- Notifications
You must be signed in to change notification settings - Fork1.1k
fix: track JetBrains connections#10968
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes from1 commit
Commits
Show all changes
12 commits Select commitHold shift + click to select a range
c9a226f feat: implement jetbrains agentssh tracking
Emyrk2447970 Add unit test to confirm tracking
Emyrk76d3a24 implement unit test to verify jetbrains functionality
Emyrkadf2fb3 Implement port process inspection
code-asherad034f2 Add JetBrains tracking to bottom bar
code-asher34b7c5e Elaborate on process name check comment
code-asherdce56fd Comment that localForwardChannelData is copied
code-asher7139448 Comment ChannelAccepterWatcher
code-asher6e8f235 Rename channel watcher to be specific to Jetbrains
code-asher4d65478 Log unmarshal failure
code-asher254a5b6 Add constant for JetBrains magic string
code-ashera75ed6c Fix JetBrains tracking test
code-asherFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
Implement port process inspection
- Loading branch information
Uh oh!
There was an error while loading.Please reload this page.
commitadf2fb37a942cb7b1885ae692262103e79355517
There are no files selected for viewing
9 changes: 6 additions & 3 deletionsagent/agent_test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -192,10 +192,13 @@ func TestAgent_Stats_Magic(t *testing.T) { | ||
| require.NoError(t, err) | ||
| }) | ||
| // This test namemust contain the string checked for by the agent, since it | ||
| //looks for this stringin theprocess name. | ||
| t.Run("TracksIdea.vendor.name=JetBrains", func(t *testing.T) { | ||
code-asher marked this conversation as resolved. OutdatedShow resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| t.Parallel() | ||
| if runtime.GOOS != "linux" { | ||
| t.Skip("JetBrains tracking is only supported on Linux") | ||
| } | ||
| ctx := testutil.Context(t, testutil.WaitLong) | ||
| rl, err := net.Listen("tcp", "127.0.0.1:0") | ||
2 changes: 1 addition & 1 deletionagent/agentssh/agentssh.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
32 changes: 26 additions & 6 deletionsagent/agentssh/jetbrainstrack.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,11 @@ | ||
| package agentssh | ||
| import ( | ||
| "strings" | ||
| "sync" | ||
| "cdr.dev/slog" | ||
| "github.com/gliderlabs/ssh" | ||
| "go.uber.org/atomic" | ||
| gossh "golang.org/x/crypto/ssh" | ||
| ) | ||
| @@ -21,17 +23,35 @@ type ChannelAcceptWatcher struct { | ||
| jetbrainsCounter *atomic.Int64 | ||
| } | ||
| func NewChannelAcceptWatcher(ctx ssh.Context,logger slog.Logger, newChannel gossh.NewChannel, counter *atomic.Int64) gossh.NewChannel { | ||
code-asher marked this conversation as resolved. OutdatedShow resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| d := localForwardChannelData{} | ||
| if err := gossh.Unmarshal(newChannel.ExtraData(), &d); err != nil { | ||
| // If the data fails to unmarshal, do nothing. | ||
| return newChannel | ||
| } | ||
| // If we do get a port, we should be able to get the matching PID and from | ||
| // there look up the invocation. | ||
| cmdline, err := getListeningPortProcessCmdline(d.DestPort) | ||
| if err != nil { | ||
| logger.Warn(ctx, "port inspection failed", | ||
| slog.F("destination_port", d.DestPort), | ||
| slog.Error(err)) | ||
| return newChannel | ||
| } | ||
| logger.Debug(ctx, "checking forwarded process", | ||
| slog.F("cmdline", cmdline), | ||
| slog.F("destination_port", d.DestPort)) | ||
| // If this is not JetBrains, then we do not need to do anything special. We | ||
| // attempt to match on something that appears unique to JetBrains software and | ||
| // the vendor name flag seems like it might be a reasonable choice. | ||
| if !strings.Contains(strings.ToLower(cmdline), "idea.vendor.name=jetbrains") { | ||
| return newChannel | ||
| } | ||
| logger.Debug(ctx, "discovered forwarded JetBrains process", | ||
| slog.F("destination_port", d.DestPort)) | ||
| return &ChannelAcceptWatcher{ | ||
| NewChannel: newChannel, | ||
31 changes: 31 additions & 0 deletionsagent/agentssh/portinspection_supported.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| //go:build linux | ||
| package agentssh | ||
| import ( | ||
| "fmt" | ||
| "os" | ||
| "github.com/cakturk/go-netstat/netstat" | ||
| "golang.org/x/xerrors" | ||
| ) | ||
| func getListeningPortProcessCmdline(port uint32) (string, error) { | ||
| tabs, err := netstat.TCPSocks(func(s *netstat.SockTabEntry) bool { | ||
| return s.LocalAddr != nil && uint32(s.LocalAddr.Port) == port | ||
| }) | ||
| if err != nil { | ||
| return "", xerrors.Errorf("inspect port %d: %w", port, err) | ||
| } | ||
| if len(tabs) == 0 { | ||
| return "", nil | ||
| } | ||
| // The process name provided by go-netstat does not include the full command | ||
| // line so grab that instead. | ||
| pid := tabs[0].Process.Pid | ||
| data, err := os.ReadFile(fmt.Sprintf("/proc/%d/cmdline", pid)) | ||
| if err != nil { | ||
| return "", xerrors.Errorf("read /proc/%d/cmdline: %w", pid, err) | ||
| } | ||
| return string(data), nil | ||
| } |
9 changes: 9 additions & 0 deletionsagent/agentssh/portinspection_unsupported.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| //go:build !linux | ||
| package agentssh | ||
| func getListeningPortProcessCmdline(port uint32) (string, error) { | ||
| // We are not worrying about other platforms at the moment because Gateway | ||
| // only supports Linux anyway. | ||
| return "", nil | ||
| } |
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.