // This is done to ensure LogWriter always implement io.WriterCloser @@ -181,6 +184,19 @@ func encrypt(key []byte, baseIv [12]byte, src []byte) ([]byte, error) { return allocate, nil } +func decrypt(key []byte, baseIv [12]byte, src []byte) ([]byte, error) { + iv := make([]byte, 16) + copy(iv, baseIv[:]) + binary.BigEndian.PutUint32(iv[12:], uint32(len(src))) + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + stream := cipher.NewCTR(block, iv[:]) + stream.XORKeyStream(src, src) + return src, nil +} + func (l *LogWriter) rotate() error { if l == nil { return nil @@ -230,7 +246,11 @@ func (l *LogWriter) open() error { if l.EncryptionKey != nil { rand.Read(l.baseIv[:]) - if _, err = l.writer.Write(l.baseIv[:]); err != nil { + bytes, err := encrypt(l.EncryptionKey, l.baseIv, []byte(VerificationText)) + if err != nil { + return err + } + if _, err = l.writer.Write(append(l.baseIv[:], bytes[:]...)); err != nil { return err } } @@ -260,6 +280,17 @@ func (l *LogWriter) open() error { _ = f.Close() return openNew() } + text := make([]byte, 11) + if _, err := f.ReadAt(text, 16); err != nil { + _ = f.Close() + return openNew() + } + if t, err := decrypt(l.EncryptionKey, l.baseIv, text); err != nil || + string(t) != VerificationText { + // different encryption key. Better to open new file here + _ = f.Close() + return openNew() + } } l.file = f