Bugfix: Usernames can now contain unicode for i8n support. (Velocidex…

…#3590)

This means we can finally use emoji for usernames:

![image](https://github.com/Velocidex/velociraptor/assets/3856546/704a12af-2e24-49d4-bff6-420a17b34542)


![image](https://github.com/Velocidex/velociraptor/assets/3856546/c35640ae-09ee-4458-8487-1f8f4d25537d)


![image](https://github.com/Velocidex/velociraptor/assets/3856546/0e879a1a-0a27-4752-ab22-93a11c8afb33)

accessors/collector/collector.go

@@ -2,6 +2,7 @@ package collector
 
 import (
 	"errors"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
@@ -194,13 +195,13 @@ func (self *CollectorAccessor) maybeSetZipPassword(
 
 	buf, err := ioutil.ReadAll(mhandle)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("Decoding metadata.json: %w", err)
 	}
 
 	rows := []*ordereddict.Dict{}
 	err = json.Unmarshal(buf, &rows)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("Decoding metadata.json: %w", err)
 	}
 
 	// metadata.json can be multiple rows
@@ -226,12 +227,12 @@ func (self *CollectorAccessor) maybeSetZipPassword(
 
 			key, err := crypto_utils.GetPrivateKeyFromScope(self.scope)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("GetPrivateKeyFromScope: %w", err)
 			}
 
 			zip_pass, err := crypto_utils.Base64DecryptRSAOAEP(key, ep)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("Unable to extract zip password: %w", err)
 			}
 
 			self.scope.SetContext(constants.ZIP_PASSWORDS, string(zip_pass))
@@ -311,6 +312,7 @@ func (self *CollectorAccessor) OpenWithOSPath(
 	updated_full_path, err := self.maybeSetZipPassword(full_path)
 	if err != nil {
 		self.scope.Log(err.Error())
+		return nil, err
 	}
 
 	reader, err := self.ZipFileSystemAccessor.OpenWithOSPath(updated_full_path)

api/proxy.go

@@ -251,7 +251,9 @@ func GetAPIHandler(
 				username, ok := req.Context().Value(
 					constants.GRPC_USER_CONTEXT).(string)
 				if ok {
-					md["USER"] = username
+					// gRPC metadata can only contain ASCII so we make
+					// sure to escape if needed.
+					md["USER"] = utils.Quote(username)
 				}
 
 				return metadata.New(md)

bin/debug.go

@@ -291,10 +291,12 @@ func handleProfile(config_obj *config_proto.Config) func(w http.ResponseWriter,
 	}
 }
 
-func handleIndex(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+func handleIndex(config_obj *config_proto.Config) func(
+	w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 
-	w.Write([]byte(`
+		w.Write([]byte(`
 <html><body>
 <h1>Debug Server</h1>
 <ul>
@@ -304,14 +306,28 @@ func handleIndex(w http.ResponseWriter, r *http.Request) {
 <li><a href="/debug/profile/all/html">Show all profile items</a></li>
 `))
 
-	for _, i := range debug.GetProfileWriters() {
-		w.Write([]byte(fmt.Sprintf(`
+		if config_obj.Monitoring != nil && config_obj.GUI != nil {
+			metrics_url := config_obj.Monitoring.MetricsUrl
+			if metrics_url == "" {
+				metrics_url = fmt.Sprintf("http://%v:%v/metrics",
+					config_obj.Monitoring.BindAddress,
+					config_obj.Monitoring.BindPort)
+			}
+
+			w.Write([]byte(fmt.Sprintf(
+				"<li><a href=\"%s\">Metrics</a></li>\n",
+				url.QueryEscape(metrics_url))))
+		}
+
+		for _, i := range debug.GetProfileWriters() {
+			w.Write([]byte(fmt.Sprintf(`
 <li><a href="/debug/profile/%s/html">%s</a></li>`,
-			url.QueryEscape(i.Name),
-			html.EscapeString(i.Description))))
-	}
+				url.QueryEscape(i.Name),
+				html.EscapeString(i.Description))))
+		}
 
-	w.Write([]byte(`</body></html>`))
+		w.Write([]byte(`</body></html>`))
+	}
 }
 
 func initDebugServer(config_obj *config_proto.Config) error {
@@ -326,7 +342,7 @@ func initDebugServer(config_obj *config_proto.Config) error {
 			handleProfile(config_obj)))
 		http.HandleFunc("/debug/queries/running/",
 			maybeRenderHTML(handleRunningQueries))
-		http.HandleFunc("/", handleIndex)
+		http.HandleFunc("/", handleIndex(config_obj))
 
 		// Switch off the debug flag so we do not run this again. (The
 		// GUI runs this function multiple times).

config/config.go

@@ -23,6 +23,8 @@ import (
 
 	"github.com/Velocidex/yaml/v2"
 	"github.com/go-errors/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
 	config_proto "www.velocidex.com/golang/velociraptor/config/proto"
 	constants "www.velocidex.com/golang/velociraptor/constants"
 	"www.velocidex.com/golang/velociraptor/utils"
@@ -34,6 +36,11 @@ var (
 	build_time  string
 	commit_hash string
 	ci_run_url  string
+
+	versionCounter = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "velociraptor_build",
+		Help: "Current version of running binary.",
+	}, []string{"commit_hash", "build_time"})
 )
 
 func GetVersion() *config_proto.Version {
@@ -210,3 +217,10 @@ func WriteConfigToFile(filename string, config *config_proto.Config) error {
 
 	return nil
 }
+
+func init() {
+	// Tag the metrics with a build time. This is useful in a cluster
+	// to see if all nodes are upgraded.
+	versionCounter.With(prometheus.Labels{
+		"commit_hash": commit_hash, "build_time": build_time}).Inc()
+}