-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extract AWS payload tags #7811
Extract AWS payload tags #7811
Conversation
…slf4j-api dependency in the agent
…PAYLOAD_TAGGING config settings
…ath to jsurfer-core
Remove all extra dependencies for JsonPath logic. Avoid Json materialization, traverse using event-based Moshi JsonReader.
…RACE_CLOUD_PAYLOAD_TAGGING_MAX_TAGS
This reverts commit ee673c2.
…nsumption. Add support for reading array of bytes.
….Visitor as a more generic TagCollector
… test. PathCursor clean up.
Remove some unnecessary accidental changes.
requestSensitivePaths.removeAll(commonSensitivePaths); | ||
responseSensitivePaths.removeAll(commonSensitivePaths); | ||
|
||
System.out.println("\nCommon sensitive paths:\n" + String.join("\n", commonSensitivePaths)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those sysout might be removed or converted to different logging? Edit: perhaps is on purpose since it's on a internal utility
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tool is internal and is for extracting redaction rules from AWS JSON schemas. Kept this mostly for reference and in case we want to automate this in the future.
What Does This Do
AWS Payload Tag Extraction
Adds functionality to capture AWS JSON response/request payload and convert it to span tags while applying default and user defined redaction rules. It also tries to expand any possibly embedded JSON-like string and binary data.
Aside from the original PR, which was just capturing a raw response/request body and trying to parse it as JSON, it takes a different approach to tackling this by using SdkPojo for top-level field traversal, which allows us to:
Motivation
Having the ability to see data that was passed into an HTTPS payload from one service to the other.
Help customers (especially those who are using serverless architecture) reproduce and resolve bugs in their serverless compute code or configuration.
Additional Notes
Supersedes #7312
Jira ticket: AIDM-174
NodeJS: DataDog/dd-trace-js#4309
Python: DataDog/dd-trace-py#10642
TODOExample 1: S3
Example 2: Sso
(manually enabled with custom redaction rules)
TODO
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: [PROJ-IDENT]