Filter secrets from stderr and redact them + Add log message for log collection #1563
Conversation
rishigupta1599
force-pushed
the
redact_secrets_logging
branch
from
9274db5
to
f7aea7c
Compare
packages/core/src/percy.js
Outdated
|
|
||
| sendBuildEvents() { | ||
| // Only send cli error when PERCY_CLIENT_ERROR_LOGS is set to true | ||
| if (process.env.PERCY_CLIENT_ERROR_LOGS !== 'false') { |
There was a problem hiding this comment.
PERCY_CLIENT_ERROR_LOGS This is for the CI errors of users?
packages/core/src/percy.js
Outdated
| content: content | ||
| }; | ||
| // console.log(content) | ||
| this.client.sendBuildEvents(this.build?.id, eventObject); |
There was a problem hiding this comment.
sendBuildEvents Not sure the function name of above function should change or this function should change in my opinion.
There was a problem hiding this comment.
This will change post I implement logs controller
| - pattern: | ||
| name: Bitcoin Address | ||
| regex: '^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$' | ||
| confidence: high |
packages/core/src/percy.js
Outdated
| // mark instance as stopped | ||
| this.readyState = 3; | ||
| } catch(err) { | ||
| this.log.error(err) |
There was a problem hiding this comment.
In discovery we are only collecting error. Shouldn't we capture the time taken and all for the same?
There was a problem hiding this comment.
Adding timing for asset discovery using performance api
packages/cli-exec/src/exec.js
Outdated
| @@ -85,6 +85,7 @@ export const exec = command('exec', { | |||
| env.PERCY_BUILD_URL = percy?.build?.url; | |||
| env.PERCY_LOGLEVEL = log.loglevel(); | |||
|
|
|||
| log.debug('Notice: Percy collects CI logs for service improvement, stored for 14 days. Opt-out anytime with export PERCY_CLIENT_ERROR_LOGS=false'); | |||
There was a problem hiding this comment.
This should not be debug, we collect logs regardless.
packages/core/src/utils.js
Outdated
| @@ -343,6 +347,23 @@ export async function withRetries(fn, { count, onRetry, signal, throwOn }) { | |||
| } | |||
| } | |||
|
|
|||
| export function redactSecrets(message) { | |||
There was a problem hiding this comment.
we are calling this function multiple times, it doesnt make sense to read patterns from file everytime
There was a problem hiding this comment.
Also why is this function sync ? this will block execution of other parts of cli [ if file read is not part of it it can be sync ]
There was a problem hiding this comment.
Now executing this method at very last so should be fine as till that time processing would be over.
packages/cli-exec/src/exec.js
Outdated
| @@ -120,7 +120,9 @@ async function* spawn(cmd, args, percy) { | |||
|
|
|||
| if (proc.stderr) { | |||
| proc.stderr.on('data', (data) => { | |||
| errorMessage += data.toString(); | |||
| const message = redactSecrets(data.toString()) | |||
There was a problem hiding this comment.
I would recommend to run this separately later before sending. Here the data comes in chunks so its not necessary that the chunk with succeed regex match when you have a secret split across multiple chunks. I am not sure if thats possible or not, but we need a confirmation.
packages/core/src/percy.js
Outdated
|
|
||
| sendBuildEvents() { | ||
| // Only send cli error when PERCY_CLIENT_ERROR_LOGS is set to true | ||
| if (process.env.PERCY_CLIENT_ERROR_LOGS !== 'false') { |
There was a problem hiding this comment.
convert to a guard condition
packages/core/src/percy.js
Outdated
| // Only send cli error when PERCY_CLIENT_ERROR_LOGS is set to true | ||
| if (process.env.PERCY_CLIENT_ERROR_LOGS !== 'false') { | ||
| // percy token is present | ||
| if (process.env.PERCY_TOKEN) { |
packages/logger/src/logger.js
Outdated
| @@ -46,6 +46,15 @@ export class PercyLogger { | |||
| return this.level; | |||
| } | |||
|
|
|||
| // get all log messages stored for the session | |||
| messageDetail(message) { | |||
There was a problem hiding this comment.
why are we adding this ? we already have query function for the same. lets not repeat unless required.
Also this is not consistent with other functions. the message seems like a string arg but you seem to be expecting an object
packages/core/src/percy.js
Outdated
| if (process.env.PERCY_CLIENT_ERROR_LOGS !== 'false') { | ||
| // percy token is present | ||
| if (process.env.PERCY_TOKEN) { | ||
| const logs = [...this.log.messageDetail()].map((item) => {return JSON.stringify(item)}).join('\n') |
There was a problem hiding this comment.
we should keep user ci messages and cli messages separate
packages/core/src/percy.js
Outdated
| content: content | ||
| }; | ||
| // console.log(content) | ||
| this.client.sendBuildEvents(this.build?.id, eventObject); |
There was a problem hiding this comment.
this is an async function, you are not awaiting it, events may not be sent in that case
There was a problem hiding this comment.
Have we checked terms of the license for usage of this file ?
There was a problem hiding this comment.
creative commons attribution share alike 4.0 license is there, I checked it allows to use it without any issues and can be modified as well
There was a problem hiding this comment.
That requires attribution, make sure we have all necessary attribution steps followed.
rishigupta1599
force-pushed
the
redact_secrets_logging
branch
from
56774e1
to
3fdc517
Compare
packages/cli-exec/src/exec.js
Outdated
| errorMessage += data.toString(); | ||
| const message = data.toString(); | ||
| let entry = { message, timestamp: Date.now(), type: 'ci' }; | ||
| percy.log.error(entry, null, true); |
There was a problem hiding this comment.
when percy is disabled then it will throw an error.
Add test case for this case as well.
| } | ||
| return data; | ||
| } | ||
|
|
There was a problem hiding this comment.
do we know the performance for this?
Can we check with the debug logs in percy-web buildkite build
There was a problem hiding this comment.
We are not going to run on all CLI logs only CI error logs only. Although I have run in several time on 500KB file it is taking around 60ms
rishigupta1599
force-pushed
the
redact_secrets_logging
branch
from
76543ab
to
8478005
Compare
This PR adds the support of sending build logs to API and include following changes.