Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic: runtime error utilizing secretfilter component #2288

Open
yurii-kryvosheia opened this issue Dec 16, 2024 · 0 comments
Open

Panic: runtime error utilizing secretfilter component #2288

yurii-kryvosheia opened this issue Dec 16, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@yurii-kryvosheia
Copy link

What's wrong?

Intermittent crashes of the pod when using loki.secretfilter component.
Alloy ran fine for a few days before it started crashlooping, I presume under a higher load.

Steps to reproduce

Use custom gitleaks config in loki.secretfilter

System information

Bottlerocket OS 1.26.2 arm64

Software version

v1.5.0

Configuration

Alloy config:
...

loki.secretfilter "secret_filter" {
  forward_to = [loki.write.logs_service.receiver]
  redact_with     = "<REDACTED-SECRET:$SECRET_NAME>"
  gitleaks_config = "/etc/alloy/custom/gitleaks.toml"
  partial_mask    = 3
}

...
gitleaks.toml

title = "Custom Gitleaks Configuration"
description = "Detects secrets with custom rules"
[extend]
useDefault = false

[allowlist]
description = "global allow lists"

[[rules]]
id = "entry-code"
regex = '''(/investor/e|/investor/complete_profile/e|/e)/([a-zA-Z0-9]+)([/\d\?]+)?"'''
secretGroup = 2
entropy = 2

[[rules]]
id = "email"
regex = '''[^\/\s@*]+@[a-zA-Z0-9-]+\.[a-zA-Z]+'''

[[rules]]
id = "activation-code"
regex = '''(/api/users/attempt|/complete_profile/sso)/[a-zA-Z0-9-_@.<>:]+/([a-zA-Z0-9]+)"'''
secretGroup = 2
entropy = 2

[[rules]]
id = "verification-code"
regex = '''/api/users/attempt/[a-zA-Z0-9-_@.<>:]+/([a-zA-Z0-9]+)"'''


[[rules]]
id = "hash"
regex = '''(/users/attempt|/reset_password)/[a-zA-Z0-9-_@.<>:]+/([a-zA-Z0-9]+)"'''
secretGroup = 2
entropy = 2

Logs

alloy ts=2024-12-16T08:35:53.558435591Z level=error msg="final error sending batch" component_path=/ component_id=loki.write.logs_service component=client host=loki.domain.com status=400 tenant=dev error="server returned HTTP status 400 Bad Request (400): entry with timestamp 2024-12-16 07:24:52.407261045 +0000 UTC ignored, reason: 'entry too far behind, entry timestamp is: 2024-12-16T07:24:52Z, oldest acceptable timestamp is: 2024-12-16T07:35:45Z',"
alloy ts=2024-12-16T08:35:54.740021865Z level=error msg="final error sending batch" component_path=/ component_id=loki.write.logs_service component=client host=loki.domain.com status=400 tenant=dev error="server returned HTTP status 400 Bad Request (400): entry with timestamp 2024-12-16 07:25:08.662199485 +0000 UTC ignored, reason: 'entry too far behind, entry timestamp is: 2024-12-16T07:25:08Z, oldest acceptable timestamp is: 2024-12-16T07:35:45Z',"
alloy ts=2024-12-16T08:35:56.353024095Z level=error msg="final error sending batch" component_path=/ component_id=loki.write.logs_service component=client host=loki.domain.com status=400 tenant=dev error="server returned HTTP status 400 Bad Request (400): entry with timestamp 2024-12-16 07:26:06.845412447 +0000 UTC ignored, reason: 'entry too far behind, entry timestamp is: 2024-12-16T07:26:06Z, oldest acceptable timestamp is: 2024-12-16T07:35:45Z',"
alloy ts=2024-12-16T08:35:58.040071923Z level=error msg="final error sending batch" component_path=/ component_id=loki.write.logs_service component=client host=loki.domain.com status=400 tenant=dev error="server returned HTTP status 400 Bad Request (400): entry with timestamp 2024-12-16 07:26:41.647430187 +0000 UTC ignored, reason: 'entry too far behind, entry timestamp is: 2024-12-16T07:26:41Z, oldest acceptable timestamp is: 2024-12-16T07:35:45Z',"
alloy panic: runtime error: slice bounds out of range [:3] with length 1
alloy 
alloy goroutine 320 [running]:
alloy github.com/grafana/alloy/internal/component/loki/secretfilter.(*Component).redactLine(0x4003736f00, {0x4004bc7b28, 0x3ef}, {0x4004bc7d8e, 0x1}, {0x40037f55f0, 0xa})
alloy     /src/alloy/internal/component/loki/secretfilter/secretfilter.go:235 +0x134
alloy github.com/grafana/alloy/internal/component/loki/secretfilter.(*Component).processEntry(0x4003736f00, {0x40054fc780, {{0x1078e0e3, 0xedef1d784, 0x0}, {0x4004bc7b28, 0x3ef}, {0x4004bfd600, 0xe, 0x10}, ...}})
alloy     /src/alloy/internal/component/loki/secretfilter/secretfilter.go:220 +0x360
alloy github.com/grafana/alloy/internal/component/loki/secretfilter.(*Component).Run(0x4003736f00, {0xb4e8da0, 0x40034a1180})
alloy     /src/alloy/internal/component/loki/secretfilter/secretfilter.go:154 +0x178
alloy github.com/grafana/alloy/internal/runtime/internal/controller.(*BuiltinComponentNode).Run(0x400379e6c8, {0xb4e8da0, 0x40034a1180})
alloy     /src/alloy/internal/runtime/internal/controller/node_builtin_component.go:317 +0x120
alloy github.com/grafana/alloy/internal/runtime/internal/controller.newTask.func1()
alloy     /src/alloy/internal/runtime/internal/controller/scheduler.go:150 +0x3c
alloy created by github.com/grafana/alloy/internal/runtime/internal/controller.newTask in goroutine 154
alloy     /src/alloy/internal/runtime/internal/controller/scheduler.go:149 +0x12c
@yurii-kryvosheia yurii-kryvosheia added the bug Something isn't working label Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yurii-kryvosheia