Documentation ¶
Overview ¶
Package utils holds utils related files
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils holds utils related files ¶
Package utils groups multiple utils function that can be used by the secl package ¶
Package utils holds utils related files ¶
Package utils holds utils related files
Index ¶
- Constants
- Variables
- func BoolTouint64(value bool) uint64
- func BuildPatterns(ruleset []*rules.RuleDefinition) []*rules.RuleDefinition
- func CapEffCapEprm(pid uint32) (uint64, uint64, error)
- func CgroupSysPath(controller string, path string, file string) string
- func CgroupTaskPath(tgid, pid uint32) string
- func CheckForPatterns(path string) string
- func EnvVars(priorityEnvsPrefixes []string, pid uint32, maxEnvVars int) ([]string, bool, error)
- func FetchLoadedModules() (map[string]ProcFSModule, error)
- func FindPidNamespace(nspid uint32, ns uint64) (uint32, error)
- func FindTraceesByTracerPid(pid uint32) ([]uint32, error)
- func GetAgentSemverVersion() (*semver.Version, error)
- func GetEndpointURL(endpoint logsconfig.Endpoint, uri string) string
- func GetFSTypeFromFilePath(path string) string
- func GetHostname() (string, error)
- func GetHostnameWithContextAndFallback(ctx context.Context) (string, error)
- func GetLoginUID(pid uint32) (uint32, error)
- func GetNsPids(pid uint32) ([]uint32, error)
- func GetProcContainerContext(tgid, pid uint32) (containerutils.ContainerID, containerutils.CGroupFlags, error)
- func GetProcContainerID(tgid, pid uint32) (containerutils.ContainerID, error)
- func GetProcessPidNamespace(pid uint32) (uint64, error)
- func GetProcesses() ([]*process.Process, error)
- func GetTagName(tag string) string
- func GetTagValue(tagName string, tags []string) string
- func GetTracerPid(pid uint32) (uint32, error)
- func Getpid() uint32
- func LoginUIDPath(pid uint32) string
- func MarshalEasyJSON(i easyjson.Marshaler) ([]byte, error)
- func Mkdev(major uint32, minor uint32) uint32
- func ModulesPath() string
- func NewCookie() uint64
- func NumCPU() (int, error)
- func ParseCgroupFileValue(controller string, path string, file string) (int, error)
- func PathPatternBuilder(pattern string, path string, opts PathPatternMatchOpts) (string, bool)
- func PathPatternMatch(pattern string, path string, opts PathPatternMatchOpts) bool
- func PidTTY(pid uint32) string
- func ProcExePath(pid uint32) string
- func ProcRootFilePath(pid uint32, file string) string
- func ProcRootPath(pid uint32) string
- func RandNonZeroUint64() uint64
- func RandString(n int) string
- func ReadCgroupFile(controller string, path string, file string) ([]byte, string, error)
- func RuntimeArch() string
- func StatusPath(pid uint32) string
- func TryToResolveTraceePid(hostTracerPID, NsTraceePid uint32) (uint32, error)
- func UnixStat(path string) (syscall.Stat_t, error)
- func UnixStatModeToGoFileMode(mode uint32) fs.FileMode
- type CIDRSet
- type ControlGroup
- type EasyjsonTime
- type Edge
- type FilledProcess
- type Graph
- type GraphID
- type LRUStringInterner
- type Limiter
- type LimiterStat
- type Listener
- type NetNSPath
- type Node
- type NodeID
- type Notifier
- type PathPatternMatchOpts
- type ProcFSModule
- type StringKeys
- type SyscallKey
Constants ¶
const ContainerIDLen = sha256.Size * 2
ContainerIDLen is the length of a container ID is the length of the hex representation of a sha256 hash
Variables ¶
var Syscalls = map[SyscallKey]string{}/* 713 elements not displayed */
Syscalls maps the (arch,syscall_id) to the syscall string
Functions ¶
func BoolTouint64 ¶
BoolTouint64 converts a boolean value to an uint64
func BuildPatterns ¶
func BuildPatterns(ruleset []*rules.RuleDefinition) []*rules.RuleDefinition
BuildPatterns find and build patterns for the path in the ruleset
func CapEffCapEprm ¶
CapEffCapEprm returns the effective and permitted kernel capabilities of a process
func CgroupSysPath ¶
CgroupSysPath returns the path to the provided file within the provided cgroup
func CgroupTaskPath ¶
CgroupTaskPath returns the path to the cgroup file of a pid in /proc
func CheckForPatterns ¶
CheckForPatterns replace patterns like uuid with *
func FetchLoadedModules ¶
func FetchLoadedModules() (map[string]ProcFSModule, error)
FetchLoadedModules returns a map of loaded modules
func FindPidNamespace ¶
FindPidNamespace search and return the host PID for the given namespaced PID + its namespace
func FindTraceesByTracerPid ¶
FindTraceesByTracerPid returns the process list being trced by the given tracer host PID
func GetAgentSemverVersion ¶
func GetAgentSemverVersion() (*semver.Version, error)
GetAgentSemverVersion returns the agent version as a semver version
func GetEndpointURL ¶
func GetEndpointURL(endpoint logsconfig.Endpoint, uri string) string
GetEndpointURL returns the formatted URL of the provided endpoint
func GetFSTypeFromFilePath ¶
GetFSTypeFromFilePath returns the filesystem type of the mount holding the speficied file path
func GetHostname ¶
GetHostname attempts to acquire a hostname by connecting to the core agent's gRPC endpoints.
func GetHostnameWithContextAndFallback ¶
GetHostnameWithContextAndFallback attempts to acquire a hostname by connecting to the core agent's gRPC endpoints extending the given context, or falls back to local resolution
func GetLoginUID ¶
GetLoginUID returns the login uid of the provided process
func GetProcContainerContext ¶
func GetProcContainerContext(tgid, pid uint32) (containerutils.ContainerID, containerutils.CGroupFlags, error)
GetProcContainerContext returns the container ID which the process belongs to along with its manager. Returns "" if the process does not belong to a container.
func GetProcContainerID ¶
func GetProcContainerID(tgid, pid uint32) (containerutils.ContainerID, error)
GetProcContainerID returns the container ID which the process belongs to. Returns "" if the process does not belong to a container.
func GetProcessPidNamespace ¶
GetProcessPidNamespace returns the PID namespace of the given PID
func GetProcesses ¶
GetProcesses returns list of active processes
func GetTagName ¶
GetTagName returns the key of a tag in the tag_name:tag_value format
func GetTagValue ¶
GetTagValue returns the value of the given tag in the given list
func GetTracerPid ¶
GetTracerPid returns the tracer pid of the the givent root pid
func LoginUIDPath ¶
LoginUIDPath returns the path to the loginuid file of a pid in /proc
func MarshalEasyJSON ¶
MarshalEasyJSON easyjson marshal helper
func Mkdev ¶
Mkdev returns the representation of a device use the kernel algorithm, the golang unix.Mkdev function bring inconsistency between representations of device https://elixir.bootlin.com/linux/v6.4.9/source/include/linux/kdev_t.h#L12
func ModulesPath ¶
func ModulesPath() string
ModulesPath returns the path to the modules file in /proc
func ParseCgroupFileValue ¶
ParseCgroupFileValue parses the content of a cgroup file into an int
func PathPatternBuilder ¶
func PathPatternBuilder(pattern string, path string, opts PathPatternMatchOpts) (string, bool)
PathPatternBuilder pattern builder for files
func PathPatternMatch ¶
func PathPatternMatch(pattern string, path string, opts PathPatternMatchOpts) bool
PathPatternMatch pattern builder for files
func ProcExePath ¶
ProcExePath returns the path to the exe file of a pid in /proc
func ProcRootFilePath ¶
ProcRootFilePath returns the path to the input file after prepending the proc root path of the given pid
func ProcRootPath ¶
ProcRootPath returns the path to the root directory of a pid in /proc
func RandNonZeroUint64 ¶
func RandNonZeroUint64() uint64
RandNonZeroUint64 returns a new non-zero uint64
func RandString ¶
RandString returns a random string of the given length size
func ReadCgroupFile ¶
ReadCgroupFile reads the content of a cgroup file
func RuntimeArch ¶
func RuntimeArch() string
RuntimeArch returns the arch as will be visible in CWS events and security profiles
func StatusPath ¶
StatusPath returns the path to the status file of a pid in /proc
func TryToResolveTraceePid ¶
TryToResolveTraceePid tries to resolve and returnt the HOST tracee PID, given the HOST tracer PID and the namespaced tracee PID.
func UnixStat ¶
UnixStat is an unix only equivalent to os.Stat, but alloc-free, and returning directly the platform-specific syscall.Stat_t structure.
func UnixStatModeToGoFileMode ¶
UnixStatModeToGoFileMode converts a Unix mode to a Go fs.FileMode.
Types ¶
type CIDRSet ¶
type CIDRSet struct {
// contains filtered or unexported fields
}
CIDRSet defines a set of CIDRs
func (*CIDRSet) AppendCIDR ¶
AppendCIDR appends a CIDR to the set
type ControlGroup ¶
type ControlGroup struct { // ID unique hierarchy ID ID int // Controllers are the list of cgroup controllers bound to the hierarchy Controllers []string // Path is the pathname of the control group to which the process // belongs. It is relative to the mountpoint of the hierarchy. Path string }
ControlGroup describes the cgroup membership of a process
func GetProcControlGroups ¶
func GetProcControlGroups(tgid, pid uint32) ([]ControlGroup, error)
GetProcControlGroups returns the cgroup membership of the specified task.
func (ControlGroup) GetContainerContext ¶
func (cg ControlGroup) GetContainerContext() (containerutils.ContainerID, containerutils.CGroupFlags)
GetContainerContext returns both the container ID and its flags
func (ControlGroup) GetContainerID ¶
func (cg ControlGroup) GetContainerID() containerutils.ContainerID
GetContainerID returns the container id extracted from the path of the control group
type EasyjsonTime ¶
type EasyjsonTime struct {
// contains filtered or unexported fields
}
EasyjsonTime represents a EasyJSON enabled time wrapper
func NewEasyjsonTime ¶
func NewEasyjsonTime(t time.Time) EasyjsonTime
NewEasyjsonTime returns a new EasyjsonTime based on the provided time
func NewEasyjsonTimeIfNotZero ¶
func NewEasyjsonTimeIfNotZero(t time.Time) *EasyjsonTime
NewEasyjsonTimeIfNotZero returns a new EasyjsonTime based on the provided time or nil if zero time
func (*EasyjsonTime) GetInnerTime ¶
func (t *EasyjsonTime) GetInnerTime() time.Time
GetInnerTime returns the inner time
func (EasyjsonTime) MarshalEasyJSON ¶
func (t EasyjsonTime) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON does JSON marshaling using easyjson interface
func (*EasyjsonTime) UnmarshalJSON ¶
func (t *EasyjsonTime) UnmarshalJSON(b []byte) error
UnmarshalJSON does JSON unmarshaling
type FilledProcess ¶
type FilledProcess struct { Pid int32 Ppid int32 CreateTime int64 Name string Uids []int32 Gids []int32 MemInfo *process.MemoryInfoStat Cmdline []string }
FilledProcess defines a filled process
func GetFilledProcess ¶
func GetFilledProcess(p *process.Process) (*FilledProcess, error)
GetFilledProcess returns a FilledProcess from a Process input
type GraphID ¶
type GraphID struct {
// contains filtered or unexported fields
}
GraphID represents an ID used in a graph, combination of NodeIDs
func NewGraphID ¶
NewGraphID returns a new GraphID based on the provided NodeIDs
func NewGraphIDWithDescription ¶
NewGraphIDWithDescription returns a new GraphID based on a description and on the provided NodeIDs
type LRUStringInterner ¶
LRUStringInterner is a best-effort LRU-based string deduplicator
func NewLRUStringInterner ¶
func NewLRUStringInterner(size int) *LRUStringInterner
NewLRUStringInterner returns a new LRUStringInterner, with the cache size provided if the cache size is negative this function will panic
func (*LRUStringInterner) Deduplicate ¶
func (si *LRUStringInterner) Deduplicate(value string) string
Deduplicate returns a possibly de-duplicated string
func (*LRUStringInterner) DeduplicateSlice ¶
func (si *LRUStringInterner) DeduplicateSlice(values []string)
DeduplicateSlice returns a possibly de-duplicated string slice
type Limiter ¶
type Limiter[K comparable] struct { // contains filtered or unexported fields }
Limiter defines a rate limiter which limits tokens to 'numAllowedTokensPerPeriod' per 'period'
func NewLimiter ¶
func NewLimiter[K comparable](maxUniqueToken int, numAllowedTokensPerPeriod int, period time.Duration) (*Limiter[K], error)
NewLimiter returns a rate limiter that is sized to the configured number of unique tokens, and each unique token is allowed 'numAllowedTokensPerPeriod' times per 'period'.
func (*Limiter[K]) Count ¶
func (l *Limiter[K]) Count(k K)
Count marks the key as used and increments the count
func (*Limiter[K]) SwapStats ¶
func (l *Limiter[K]) SwapStats() []LimiterStat
SwapStats returns the dropped and allowed stats, and zeros the stats
type LimiterStat ¶
LimiterStat return stats
type Listener ¶
type Listener[O any] func(obj O)
Listener describes the callback called by a notifier
type NetNSPath ¶
type NetNSPath struct {
// contains filtered or unexported fields
}
NetNSPath represents a network namespace path
func NetNSPathFromPath ¶
NetNSPathFromPath returns a new NetNSPath from the given path
func NetNSPathFromPid ¶
NetNSPathFromPid returns a new NetNSPath from the given Pid
func (*NetNSPath) GetProcessNetworkNamespace ¶
GetProcessNetworkNamespace returns the network namespace of a pid after parsing /proc/[pid]/ns/net
type Node ¶
type Node struct { ID GraphID Label string Size int Color string FillColor string Shape string IsTable bool }
Node describes an edge of a dot node
type NodeID ¶
type NodeID struct {
// contains filtered or unexported fields
}
NodeID represents the ID of a Node
func NewNodeIDFromPtr ¶
NewNodeIDFromPtr returns a new NodeID based on a pointer value
type Notifier ¶
type Notifier[E event, O any] struct { // contains filtered or unexported fields }
Notifier describes a type that calls back listener that registered for a specific set of events
func NewNotifier ¶
NewNotifier returns a new notifier
func (*Notifier[E, O]) NotifyListeners ¶
func (n *Notifier[E, O]) NotifyListeners(event E, obj O)
NotifyListeners notifies all listeners of an event type
func (*Notifier[E, O]) RegisterListener ¶
RegisterListener registers an event listener
type PathPatternMatchOpts ¶
type PathPatternMatchOpts struct { WildcardLimit int // max number of wildcard in the pattern PrefixNodeRequired int // number of prefix nodes required SuffixNodeRequired int // number of suffix nodes required NodeSizeLimit int // min size required to substitute with a wildcard }
PathPatternMatchOpts PathPatternMatch options
type ProcFSModule ¶
type ProcFSModule struct { // Name is the name of the module Name string // Size is the memory size of the module, in bytes Size int // InstancesCount lists how many instances of the module are currently loaded InstancesCount int // DependsOn lists the modules which the current module depends on DependsOn []string // State is the state which the current module is in State string // Address is the address at which the module was loaded Address int64 // TaintState is the kernel taint state of the module TaintState string }
ProcFSModule is a representation of a line in /proc/modules
type StringKeys ¶
type StringKeys struct {
// contains filtered or unexported fields
}
StringKeys is a map of strings, that serialize to JSON as an array of strings
func NewStringKeys ¶
func NewStringKeys(from []string) *StringKeys
NewStringKeys returns a new `StringKeys` build from the provided keys
func (*StringKeys) ForEach ¶
func (sk *StringKeys) ForEach(f func(string))
ForEach iterates over each key, and run `f` on them
func (*StringKeys) Insert ¶
func (sk *StringKeys) Insert(value string)
Insert inserts a new key in the map
func (*StringKeys) Keys ¶
func (sk *StringKeys) Keys() []string
Keys returns a slice of all the keys contained in this map
func (*StringKeys) MarshalEasyJSON ¶
func (sk *StringKeys) MarshalEasyJSON(out *jwriter.Writer)
MarshalEasyJSON marshals the keys into JSON, using easyJSON
func (*StringKeys) MarshalJSON ¶
func (sk *StringKeys) MarshalJSON() ([]byte, error)
MarshalJSON marshals the keys into JSON
type SyscallKey ¶
SyscallKey key representing the arch and syscall id