diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 947449a89..ac6702d5f 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -101,7 +101,7 @@ jobs: type=sha,format=long - name: Build and push Docker image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: file: Dockerfile tags: ${{ needs.tagging.outputs.SHA_TAG }}-${{ matrix.arch }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 9512d21b9..9064d05e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,11 +6,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ## Added -- Introduced the ability for users to configure lading's sample rate, - configuration option `sample_period_milliseconds` in `lading.yaml`. - Introduce a `container` generator able to generate an arbitrary number of docker containers +## [0.25.5] +## Added +- Introduced the ability for users to configure lading's sample rate, + configuration option `sample_period_milliseconds` in `lading.yaml`. +- Users can now configure expvar scraping on https endpoints, skipping certificate validation. + ## [0.25.4] ## Changed - The `splunk_hec` generator now only requires responses to have an `ackId` when diff --git a/Cargo.lock b/Cargo.lock index b07a0f5d2..68a59a2d2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -538,6 +538,16 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -833,6 +843,21 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1297,6 +1322,22 @@ dependencies = [ "tower-service", ] +[[package]] +name = "hyper-tls" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" +dependencies = [ + "bytes", + "http-body-util", + "hyper 1.5.2", + "hyper-util", + "native-tls", + "tokio", + "tokio-native-tls", + "tower-service", +] + [[package]] name = "hyper-util" version = "0.1.10" @@ -1606,7 +1647,7 @@ dependencies = [ [[package]] name = "lading" -version = "0.25.4" +version = "0.25.5" dependencies = [ "async-compression", "async-pidfd", @@ -1910,6 +1951,23 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03" +[[package]] +name = "native-tls" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466" +dependencies = [ + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + [[package]] name = "nibble_vec" version = "0.1.0" @@ -1987,6 +2045,50 @@ version = "11.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9" +[[package]] +name = "openssl" +version = "0.10.68" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5" +dependencies = [ + "bitflags 2.6.0", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.91", +] + +[[package]] +name = "openssl-probe" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + +[[package]] +name = "openssl-sys" +version = "0.9.104" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "opentelemetry" version = "0.18.0" @@ -2579,19 +2681,23 @@ dependencies = [ "http-body 1.0.1", "http-body-util", "hyper 1.5.2", + "hyper-tls", "hyper-util", "ipnet", "js-sys", "log", "mime", + "native-tls", "once_cell", "percent-encoding", "pin-project-lite", + "rustls-pemfile", "serde", "serde_json", "serde_urlencoded", "sync_wrapper 1.0.2", "tokio", + "tokio-native-tls", "tower 0.5.2", "tower-service", "url", @@ -2662,6 +2768,21 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "rustls-pemfile" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" + [[package]] name = "rustversion" version = "1.0.18" @@ -2695,6 +2816,15 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "schannel" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "scoped-tls" version = "1.0.1" @@ -2707,6 +2837,29 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "security-framework" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" +dependencies = [ + "bitflags 2.6.0", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa39c7303dc58b5543c94d22c1766b0d31f2ee58306363ea622b10bbc075eaa2" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "serde" version = "1.0.217" @@ -3152,6 +3305,16 @@ dependencies = [ "syn 2.0.91", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + [[package]] name = "tokio-stream" version = "0.1.17" @@ -3504,6 +3667,12 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.5" diff --git a/lading/Cargo.toml b/lading/Cargo.toml index f4c1bc9c0..0327a26f9 100644 --- a/lading/Cargo.toml +++ b/lading/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lading" -version = "0.25.4" +version = "0.25.5" authors = [ "Brian L. Troutwine ", "George Hahn ", @@ -58,7 +58,7 @@ rand = { workspace = true, default-features = false, features = [ "std_rng", ] } regex = { version = "1.11" } -reqwest = { version = "0.12", default-features = false, features = ["json"] } +reqwest = { version = "0.12", default-features = false, features = ["json", "default-tls"] } rustc-hash = { workspace = true } serde = { workspace = true } serde_json = { workspace = true } diff --git a/lading/src/target_metrics/expvar.rs b/lading/src/target_metrics/expvar.rs index bd34b10c4..dbd72757e 100644 --- a/lading/src/target_metrics/expvar.rs +++ b/lading/src/target_metrics/expvar.rs @@ -1,7 +1,7 @@ //! Expvar target metrics fetcher //! //! This module scrapes Go expvar formatted metrics from the target software. -//! The metrics are formatted as a JSON tree that is fetched over HTTP. +//! The metrics are formatted as a JSON tree that is fetched over HTTP or HTTPS. use std::time::Duration; @@ -80,24 +80,34 @@ impl Expvar { self.sample_period ); - let client = reqwest::Client::new(); + // Disable certificate validation + let client = reqwest::ClientBuilder::new() + .danger_accept_invalid_certs(true) + .build() + .expect("Failed to build http/https client"); let server = async move { loop { tokio::time::sleep(self.sample_period).await; - let Ok(resp) = client + let resp = match client .get(&self.config.uri) .timeout(self.sample_period) .send() .await - else { - info!("failed to get expvar uri"); - continue; + { + Ok(resp) => resp, // If successful, return the response + Err(err) => { + info!("Failed to get expvar URI: {}", err); + continue; // Skip the iteration on error + } }; - let Ok(json) = resp.json::().await else { - info!("failed to parse expvar json"); - continue; + let json = match resp.json::().await { + Ok(json) => json, // Successfully parsed JSON + Err(err) => { + info!("Failed to parse expvar JSON: {}", err); + continue; // Skip the iteration on error + } }; // Add lading labels including user defined tags for this endpoint