| chore(deps-dev): bump postcss from 8.5.6 to 8.5.14 in /pkg/devtools/app in the npm_and_yarn group across 1 directory (#329) * chore(deps-dev): bump postcss Bumps the npm_and_yarn group with 1 update in the /pkg/devtools/app directory: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.6 to 8.5.14 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.14) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.14 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ci: verify devtools dist before warning --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Qbot AI Assistant <jon+qbot@qpoint.io> | 1 个月前 |
| e2e: clean up + export process utils (#163) * fix golangci in vscode workspace environment * clean up e2e test code + export process utils | 7 个月前 |
| adds govulncheck allowlist for unreachable moby daemon vulns (#326) * adds govulncheck allowlist for unreachable moby daemon vulns * chore: bump Go to 1.26.2 | 2 个月前 |
| bpf: filter MSG_PEEK in recvfrom/recvmsg hooks + E2E regression tests (QPT-754, QPT-988) (#309) * e2e: add wget MSG_PEEK body corruption regression test (QPT-988) Adds TestHTTP_WgetMsgPeek with two subtests: - curl_baseline: proves the test harness works (curl doesn't use MSG_PEEK) - wget_msgpeek: reproduces the body corruption bug where wget's recvfrom(..., MSG_PEEK) causes eBPF probes to see duplicate data, corrupting the HTTP parser so headers leak into the captured body The wget subtest's body assertion will fail until QPT-754 is fixed (filtering MSG_PEEK events in the eBPF recvfrom hooks). * e2e: add large-body wget test that reproduces MSG_PEEK corruption (QPT-988) The small-body test passes because wget reads everything in one call. With a ~700 byte response body, wget's MSG_PEEK split read pattern triggers the bug: HTTP response headers leak into the captured body. Test output confirms the corruption: expected: {"items":[...],"padding":"abcdef..."} actual: ...abcdefghijaHTTP/1.1 200 OK\r\nContent-Type:... curl_baseline passes, wget_msgpeek_large fails — proving the bug. * bpf: filter MSG_PEEK in recvfrom hooks to prevent duplicate data (QPT-754) (#310) * bpf: filter MSG_PEEK in recvfrom hooks to prevent duplicate data (QPT-754) When applications like wget use recvfrom() with MSG_PEEK flag, the eBPF probes capture the peeked data and again when the actual read() happens. This duplicate data corrupts the HTTP/1.1 parser state, causing response headers to leak into the captured body. Fix: check flags argument (ctx->args[3]) in the recvfrom entry hook and skip MSG_PEEK calls entirely. The peeked data is always followed by a real read, so filtering at the eBPF level is clean and loses nothing. * bpf: also filter MSG_PEEK in recvmsg hooks for completeness (QPT-754) Addresses review feedback — recvmsg() also supports MSG_PEEK via its flags argument (ctx->args[2]). Same early-return approach as recvfrom. --------- Co-authored-by: Jon Friesen <jon+qbot@qpoint.io> --------- Co-authored-by: Jon Friesen <jon+qbot@qpoint.io> | 3 个月前 |
| renaming binary from qpoint to qtap (#6) | 1 年前 |
| Implement support for redis protocol (#238) ## Redis Protocol Support Implements Redis protocol detection, parsing, and plugin architecture extensions to support multiple protocol types. ### Key Changes **Protocol Implementation** - Add Redis protocol detection and parser - Implement TLS support for Redis connections - Add protocol-specific payload size configuration **Plugin Architecture** - Extend plugin system to support protocol-specific interfaces via implicit interface matching - Add stack creation based on connection protocol type - Store endpoint stack mappings for both HTTP and Redis protocols - Move plugin connection onto pending command (one plugin run per request) **Safety & Testing** - Replace direct type assertions with checked assertions to prevent panics - Add unit tests for Redis plugin paths including panic recovery - Add tests for protocol-based plugin filtering and interface detection **Sample Applications** - Add Redis example apps with connection retry logic - Implement connection delays to ensure probes are set before connecting ### Technical Details The deployment's `NewStack` method handles protocol-specific plugin filtering, allowing the same stack configuration to serve both HTTP and Redis connections with appropriate plugin instantiation. Plugins implementing both interfaces work correctly for both connection types. | 5 个月前 |
| bpf: filter MSG_PEEK in recvfrom/recvmsg hooks + E2E regression tests (QPT-754, QPT-988) (#309) * e2e: add wget MSG_PEEK body corruption regression test (QPT-988) Adds TestHTTP_WgetMsgPeek with two subtests: - curl_baseline: proves the test harness works (curl doesn't use MSG_PEEK) - wget_msgpeek: reproduces the body corruption bug where wget's recvfrom(..., MSG_PEEK) causes eBPF probes to see duplicate data, corrupting the HTTP parser so headers leak into the captured body The wget subtest's body assertion will fail until QPT-754 is fixed (filtering MSG_PEEK events in the eBPF recvfrom hooks). * e2e: add large-body wget test that reproduces MSG_PEEK corruption (QPT-988) The small-body test passes because wget reads everything in one call. With a ~700 byte response body, wget's MSG_PEEK split read pattern triggers the bug: HTTP response headers leak into the captured body. Test output confirms the corruption: expected: {"items":[...],"padding":"abcdef..."} actual: ...abcdefghijaHTTP/1.1 200 OK\r\nContent-Type:... curl_baseline passes, wget_msgpeek_large fails — proving the bug. * bpf: filter MSG_PEEK in recvfrom hooks to prevent duplicate data (QPT-754) (#310) * bpf: filter MSG_PEEK in recvfrom hooks to prevent duplicate data (QPT-754) When applications like wget use recvfrom() with MSG_PEEK flag, the eBPF probes capture the peeked data and again when the actual read() happens. This duplicate data corrupts the HTTP/1.1 parser state, causing response headers to leak into the captured body. Fix: check flags argument (ctx->args[3]) in the recvfrom entry hook and skip MSG_PEEK calls entirely. The peeked data is always followed by a real read, so filtering at the eBPF level is clean and loses nothing. * bpf: also filter MSG_PEEK in recvmsg hooks for completeness (QPT-754) Addresses review feedback — recvmsg() also supports MSG_PEEK via its flags argument (ctx->args[2]). Same early-return approach as recvfrom. --------- Co-authored-by: Jon Friesen <jon+qbot@qpoint.io> --------- Co-authored-by: Jon Friesen <jon+qbot@qpoint.io> | 3 个月前 |
| add OTel log collector as object store type (QPT-1075) (#315) | 3 个月前 |
| add OTel log collector as object store type (QPT-1075) (#315) | 3 个月前 |
| chore(deps-dev): bump postcss from 8.5.6 to 8.5.14 in /pkg/devtools/app in the npm_and_yarn group across 1 directory (#329) * chore(deps-dev): bump postcss Bumps the npm_and_yarn group with 1 update in the /pkg/devtools/app directory: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.6 to 8.5.14 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.14) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.14 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ci: verify devtools dist before warning --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Qbot AI Assistant <jon+qbot@qpoint.io> | 1 个月前 |
| adds govulncheck allowlist for unreachable moby daemon vulns (#326) * adds govulncheck allowlist for unreachable moby daemon vulns * chore: bump Go to 1.26.2 | 2 个月前 |
| add claude configs to git ignore (#226) | 5 个月前 |
| golang ci vuln enablement (#122) * Revert "Skips GO-2025-3829 vuln alert" This reverts commit 43d3145c6c61ad37881f5ca6952303b3a5ff7030. * replace tenv with usetesting * chore(deps): bump github.com/go-viper/mapstructure/v2 Bumps the go_modules group with 1 update in the / directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure). Updates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 9 个月前 |
| adds govulncheck allowlist for unreachable moby daemon vulns (#326) * adds govulncheck allowlist for unreachable moby daemon vulns * chore: bump Go to 1.26.2 | 2 个月前 |
| Initial commit: Introducing Qtap to the world After countless hours of development, debugging sessions that stretched into the night, and plenty of caffeine, we're thrilled to finally share Qtap with the open source community. Qtap is our eBPF-based agent for capturing pre-encrypted network traffic making the invisible visible without requiring code modifications or proxy configurations. This tool represents our passion for creating technology that brings transparency to complex systems. This project wouldn't exist without the incredible open source projects that came before us. We've learned so much from the eBPF community, OpenSSL contributors, and countless other open source projects that have generously shared their knowledge and code with the world. We're excited to give back to this amazing community that has taught us so much. Whether you're using Qtap for security auditing, debugging network issues, or just learning how encrypted protocols actually work under the hood, we hope this tool makes your life a little easier. This is just the beginning. We look forward to growing this project together with all of you. With gratitude, The Qpoint Team Co-authored-by: Tyler Flint <tyler@qpoint.io> Co-authored-by: Mark Parson <mark@qpoint.io> Co-authored-by: Kamal Nasser <kamal@qpoint.io> Co-authored-by: Devin Bernosky <devin@qpoint.io> Co-authored-by: Andrew Valencia <andrew@qpoint.io> | 1 年前 |
| adds govulncheck allowlist for unreachable moby daemon vulns (#326) * adds govulncheck allowlist for unreachable moby daemon vulns * chore: bump Go to 1.26.2 | 2 个月前 |
| docs: add DevTools demo video to README (#237) * docs: add DevTools demo video to README * docs: use GIF instead of webm for DevTools demo * docs: add link to DevTools documentation --------- Co-authored-by: devindudeman <miscellaneous1@gmail.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> | 5 个月前 |
| fix: remove vulnerable moby dependency (#330) * fix: remove vulnerable moby dependency * fix: resolve security scan failures --------- Co-authored-by: Qbot AI Assistant <jon+qbot@qpoint.io> | 1 个月前 |
| fix: remove vulnerable moby dependency (#330) * fix: remove vulnerable moby dependency * fix: resolve security scan failures --------- Co-authored-by: Qbot AI Assistant <jon+qbot@qpoint.io> | 1 个月前 |