docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-11-04 01:53:42 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
86eb3be1c40784f6e1b72389395047ccc4090a28
buildx/util/desktop/bundle/trace.go
Tonis Tiigi 45dfb84361 history: add support for exporting multiple and all records 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-03-21 11:21:00 -07:00

85 lines
2.1 KiB
Go
Raw Blame History

package bundle
import (
"bytes"
"context"
"encoding/json"
"io"
"regexp"
"strings"
"sync"
"github.com/containerd/containerd/v2/core/content"
"github.com/docker/buildx/util/otelutil"
"github.com/moby/buildkit/util/contentutil"
"github.com/opencontainers/go-digest"
ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
"go.opentelemetry.io/otel/attribute"
)
var (
reOnce sync.Once
reAttrs, reGhs, reGhpat *regexp.Regexp
)
func sanitizeCommand(value string) string {
reOnce.Do(func() {
sensitiveKeys := []string{"ghtoken", "token", "access_key_id", "secret_access_key", "session_token"}
reAttrs = regexp.MustCompile(`(?i)(` + strings.Join(sensitiveKeys, "|") + `)=[^ ,]+`)
reGhs = regexp.MustCompile(`(?:ghu|ghs)_[A-Za-z0-9]{36}`)
reGhpat = regexp.MustCompile(`github_pat_\w{82}`)
})
value = reAttrs.ReplaceAllString(value, "${1}=xxxxx")
// reGhs/reGhpat is just double proofing. Not really needed.
value = reGhs.ReplaceAllString(value, "xxxxx")
value = reGhpat.ReplaceAllString(value, "xxxxx")
return value
}
func sanitizeTrace(ctx context.Context, mp *contentutil.MultiProvider, desc ocispecs.Descriptor) (*ocispecs.Descriptor, error) {
ra, err := mp.ReaderAt(ctx, desc)
if err != nil {
return nil, err
}
defer ra.Close()
buf := &bytes.Buffer{}
dec := json.NewDecoder(io.NewSectionReader(ra, 0, ra.Size()))
enc := json.NewEncoder(buf)
enc.SetIndent("", " ")
for {
var obj otelutil.Span
if err := dec.Decode(&obj); err == io.EOF {
break
} else if err != nil {
return nil, err
}
for i, att := range obj.Attributes {
v := att.Value
if v.Type() == attribute.STRING {
obj.Attributes[i].Value = attribute.StringValue(sanitizeCommand(v.AsString()))
}
}
if err := enc.Encode(obj); err != nil {
return nil, err
}
}
buffer := contentutil.NewBuffer()
newDesc := ocispecs.Descriptor{
MediaType: desc.MediaType,
Size: int64(buf.Len()),
Digest: digest.FromBytes(buf.Bytes()),
}
if err := content.WriteBlob(ctx, buffer, "trace-sanitized", bytes.NewReader(buf.Bytes()), newDesc); err != nil {
return nil, err
}
mp.Add(newDesc.Digest, buffer)
return &newDesc, nil
}
Reference in New Issue View Git Blame Copy Permalink