Commits on Mar 26, 2024

1. implement redaction filters …

   Implement a new field filter type, the refaction filter. Redaction filters use regular
   expressions to suppress sensitive information in string fields in Tetragon events. When
   a regular expression in a redcation filter matches a string, everything inside of its
   capture groups is replaced with `*****`, effectively censoring the output. For example,
   the regular expression `(?:--password|-p)(?:\s+|=)(\S*)` will convert the string
   "--password=foo" into "--password=*****".
   
   In some cases, it is not desirable to apply a redaction filter to all events. For this use
   case, redaction filters also include an event filter which can be used to select events to
   redact. This event filter is configured with the same syntax as an export filter. As
   a more concrete example:
   
       {"match": {"binary_regex": ["^foo$"]}, "redact": ["\W(qux)\W"]}
   
   The above filter would redact any occurrences of the word "qux" in events with the binary
   name "foo".
   
   Due to the sensitive nature of redaction, these filters are applied as configured in the
   agent, regardless of whether an event is exported via gRPC or the JSON exporter. In other
   words, redaction filter configuration always happens at the agent config level, not in the
   gRPC client CLI.
   
   Signed-off-by: William Findlay <[email protected]>

   

   willfindlay committed Mar 26, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 5f748fe
   • Browse repository at this point

   Copy the full SHA

   5f748fe View commit details

   Browse the repository at this point in the history