eventpb: new JSON serialization with redaction markers

This patch introduces a new code generator and infrastructure to emit structured event payloads using the JSON syntax, but also including redaction markers for fields not marked explicitly as safe for reporting. This is not yet connected to the remainder of the logging system -- this change will be performed in a later commit. Release note: None
cockroachdb · Dec 18, 2020 · ba9e26d · ba9e26d
1 parent d22fcb9
commit ba9e26d
Show file tree

Hide file tree

Showing 20 changed files with 3,203 additions and 885 deletions.
diff --git a/Makefile b/Makefile
@@ -806,6 +806,7 @@ LOG_TARGETS = \
 	pkg/util/log/severity/severity_generated.go \
 	pkg/util/log/channel/channel_generated.go \
 	pkg/util/log/eventpb/eventlog_channels_generated.go \
+	pkg/util/log/eventpb/json_encode_generated.go \
 	pkg/util/log/log_channels_generated.go
 
 SQLPARSER_TARGETS = \
@@ -1552,7 +1553,11 @@ docs/generated/eventlog.md: pkg/util/log/eventpb/gen.go $(EVENTLOG_PROTOS) | bin
 	mv -f $@.tmp $@
 
 pkg/util/log/eventpb/eventlog_channels_generated.go: pkg/util/log/eventpb/gen.go $(EVENTLOG_PROTOS) | bin/.go_protobuf_sources
-	$(GO) run $(GOFLAGS) $(GOMODVENDORFLAGS) $< eventlog_channels $(EVENTLOG_PROTOS) >$@.tmp || { rm -f $@.tmp; exit 1; }
+	$(GO) run $(GOFLAGS) $(GOMODVENDORFLAGS) $< eventlog_channels_go $(EVENTLOG_PROTOS) >$@.tmp || { rm -f $@.tmp; exit 1; }
+	mv -f $@.tmp $@
+
+pkg/util/log/eventpb/json_encode_generated.go: pkg/util/log/eventpb/gen.go $(EVENTLOG_PROTOS) | bin/.go_protobuf_sources
+	$(GO) run $(GOFLAGS) $(GOMODVENDORFLAGS) $< json_encode_go $(EVENTLOG_PROTOS) >$@.tmp || { rm -f $@.tmp; exit 1; }
 	mv -f $@.tmp $@
 
 docs/generated/logging.md: pkg/util/log/gen.go pkg/util/log/logpb/log.proto

diff --git a/docs/generated/eventlog.md b/docs/generated/eventlog.md
diff --git a/pkg/util/jsonbytes/BUILD.bazel b/pkg/util/jsonbytes/BUILD.bazel
@@ -0,0 +1,8 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "jsonbytes",
+    srcs = ["jsonbytes.go"],
+    importpath = "github.com/cockroachdb/cockroach/pkg/util/jsonbytes",
+    visibility = ["//visibility:public"],
+)
diff --git a/pkg/util/jsonbytes/jsonbytes.go b/pkg/util/jsonbytes/jsonbytes.go
@@ -0,0 +1,68 @@
+// Copyright 2020 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package jsonbytes
+
+import "unicode/utf8"
+
+const hexAlphabet = "0123456789abcdef"
+
+// EncodeString writes a string literal to b as a JSON string.
+// Note that the delimiting double quotes are not included.
+// Cribbed from https://github.com/golang/go/blob/7badae85f20f1bce4cc344f9202447618d45d414/src/encoding/json/encode.go.
+func EncodeString(buf []byte, s string) []byte {
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if b >= ' ' && b != '"' && b != '\\' {
+				i++
+				continue
+			}
+			if start < i {
+				buf = append(buf, s[start:i]...)
+			}
+			switch b {
+			case '\\', '"':
+				buf = append(buf, '\\', b)
+			case '\n':
+				buf = append(buf, '\\', 'n')
+			case '\r':
+				buf = append(buf, '\\', 'r')
+			case '\t':
+				buf = append(buf, '\\', 't')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				// If escapeHTML is set, it also escapes <, >, and &
+				// because they can lead to security holes when
+				// user-controlled strings are rendered into JSON
+				// and served to some browsers.
+				buf = append(buf, '\\', 'u', '0', '0', hexAlphabet[b>>4], hexAlphabet[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				buf = append(buf, s[start:i]...)
+			}
+			buf = append(buf, `\ufffd`...)
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		buf = append(buf, s[start:]...)
+	}
+	return buf
+}
diff --git a/pkg/util/log/eventpb/BUILD.bazel b/pkg/util/log/eventpb/BUILD.bazel
@@ -1,4 +1,4 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
     name = "eventpb",
@@ -9,6 +9,7 @@ go_library(
         "eventlog_channels_generated.go",
         "events.go",
         "events.pb.go",
+        "json_encode_generated.go",
         "misc_sql_events.pb.go",
         "privilege_events.pb.go",
         "role_events.pb.go",
@@ -17,8 +18,20 @@ go_library(
     importpath = "github.com/cockroachdb/cockroach/pkg/util/log/eventpb",
     visibility = ["//visibility:public"],
     deps = [
+        "//pkg/util/jsonbytes",
         "//pkg/util/log/logpb",
+        "//vendor/github.com/cockroachdb/redact",
         "//vendor/github.com/gogo/protobuf/proto",
         "//vendor/github.com/gogo/protobuf/types",
     ],
 )
+
+go_test(
+    name = "eventpb_test",
+    srcs = ["event_test.go"],
+    embed = [":eventpb"],
+    deps = [
+        "//vendor/github.com/cockroachdb/redact",
+        "//vendor/github.com/stretchr/testify/assert",
+    ],
+)