diff --git a/prometheus-to-sd/go.mod b/prometheus-to-sd/go.mod index d60163c15..1db77e0c0 100644 --- a/prometheus-to-sd/go.mod +++ b/prometheus-to-sd/go.mod @@ -5,7 +5,7 @@ go 1.23.0 require ( cloud.google.com/go/compute/metadata v0.6.0 cloud.google.com/go/monitoring v1.20.2 - github.com/golang/glog v1.2.3 + github.com/golang/glog v1.2.5 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 diff --git a/prometheus-to-sd/go.sum b/prometheus-to-sd/go.sum index 621587ab7..39c939bc7 100644 --- a/prometheus-to-sd/go.sum +++ b/prometheus-to-sd/go.sum @@ -42,8 +42,8 @@ github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.3 h1:oDTdz9f5VGVVNGu/Q7UXKWYsD0873HXLHdJUNBsSEKM= -github.com/golang/glog v1.2.3/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.5 h1:DrW6hGnjIhtvhOIiAKT6Psh/Kd/ldepEa81DKeiRJ5I= +github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= diff --git a/prometheus-to-sd/vendor/github.com/golang/glog/glog.go b/prometheus-to-sd/vendor/github.com/golang/glog/glog.go index 1b632e077..c8bebc3be 100644 --- a/prometheus-to-sd/vendor/github.com/golang/glog/glog.go +++ b/prometheus-to-sd/vendor/github.com/golang/glog/glog.go @@ -238,6 +238,8 @@ func ctxlogf(ctx context.Context, depth int, severity logsink.Severity, verbose metaPool.Put(metai) } +var sinkErrOnce sync.Once + func sinkf(meta *logsink.Meta, format string, args ...any) { meta.Depth++ n, err := logsink.Printf(meta, format, args...) @@ -247,9 +249,20 @@ func sinkf(meta *logsink.Meta, format string, args ...any) { } if err != nil { - logsink.Printf(meta, "glog: exiting because of error: %s", err) - sinks.file.Flush() - os.Exit(2) + // Best-effort to generate a reasonable Fatalf-like + // error message in all sinks that are still here for + // the first goroutine that comes here and terminate + // the process. + sinkErrOnce.Do(func() { + m := &logsink.Meta{} + m.Time = timeNow() + m.Severity = logsink.Fatal + m.Thread = int64(pid) + _, m.File, m.Line, _ = runtime.Caller(0) + format, args := appendBacktrace(1, "log: exiting because of error writing previous log to sinks: %v", []any{err}) + logsink.Printf(m, format, args...) + flushAndAbort() + }) } } @@ -642,6 +655,10 @@ func ErrorContextDepthf(ctx context.Context, depth int, format string, args ...a func ctxfatalf(ctx context.Context, depth int, format string, args ...any) { ctxlogf(ctx, depth+1, logsink.Fatal, false, withStack, format, args...) + flushAndAbort() +} + +func flushAndAbort() { sinks.file.Flush() err := abortProcess() // Should not return. diff --git a/prometheus-to-sd/vendor/github.com/golang/glog/glog_file.go b/prometheus-to-sd/vendor/github.com/golang/glog/glog_file.go index 2b478ae64..b54bd4052 100644 --- a/prometheus-to-sd/vendor/github.com/golang/glog/glog_file.go +++ b/prometheus-to-sd/vendor/github.com/golang/glog/glog_file.go @@ -116,32 +116,53 @@ var onceLogDirs sync.Once // contains tag ("INFO", "FATAL", etc.) and t. If the file is created // successfully, create also attempts to update the symlink for that tag, ignoring // errors. -func create(tag string, t time.Time) (f *os.File, filename string, err error) { +func create(tag string, t time.Time, dir string) (f *os.File, filename string, err error) { + if dir != "" { + f, name, err := createInDir(dir, tag, t) + if err == nil { + return f, name, err + } + return nil, "", fmt.Errorf("log: cannot create log: %v", err) + } + onceLogDirs.Do(createLogDirs) if len(logDirs) == 0 { return nil, "", errors.New("log: no log dirs") } - name, link := logName(tag, t) var lastErr error for _, dir := range logDirs { - fname := filepath.Join(dir, name) - f, err := os.Create(fname) + f, name, err := createInDir(dir, tag, t) if err == nil { - symlink := filepath.Join(dir, link) - os.Remove(symlink) // ignore err - os.Symlink(name, symlink) // ignore err - if *logLink != "" { - lsymlink := filepath.Join(*logLink, link) - os.Remove(lsymlink) // ignore err - os.Symlink(fname, lsymlink) // ignore err - } - return f, fname, nil + return f, name, err } lastErr = err } return nil, "", fmt.Errorf("log: cannot create log: %v", lastErr) } +func createInDir(dir, tag string, t time.Time) (f *os.File, name string, err error) { + name, link := logName(tag, t) + fname := filepath.Join(dir, name) + // O_EXCL is important here, as it prevents a vulnerability. The general idea is that logs often + // live in an insecure directory (like /tmp), so an unprivileged attacker could create fname in + // advance as a symlink to a file the logging process can access, but the attacker cannot. O_EXCL + // fails the open if it already exists, thus prevent our this code from opening the existing file + // the attacker points us to. + f, err = os.OpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666) + if err == nil { + symlink := filepath.Join(dir, link) + os.Remove(symlink) // ignore err + os.Symlink(name, symlink) // ignore err + if *logLink != "" { + lsymlink := filepath.Join(*logLink, link) + os.Remove(lsymlink) // ignore err + os.Symlink(fname, lsymlink) // ignore err + } + return f, fname, nil + } + return nil, "", err +} + // flushSyncWriter is the interface satisfied by logging destinations. type flushSyncWriter interface { Flush() error @@ -248,6 +269,7 @@ type syncBuffer struct { names []string sev logsink.Severity nbytes uint64 // The number of bytes written to this file + madeAt time.Time } func (sb *syncBuffer) Sync() error { @@ -255,9 +277,14 @@ func (sb *syncBuffer) Sync() error { } func (sb *syncBuffer) Write(p []byte) (n int, err error) { + // Rotate the file if it is too large, but ensure we only do so, + // if rotate doesn't create a conflicting filename. if sb.nbytes+uint64(len(p)) >= MaxSize { - if err := sb.rotateFile(time.Now()); err != nil { - return 0, err + now := timeNow() + if now.After(sb.madeAt.Add(1*time.Second)) || now.Second() != sb.madeAt.Second() { + if err := sb.rotateFile(now); err != nil { + return 0, err + } } } n, err = sb.Writer.Write(p) @@ -275,7 +302,8 @@ const footer = "\nCONTINUED IN NEXT FILE\n" func (sb *syncBuffer) rotateFile(now time.Time) error { var err error pn := "" - file, name, err := create(sb.sev.String(), now) + file, name, err := create(sb.sev.String(), now, "") + sb.madeAt = now if sb.file != nil { // The current log file becomes the previous log at the end of diff --git a/prometheus-to-sd/vendor/modules.txt b/prometheus-to-sd/vendor/modules.txt index 375b2d4e4..7ae533381 100644 --- a/prometheus-to-sd/vendor/modules.txt +++ b/prometheus-to-sd/vendor/modules.txt @@ -59,7 +59,7 @@ github.com/go-openapi/swag ## explicit; go 1.15 github.com/gogo/protobuf/proto github.com/gogo/protobuf/sortkeys -# github.com/golang/glog v1.2.3 +# github.com/golang/glog v1.2.5 ## explicit; go 1.19 github.com/golang/glog github.com/golang/glog/internal/logsink