Merge pull request #185 from AikidoSec/add-trace-logs-for-wrappers

bitterpanda63 · web-flow · commit 64143058ca94 · 2025-06-26T19:26:12.000Z
Add even more detailed trace logs for wrappers
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/background/BackgroundProcess.java b/agent_api/src/main/java/dev/aikido/agent_api/background/BackgroundProcess.java
@@ -7,6 +7,8 @@
 import dev.aikido.agent_api.background.cloud.api.events.Started;
 import dev.aikido.agent_api.helpers.env.BlockingEnv;
 import dev.aikido.agent_api.helpers.env.Token;
+import dev.aikido.agent_api.helpers.logging.LogManager;
+import dev.aikido.agent_api.helpers.logging.Logger;
 import dev.aikido.agent_api.storage.ServiceConfigStore;
 
 import java.util.Optional;
@@ -22,6 +24,7 @@ public class BackgroundProcess extends Thread {
     private final static int API_TIMEOUT = 10; // 10 seconds
     private final Token token;
     private final ScheduledExecutorService scheduler = Executors.newScheduledThreadPool(3);
+    private static final Logger logger = LogManager.getLogger(BackgroundProcess.class);
 
     public BackgroundProcess(String name, Token token) {
         super(name);
@@ -33,6 +36,8 @@ public void run() {
         if (!Thread.currentThread().isDaemon() && token == null) {
             return; // Can only run if thread is daemon and token needs to be defined.
         }
+        logger.trace("Starting agent thread: %s", Thread.currentThread());
+
         ServiceConfigStore.updateBlocking(new BlockingEnv().getValue());
         ReportingApiHTTP api = new ReportingApiHTTP(getAikidoAPIEndpoint(), API_TIMEOUT, token);
         RealtimeAPI realtimeApi = new RealtimeAPI(token);
@@ -53,4 +58,4 @@ public void run() {
         // one time check to report initial stats
         scheduler.schedule(new HeartbeatTask(api, true), 60, TimeUnit.SECONDS);
     }
-}
+}
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/background/cloud/api/ReportingApiHTTP.java b/agent_api/src/main/java/dev/aikido/agent_api/background/cloud/api/ReportingApiHTTP.java
@@ -41,6 +41,7 @@ public Optional<APIResponse> fetchNewConfig() {
 
             // Send the request and get the response
             HttpResponse<String> httpResponse = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
+            logger.trace("Got response for %s: %s", uri.toString(), httpResponse.body());
             return Optional.of(toApiResponse(httpResponse));
         } catch (Exception e) {
             logger.debug("Error while fetching new config from cloud: %s", e.getMessage());
@@ -60,6 +61,7 @@ public Optional<APIResponse> report(APIEvent event) {
 
             // Send the request and get the response
             HttpResponse<String> httpResponse = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
+            logger.trace("Got response for %s: %s", uri.toString(), httpResponse.body());
             return Optional.of(toApiResponse(httpResponse));
         } catch (Exception e) {
             logger.debug("Error while communicating with cloud: %s", e.getMessage());
@@ -126,6 +128,7 @@ private HttpRequest createHttpRequest(Optional<APIEvent> event, URI uri) {
         if (event.isPresent()) {
             Gson gson = new Gson();
             String requestPayload = gson.toJson(event.get());
+            logger.trace("New request payload: %s", requestPayload);
             return requestBuilder.POST(HttpRequest.BodyPublishers.ofString(requestPayload)) // Set the request body
                 .build();
         }
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/collectors/CommandCollector.java b/agent_api/src/main/java/dev/aikido/agent_api/collectors/CommandCollector.java
@@ -1,18 +1,23 @@
 package dev.aikido.agent_api.collectors;
 
+import dev.aikido.agent_api.helpers.logging.LogManager;
+import dev.aikido.agent_api.helpers.logging.Logger;
 import dev.aikido.agent_api.storage.statistics.OperationKind;
 import dev.aikido.agent_api.storage.statistics.StatisticsStore;
 import dev.aikido.agent_api.vulnerabilities.Scanner;
 import dev.aikido.agent_api.vulnerabilities.Vulnerabilities;
 
 public final class CommandCollector {
     private CommandCollector() {}
+    private static final Logger logger = LogManager.getLogger(CommandCollector.class);
     public static void report(Object command) {
         if (command instanceof String commandStr) {
             if (commandStr.isEmpty()) {
                 return; // Empty command, don't scan.
             }
 
+            logger.trace("Scanning command: %s", commandStr);
+
             // report stats
             StatisticsStore.registerCall("runtime.Exec", OperationKind.EXEC_OP);
 
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/collectors/FileCollector.java b/agent_api/src/main/java/dev/aikido/agent_api/collectors/FileCollector.java
@@ -1,5 +1,7 @@
 package dev.aikido.agent_api.collectors;
 
+import dev.aikido.agent_api.helpers.logging.LogManager;
+import dev.aikido.agent_api.helpers.logging.Logger;
 import dev.aikido.agent_api.storage.statistics.OperationKind;
 import dev.aikido.agent_api.storage.statistics.StatisticsStore;
 import dev.aikido.agent_api.vulnerabilities.Scanner;
@@ -11,6 +13,7 @@
 public final class FileCollector {
     private FileCollector() {}
     private static final int MAX_RECURSION_DEPTH = 3;
+    private static final Logger logger = LogManager.getLogger(FileCollector.class);
 
     public static void report(Object filePath, String operation) {
         report(filePath, operation, 0); // Start with depth of zero
@@ -19,7 +22,7 @@ public static void report(Object filePath, String operation, int depth) {
         if (filePath == null) {
             return; // Make sure filePath is defined
         }
-
+        logger.trace("Scan on %s for file: %s", operation, filePath);
         StatisticsStore.registerCall(operation, OperationKind.FS_OP);
 
         Vulnerabilities.Vulnerability vulnerability = new Vulnerabilities.PathTraversalVulnerability();
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/collectors/SQLCollector.java b/agent_api/src/main/java/dev/aikido/agent_api/collectors/SQLCollector.java
@@ -1,13 +1,17 @@
 package dev.aikido.agent_api.collectors;
 
+import dev.aikido.agent_api.helpers.logging.LogManager;
+import dev.aikido.agent_api.helpers.logging.Logger;
 import dev.aikido.agent_api.storage.statistics.OperationKind;
 import dev.aikido.agent_api.storage.statistics.StatisticsStore;
 import dev.aikido.agent_api.vulnerabilities.Vulnerabilities;
 import dev.aikido.agent_api.vulnerabilities.Scanner;
 
 public final class SQLCollector {
     private SQLCollector() {}
+    private static final Logger logger = LogManager.getLogger(SQLCollector.class);
     public static void report(String sql, String dialect, String operation) {
+        logger.trace("Scanning sql: %s, with dialect: %s", sql, dialect);
         // register statistics
         StatisticsStore.registerCall(operation, OperationKind.SQL_OP);
 
