eventchecker

package
v0.8.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckerLogPrefix

func CheckerLogPrefix(checker interface{ GetCheckerType() string }) string

CheckerLogPrefix is a helper that outputs the log prefix for an event checker, which is a combination of the checker type and the checker name if applicable.

func NextResponseCheck

func NextResponseCheck(c MultiEventChecker, res *tetragon.GetEventsResponse, l *logrus.Logger) (bool, error)

NextResponseCheck checks the next response

Types

type CapabilitiesChecker

type CapabilitiesChecker struct {
	Permitted   *CapabilitiesTypeListMatcher `json:"permitted,omitempty"`
	Effective   *CapabilitiesTypeListMatcher `json:"effective,omitempty"`
	Inheritable *CapabilitiesTypeListMatcher `json:"inheritable,omitempty"`
}

CapabilitiesChecker implements a checker struct to check a Capabilities field

func NewCapabilitiesChecker

func NewCapabilitiesChecker() *CapabilitiesChecker

NewCapabilitiesChecker creates a new CapabilitiesChecker

func (*CapabilitiesChecker) Check

func (checker *CapabilitiesChecker) Check(event *tetragon.Capabilities) error

Check checks a Capabilities field

func (*CapabilitiesChecker) FromCapabilities

func (checker *CapabilitiesChecker) FromCapabilities(event *tetragon.Capabilities) *CapabilitiesChecker

FromCapabilities populates the CapabilitiesChecker using data from a Capabilities field

func (*CapabilitiesChecker) GetCheckerType

func (checker *CapabilitiesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*CapabilitiesChecker) WithEffective

WithEffective adds a Effective check to the CapabilitiesChecker

func (*CapabilitiesChecker) WithInheritable

func (checker *CapabilitiesChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker

WithInheritable adds a Inheritable check to the CapabilitiesChecker

func (*CapabilitiesChecker) WithPermitted

WithPermitted adds a Permitted check to the CapabilitiesChecker

type CapabilitiesTypeChecker

type CapabilitiesTypeChecker tetragon.CapabilitiesType

CapabilitiesTypeChecker checks a tetragon.CapabilitiesType

func NewCapabilitiesTypeChecker

func NewCapabilitiesTypeChecker(val tetragon.CapabilitiesType) *CapabilitiesTypeChecker

NewCapabilitiesTypeChecker creates a new CapabilitiesTypeChecker

func (*CapabilitiesTypeChecker) Check

Check checks a CapabilitiesType against the checker

func (CapabilitiesTypeChecker) MarshalJSON

func (enum CapabilitiesTypeChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*CapabilitiesTypeChecker) UnmarshalJSON

func (enum *CapabilitiesTypeChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type CapabilitiesTypeListMatcher

type CapabilitiesTypeListMatcher struct {
	Operator listmatcher.Operator       `json:"operator"`
	Values   []*CapabilitiesTypeChecker `json:"values"`
}

CapabilitiesTypeListMatcher checks a list of tetragon.CapabilitiesType fields

func NewCapabilitiesTypeListMatcher

func NewCapabilitiesTypeListMatcher() *CapabilitiesTypeListMatcher

NewCapabilitiesTypeListMatcher creates a new CapabilitiesTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*CapabilitiesTypeListMatcher) Check

Check checks a list of tetragon.CapabilitiesType fields

func (*CapabilitiesTypeListMatcher) WithOperator

WithOperator sets the match kind for the CapabilitiesTypeListMatcher

func (*CapabilitiesTypeListMatcher) WithValues

WithValues sets the checkers that the CapabilitiesTypeListMatcher should use

type ContainerChecker

type ContainerChecker struct {
	Id             *stringmatcher.StringMatcher       `json:"id,omitempty"`
	Name           *stringmatcher.StringMatcher       `json:"name,omitempty"`
	Image          *ImageChecker                      `json:"image,omitempty"`
	StartTime      *timestampmatcher.TimestampMatcher `json:"startTime,omitempty"`
	Pid            *uint32                            `json:"pid,omitempty"`
	MaybeExecProbe *bool                              `json:"maybeExecProbe,omitempty"`
}

ContainerChecker implements a checker struct to check a Container field

func NewContainerChecker

func NewContainerChecker() *ContainerChecker

NewContainerChecker creates a new ContainerChecker

func (*ContainerChecker) Check

func (checker *ContainerChecker) Check(event *tetragon.Container) error

Check checks a Container field

func (*ContainerChecker) FromContainer

func (checker *ContainerChecker) FromContainer(event *tetragon.Container) *ContainerChecker

FromContainer populates the ContainerChecker using data from a Container field

func (*ContainerChecker) GetCheckerType

func (checker *ContainerChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ContainerChecker) WithId

WithId adds a Id check to the ContainerChecker

func (*ContainerChecker) WithImage

func (checker *ContainerChecker) WithImage(check *ImageChecker) *ContainerChecker

WithImage adds a Image check to the ContainerChecker

func (*ContainerChecker) WithMaybeExecProbe

func (checker *ContainerChecker) WithMaybeExecProbe(check bool) *ContainerChecker

WithMaybeExecProbe adds a MaybeExecProbe check to the ContainerChecker

func (*ContainerChecker) WithName

func (checker *ContainerChecker) WithName(check *stringmatcher.StringMatcher) *ContainerChecker

WithName adds a Name check to the ContainerChecker

func (*ContainerChecker) WithPid

func (checker *ContainerChecker) WithPid(check uint32) *ContainerChecker

WithPid adds a Pid check to the ContainerChecker

func (*ContainerChecker) WithStartTime

func (checker *ContainerChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ContainerChecker

WithStartTime adds a StartTime check to the ContainerChecker

type Event

type Event tetragon.Event

Event is an empty interface used for events like ProcessExec, etc.

func EventFromResponse

func EventFromResponse(response *tetragon.GetEventsResponse) (Event, error)

EventFromResponse coerces an event from a Tetragon gRPC response

type EventChecker

type EventChecker interface {
	// CheckEvent checks a single event
	CheckEvent(Event) error
	// CheckEvent checks a single gRPC response
	CheckResponse(*tetragon.GetEventsResponse) error
}

EventChecker is an interface for checking a Tetragon event

func CheckerFromEvent

func CheckerFromEvent(event Event) (EventChecker, error)

CheckerFromEvent converts an event into an EventChecker

func CheckerFromResponse

func CheckerFromResponse(response *tetragon.GetEventsResponse) (EventChecker, error)

ResponseToChecker converts a gRPC response into an EventChecker

type FnEventChecker

type FnEventChecker struct {
	// NextCheckFn checks an event and returns a boolean value indicating
	// whether the checker has concluded, and an error indicating whether the
	// check was successful. The boolean value allows short-circuiting checks.
	//
	// Specifically:
	// (false,  nil): this event check was successful, but need to check more events
	// (false, !nil): this event check not was successful, but need to check more events
	// (true,   nil): checker was successful, no need to check more events
	// (true,  !nil): checker failed, no need to check more events
	NextCheckFn func(Event, *logrus.Logger) (bool, error)
	// FinalCheckFn indicates that the sequence of events has ended, and asks the
	// checker to make a final decision. Any cleanup should also be performed here.
	FinalCheckFn func(*logrus.Logger) error
}

FnEventChecker checks a series of events using custom-defined functions for the MultiEventChecker implementation

func (*FnEventChecker) FinalCheck

func (checker *FnEventChecker) FinalCheck(logger *logrus.Logger) error

FinalCheck implements the MultiEventChecker interface

func (*FnEventChecker) NextEventCheck

func (checker *FnEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)

NextEventCheck implements the MultiEventChecker interface

type ImageChecker

type ImageChecker struct {
	Id   *stringmatcher.StringMatcher `json:"id,omitempty"`
	Name *stringmatcher.StringMatcher `json:"name,omitempty"`
}

ImageChecker implements a checker struct to check a Image field

func NewImageChecker

func NewImageChecker() *ImageChecker

NewImageChecker creates a new ImageChecker

func (*ImageChecker) Check

func (checker *ImageChecker) Check(event *tetragon.Image) error

Check checks a Image field

func (*ImageChecker) FromImage

func (checker *ImageChecker) FromImage(event *tetragon.Image) *ImageChecker

FromImage populates the ImageChecker using data from a Image field

func (*ImageChecker) GetCheckerType

func (checker *ImageChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ImageChecker) WithId

func (checker *ImageChecker) WithId(check *stringmatcher.StringMatcher) *ImageChecker

WithId adds a Id check to the ImageChecker

func (*ImageChecker) WithName

func (checker *ImageChecker) WithName(check *stringmatcher.StringMatcher) *ImageChecker

WithName adds a Name check to the ImageChecker

type KprobeActionChecker

type KprobeActionChecker tetragon.KprobeAction

KprobeActionChecker checks a tetragon.KprobeAction

func NewKprobeActionChecker

func NewKprobeActionChecker(val tetragon.KprobeAction) *KprobeActionChecker

NewKprobeActionChecker creates a new KprobeActionChecker

func (*KprobeActionChecker) Check

func (enum *KprobeActionChecker) Check(val *tetragon.KprobeAction) error

Check checks a KprobeAction against the checker

func (KprobeActionChecker) MarshalJSON

func (enum KprobeActionChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*KprobeActionChecker) UnmarshalJSON

func (enum *KprobeActionChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type KprobeArgumentChecker

type KprobeArgumentChecker struct {
	StringArg         *stringmatcher.StringMatcher `json:"stringArg,omitempty"`
	IntArg            *int32                       `json:"intArg,omitempty"`
	SkbArg            *KprobeSkbChecker            `json:"skbArg,omitempty"`
	SizeArg           *uint64                      `json:"sizeArg,omitempty"`
	BytesArg          *bytesmatcher.BytesMatcher   `json:"bytesArg,omitempty"`
	PathArg           *KprobePathChecker           `json:"pathArg,omitempty"`
	FileArg           *KprobeFileChecker           `json:"fileArg,omitempty"`
	TruncatedBytesArg *KprobeTruncatedBytesChecker `json:"truncatedBytesArg,omitempty"`
	SockArg           *KprobeSockChecker           `json:"sockArg,omitempty"`
	CredArg           *KprobeCredChecker           `json:"credArg,omitempty"`
	LongArg           *int64                       `json:"longArg,omitempty"`
	BpfAttrArg        *KprobeBpfAttrChecker        `json:"bpfAttrArg,omitempty"`
	PerfEventArg      *KprobePerfEventChecker      `json:"perfEventArg,omitempty"`
	BpfMapArg         *KprobeBpfMapChecker         `json:"bpfMapArg,omitempty"`
	UintArg           *uint32                      `json:"uintArg,omitempty"`
	UserNamespaceArg  *KprobeUserNamespaceChecker  `json:"userNamespaceArg,omitempty"`
	CapabilityArg     *KprobeCapabilityChecker     `json:"capabilityArg,omitempty"`
}

KprobeArgumentChecker implements a checker struct to check a KprobeArgument field

func NewKprobeArgumentChecker

func NewKprobeArgumentChecker() *KprobeArgumentChecker

NewKprobeArgumentChecker creates a new KprobeArgumentChecker

func (*KprobeArgumentChecker) Check

func (checker *KprobeArgumentChecker) Check(event *tetragon.KprobeArgument) error

Check checks a KprobeArgument field

func (*KprobeArgumentChecker) FromKprobeArgument

func (checker *KprobeArgumentChecker) FromKprobeArgument(event *tetragon.KprobeArgument) *KprobeArgumentChecker

FromKprobeArgument populates the KprobeArgumentChecker using data from a KprobeArgument field

func (*KprobeArgumentChecker) GetCheckerType

func (checker *KprobeArgumentChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeArgumentChecker) WithBpfAttrArg

func (checker *KprobeArgumentChecker) WithBpfAttrArg(check *KprobeBpfAttrChecker) *KprobeArgumentChecker

WithBpfAttrArg adds a BpfAttrArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithBpfMapArg

func (checker *KprobeArgumentChecker) WithBpfMapArg(check *KprobeBpfMapChecker) *KprobeArgumentChecker

WithBpfMapArg adds a BpfMapArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithBytesArg

WithBytesArg adds a BytesArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCapabilityArg

func (checker *KprobeArgumentChecker) WithCapabilityArg(check *KprobeCapabilityChecker) *KprobeArgumentChecker

WithCapabilityArg adds a CapabilityArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCredArg

func (checker *KprobeArgumentChecker) WithCredArg(check *KprobeCredChecker) *KprobeArgumentChecker

WithCredArg adds a CredArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithFileArg

func (checker *KprobeArgumentChecker) WithFileArg(check *KprobeFileChecker) *KprobeArgumentChecker

WithFileArg adds a FileArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithIntArg

func (checker *KprobeArgumentChecker) WithIntArg(check int32) *KprobeArgumentChecker

WithIntArg adds a IntArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithLongArg

func (checker *KprobeArgumentChecker) WithLongArg(check int64) *KprobeArgumentChecker

WithLongArg adds a LongArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithPathArg

func (checker *KprobeArgumentChecker) WithPathArg(check *KprobePathChecker) *KprobeArgumentChecker

WithPathArg adds a PathArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithPerfEventArg

func (checker *KprobeArgumentChecker) WithPerfEventArg(check *KprobePerfEventChecker) *KprobeArgumentChecker

WithPerfEventArg adds a PerfEventArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithSizeArg

func (checker *KprobeArgumentChecker) WithSizeArg(check uint64) *KprobeArgumentChecker

WithSizeArg adds a SizeArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithSkbArg

func (checker *KprobeArgumentChecker) WithSkbArg(check *KprobeSkbChecker) *KprobeArgumentChecker

WithSkbArg adds a SkbArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithSockArg

func (checker *KprobeArgumentChecker) WithSockArg(check *KprobeSockChecker) *KprobeArgumentChecker

WithSockArg adds a SockArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithStringArg

WithStringArg adds a StringArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithTruncatedBytesArg

func (checker *KprobeArgumentChecker) WithTruncatedBytesArg(check *KprobeTruncatedBytesChecker) *KprobeArgumentChecker

WithTruncatedBytesArg adds a TruncatedBytesArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithUintArg

func (checker *KprobeArgumentChecker) WithUintArg(check uint32) *KprobeArgumentChecker

WithUintArg adds a UintArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithUserNamespaceArg

func (checker *KprobeArgumentChecker) WithUserNamespaceArg(check *KprobeUserNamespaceChecker) *KprobeArgumentChecker

WithUserNamespaceArg adds a UserNamespaceArg check to the KprobeArgumentChecker

type KprobeArgumentListMatcher

type KprobeArgumentListMatcher struct {
	Operator listmatcher.Operator     `json:"operator"`
	Values   []*KprobeArgumentChecker `json:"values"`
}

KprobeArgumentListMatcher checks a list of *tetragon.KprobeArgument fields

func NewKprobeArgumentListMatcher

func NewKprobeArgumentListMatcher() *KprobeArgumentListMatcher

NewKprobeArgumentListMatcher creates a new KprobeArgumentListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*KprobeArgumentListMatcher) Check

func (checker *KprobeArgumentListMatcher) Check(values []*tetragon.KprobeArgument) error

Check checks a list of *tetragon.KprobeArgument fields

func (*KprobeArgumentListMatcher) WithOperator

WithOperator sets the match kind for the KprobeArgumentListMatcher

func (*KprobeArgumentListMatcher) WithValues

WithValues sets the checkers that the KprobeArgumentListMatcher should use

type KprobeBpfAttrChecker

type KprobeBpfAttrChecker struct {
	ProgType *stringmatcher.StringMatcher `json:"ProgType,omitempty"`
	InsnCnt  *uint32                      `json:"InsnCnt,omitempty"`
	ProgName *stringmatcher.StringMatcher `json:"ProgName,omitempty"`
}

KprobeBpfAttrChecker implements a checker struct to check a KprobeBpfAttr field

func NewKprobeBpfAttrChecker

func NewKprobeBpfAttrChecker() *KprobeBpfAttrChecker

NewKprobeBpfAttrChecker creates a new KprobeBpfAttrChecker

func (*KprobeBpfAttrChecker) Check

func (checker *KprobeBpfAttrChecker) Check(event *tetragon.KprobeBpfAttr) error

Check checks a KprobeBpfAttr field

func (*KprobeBpfAttrChecker) FromKprobeBpfAttr

func (checker *KprobeBpfAttrChecker) FromKprobeBpfAttr(event *tetragon.KprobeBpfAttr) *KprobeBpfAttrChecker

FromKprobeBpfAttr populates the KprobeBpfAttrChecker using data from a KprobeBpfAttr field

func (*KprobeBpfAttrChecker) GetCheckerType

func (checker *KprobeBpfAttrChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeBpfAttrChecker) WithInsnCnt

func (checker *KprobeBpfAttrChecker) WithInsnCnt(check uint32) *KprobeBpfAttrChecker

WithInsnCnt adds a InsnCnt check to the KprobeBpfAttrChecker

func (*KprobeBpfAttrChecker) WithProgName

WithProgName adds a ProgName check to the KprobeBpfAttrChecker

func (*KprobeBpfAttrChecker) WithProgType

WithProgType adds a ProgType check to the KprobeBpfAttrChecker

type KprobeBpfMapChecker

type KprobeBpfMapChecker struct {
	MapType    *stringmatcher.StringMatcher `json:"MapType,omitempty"`
	KeySize    *uint32                      `json:"KeySize,omitempty"`
	ValueSize  *uint32                      `json:"ValueSize,omitempty"`
	MaxEntries *uint32                      `json:"MaxEntries,omitempty"`
	MapName    *stringmatcher.StringMatcher `json:"MapName,omitempty"`
}

KprobeBpfMapChecker implements a checker struct to check a KprobeBpfMap field

func NewKprobeBpfMapChecker

func NewKprobeBpfMapChecker() *KprobeBpfMapChecker

NewKprobeBpfMapChecker creates a new KprobeBpfMapChecker

func (*KprobeBpfMapChecker) Check

func (checker *KprobeBpfMapChecker) Check(event *tetragon.KprobeBpfMap) error

Check checks a KprobeBpfMap field

func (*KprobeBpfMapChecker) FromKprobeBpfMap

func (checker *KprobeBpfMapChecker) FromKprobeBpfMap(event *tetragon.KprobeBpfMap) *KprobeBpfMapChecker

FromKprobeBpfMap populates the KprobeBpfMapChecker using data from a KprobeBpfMap field

func (*KprobeBpfMapChecker) GetCheckerType

func (checker *KprobeBpfMapChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeBpfMapChecker) WithKeySize

func (checker *KprobeBpfMapChecker) WithKeySize(check uint32) *KprobeBpfMapChecker

WithKeySize adds a KeySize check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithMapName

WithMapName adds a MapName check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithMapType

WithMapType adds a MapType check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithMaxEntries

func (checker *KprobeBpfMapChecker) WithMaxEntries(check uint32) *KprobeBpfMapChecker

WithMaxEntries adds a MaxEntries check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithValueSize

func (checker *KprobeBpfMapChecker) WithValueSize(check uint32) *KprobeBpfMapChecker

WithValueSize adds a ValueSize check to the KprobeBpfMapChecker

type KprobeCapabilityChecker

type KprobeCapabilityChecker struct {
	Value *int32                       `json:"value,omitempty"`
	Name  *stringmatcher.StringMatcher `json:"name,omitempty"`
}

KprobeCapabilityChecker implements a checker struct to check a KprobeCapability field

func NewKprobeCapabilityChecker

func NewKprobeCapabilityChecker() *KprobeCapabilityChecker

NewKprobeCapabilityChecker creates a new KprobeCapabilityChecker

func (*KprobeCapabilityChecker) Check

func (checker *KprobeCapabilityChecker) Check(event *tetragon.KprobeCapability) error

Check checks a KprobeCapability field

func (*KprobeCapabilityChecker) FromKprobeCapability

func (checker *KprobeCapabilityChecker) FromKprobeCapability(event *tetragon.KprobeCapability) *KprobeCapabilityChecker

FromKprobeCapability populates the KprobeCapabilityChecker using data from a KprobeCapability field

func (*KprobeCapabilityChecker) GetCheckerType

func (checker *KprobeCapabilityChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeCapabilityChecker) WithName

WithName adds a Name check to the KprobeCapabilityChecker

func (*KprobeCapabilityChecker) WithValue

func (checker *KprobeCapabilityChecker) WithValue(check int32) *KprobeCapabilityChecker

WithValue adds a Value check to the KprobeCapabilityChecker

type KprobeCredChecker

type KprobeCredChecker struct {
	Permitted   *CapabilitiesTypeListMatcher `json:"permitted,omitempty"`
	Effective   *CapabilitiesTypeListMatcher `json:"effective,omitempty"`
	Inheritable *CapabilitiesTypeListMatcher `json:"inheritable,omitempty"`
}

KprobeCredChecker implements a checker struct to check a KprobeCred field

func NewKprobeCredChecker

func NewKprobeCredChecker() *KprobeCredChecker

NewKprobeCredChecker creates a new KprobeCredChecker

func (*KprobeCredChecker) Check

func (checker *KprobeCredChecker) Check(event *tetragon.KprobeCred) error

Check checks a KprobeCred field

func (*KprobeCredChecker) FromKprobeCred

func (checker *KprobeCredChecker) FromKprobeCred(event *tetragon.KprobeCred) *KprobeCredChecker

FromKprobeCred populates the KprobeCredChecker using data from a KprobeCred field

func (*KprobeCredChecker) GetCheckerType

func (checker *KprobeCredChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeCredChecker) WithEffective

func (checker *KprobeCredChecker) WithEffective(check *CapabilitiesTypeListMatcher) *KprobeCredChecker

WithEffective adds a Effective check to the KprobeCredChecker

func (*KprobeCredChecker) WithInheritable

func (checker *KprobeCredChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *KprobeCredChecker

WithInheritable adds a Inheritable check to the KprobeCredChecker

func (*KprobeCredChecker) WithPermitted

func (checker *KprobeCredChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *KprobeCredChecker

WithPermitted adds a Permitted check to the KprobeCredChecker

type KprobeFileChecker

type KprobeFileChecker struct {
	Mount *stringmatcher.StringMatcher `json:"mount,omitempty"`
	Path  *stringmatcher.StringMatcher `json:"path,omitempty"`
	Flags *stringmatcher.StringMatcher `json:"flags,omitempty"`
}

KprobeFileChecker implements a checker struct to check a KprobeFile field

func NewKprobeFileChecker

func NewKprobeFileChecker() *KprobeFileChecker

NewKprobeFileChecker creates a new KprobeFileChecker

func (*KprobeFileChecker) Check

func (checker *KprobeFileChecker) Check(event *tetragon.KprobeFile) error

Check checks a KprobeFile field

func (*KprobeFileChecker) FromKprobeFile

func (checker *KprobeFileChecker) FromKprobeFile(event *tetragon.KprobeFile) *KprobeFileChecker

FromKprobeFile populates the KprobeFileChecker using data from a KprobeFile field

func (*KprobeFileChecker) GetCheckerType

func (checker *KprobeFileChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeFileChecker) WithFlags

func (checker *KprobeFileChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeFileChecker

WithFlags adds a Flags check to the KprobeFileChecker

func (*KprobeFileChecker) WithMount

func (checker *KprobeFileChecker) WithMount(check *stringmatcher.StringMatcher) *KprobeFileChecker

WithMount adds a Mount check to the KprobeFileChecker

func (*KprobeFileChecker) WithPath

WithPath adds a Path check to the KprobeFileChecker

type KprobePathChecker

type KprobePathChecker struct {
	Mount *stringmatcher.StringMatcher `json:"mount,omitempty"`
	Path  *stringmatcher.StringMatcher `json:"path,omitempty"`
	Flags *stringmatcher.StringMatcher `json:"flags,omitempty"`
}

KprobePathChecker implements a checker struct to check a KprobePath field

func NewKprobePathChecker

func NewKprobePathChecker() *KprobePathChecker

NewKprobePathChecker creates a new KprobePathChecker

func (*KprobePathChecker) Check

func (checker *KprobePathChecker) Check(event *tetragon.KprobePath) error

Check checks a KprobePath field

func (*KprobePathChecker) FromKprobePath

func (checker *KprobePathChecker) FromKprobePath(event *tetragon.KprobePath) *KprobePathChecker

FromKprobePath populates the KprobePathChecker using data from a KprobePath field

func (*KprobePathChecker) GetCheckerType

func (checker *KprobePathChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobePathChecker) WithFlags

func (checker *KprobePathChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobePathChecker

WithFlags adds a Flags check to the KprobePathChecker

func (*KprobePathChecker) WithMount

func (checker *KprobePathChecker) WithMount(check *stringmatcher.StringMatcher) *KprobePathChecker

WithMount adds a Mount check to the KprobePathChecker

func (*KprobePathChecker) WithPath

WithPath adds a Path check to the KprobePathChecker

type KprobePerfEventChecker

type KprobePerfEventChecker struct {
	KprobeFunc  *stringmatcher.StringMatcher `json:"KprobeFunc,omitempty"`
	Type        *stringmatcher.StringMatcher `json:"Type,omitempty"`
	Config      *uint64                      `json:"Config,omitempty"`
	ProbeOffset *uint64                      `json:"ProbeOffset,omitempty"`
}

KprobePerfEventChecker implements a checker struct to check a KprobePerfEvent field

func NewKprobePerfEventChecker

func NewKprobePerfEventChecker() *KprobePerfEventChecker

NewKprobePerfEventChecker creates a new KprobePerfEventChecker

func (*KprobePerfEventChecker) Check

func (checker *KprobePerfEventChecker) Check(event *tetragon.KprobePerfEvent) error

Check checks a KprobePerfEvent field

func (*KprobePerfEventChecker) FromKprobePerfEvent

func (checker *KprobePerfEventChecker) FromKprobePerfEvent(event *tetragon.KprobePerfEvent) *KprobePerfEventChecker

FromKprobePerfEvent populates the KprobePerfEventChecker using data from a KprobePerfEvent field

func (*KprobePerfEventChecker) GetCheckerType

func (checker *KprobePerfEventChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobePerfEventChecker) WithConfig

func (checker *KprobePerfEventChecker) WithConfig(check uint64) *KprobePerfEventChecker

WithConfig adds a Config check to the KprobePerfEventChecker

func (*KprobePerfEventChecker) WithKprobeFunc

WithKprobeFunc adds a KprobeFunc check to the KprobePerfEventChecker

func (*KprobePerfEventChecker) WithProbeOffset

func (checker *KprobePerfEventChecker) WithProbeOffset(check uint64) *KprobePerfEventChecker

WithProbeOffset adds a ProbeOffset check to the KprobePerfEventChecker

func (*KprobePerfEventChecker) WithType

WithType adds a Type check to the KprobePerfEventChecker

type KprobeSkbChecker

type KprobeSkbChecker struct {
	Hash        *uint32                      `json:"hash,omitempty"`
	Len         *uint32                      `json:"len,omitempty"`
	Priority    *uint32                      `json:"priority,omitempty"`
	Mark        *uint32                      `json:"mark,omitempty"`
	Saddr       *stringmatcher.StringMatcher `json:"saddr,omitempty"`
	Daddr       *stringmatcher.StringMatcher `json:"daddr,omitempty"`
	Sport       *uint32                      `json:"sport,omitempty"`
	Dport       *uint32                      `json:"dport,omitempty"`
	Proto       *uint32                      `json:"proto,omitempty"`
	SecPathLen  *uint32                      `json:"secPathLen,omitempty"`
	SecPathOlen *uint32                      `json:"secPathOlen,omitempty"`
}

KprobeSkbChecker implements a checker struct to check a KprobeSkb field

func NewKprobeSkbChecker

func NewKprobeSkbChecker() *KprobeSkbChecker

NewKprobeSkbChecker creates a new KprobeSkbChecker

func (*KprobeSkbChecker) Check

func (checker *KprobeSkbChecker) Check(event *tetragon.KprobeSkb) error

Check checks a KprobeSkb field

func (*KprobeSkbChecker) FromKprobeSkb

func (checker *KprobeSkbChecker) FromKprobeSkb(event *tetragon.KprobeSkb) *KprobeSkbChecker

FromKprobeSkb populates the KprobeSkbChecker using data from a KprobeSkb field

func (*KprobeSkbChecker) GetCheckerType

func (checker *KprobeSkbChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeSkbChecker) WithDaddr

func (checker *KprobeSkbChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker

WithDaddr adds a Daddr check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithDport

func (checker *KprobeSkbChecker) WithDport(check uint32) *KprobeSkbChecker

WithDport adds a Dport check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithHash

func (checker *KprobeSkbChecker) WithHash(check uint32) *KprobeSkbChecker

WithHash adds a Hash check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithLen

func (checker *KprobeSkbChecker) WithLen(check uint32) *KprobeSkbChecker

WithLen adds a Len check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithMark

func (checker *KprobeSkbChecker) WithMark(check uint32) *KprobeSkbChecker

WithMark adds a Mark check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithPriority

func (checker *KprobeSkbChecker) WithPriority(check uint32) *KprobeSkbChecker

WithPriority adds a Priority check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithProto

func (checker *KprobeSkbChecker) WithProto(check uint32) *KprobeSkbChecker

WithProto adds a Proto check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSaddr

func (checker *KprobeSkbChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker

WithSaddr adds a Saddr check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSecPathLen

func (checker *KprobeSkbChecker) WithSecPathLen(check uint32) *KprobeSkbChecker

WithSecPathLen adds a SecPathLen check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSecPathOlen

func (checker *KprobeSkbChecker) WithSecPathOlen(check uint32) *KprobeSkbChecker

WithSecPathOlen adds a SecPathOlen check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSport

func (checker *KprobeSkbChecker) WithSport(check uint32) *KprobeSkbChecker

WithSport adds a Sport check to the KprobeSkbChecker

type KprobeSockChecker

type KprobeSockChecker struct {
	Family   *stringmatcher.StringMatcher `json:"family,omitempty"`
	Type     *stringmatcher.StringMatcher `json:"type,omitempty"`
	Protocol *stringmatcher.StringMatcher `json:"protocol,omitempty"`
	Mark     *uint32                      `json:"mark,omitempty"`
	Priority *uint32                      `json:"priority,omitempty"`
	Saddr    *stringmatcher.StringMatcher `json:"saddr,omitempty"`
	Daddr    *stringmatcher.StringMatcher `json:"daddr,omitempty"`
	Sport    *uint32                      `json:"sport,omitempty"`
	Dport    *uint32                      `json:"dport,omitempty"`
}

KprobeSockChecker implements a checker struct to check a KprobeSock field

func NewKprobeSockChecker

func NewKprobeSockChecker() *KprobeSockChecker

NewKprobeSockChecker creates a new KprobeSockChecker

func (*KprobeSockChecker) Check

func (checker *KprobeSockChecker) Check(event *tetragon.KprobeSock) error

Check checks a KprobeSock field

func (*KprobeSockChecker) FromKprobeSock

func (checker *KprobeSockChecker) FromKprobeSock(event *tetragon.KprobeSock) *KprobeSockChecker

FromKprobeSock populates the KprobeSockChecker using data from a KprobeSock field

func (*KprobeSockChecker) GetCheckerType

func (checker *KprobeSockChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeSockChecker) WithDaddr

func (checker *KprobeSockChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithDaddr adds a Daddr check to the KprobeSockChecker

func (*KprobeSockChecker) WithDport

func (checker *KprobeSockChecker) WithDport(check uint32) *KprobeSockChecker

WithDport adds a Dport check to the KprobeSockChecker

func (*KprobeSockChecker) WithFamily

func (checker *KprobeSockChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithFamily adds a Family check to the KprobeSockChecker

func (*KprobeSockChecker) WithMark

func (checker *KprobeSockChecker) WithMark(check uint32) *KprobeSockChecker

WithMark adds a Mark check to the KprobeSockChecker

func (*KprobeSockChecker) WithPriority

func (checker *KprobeSockChecker) WithPriority(check uint32) *KprobeSockChecker

WithPriority adds a Priority check to the KprobeSockChecker

func (*KprobeSockChecker) WithProtocol

func (checker *KprobeSockChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithProtocol adds a Protocol check to the KprobeSockChecker

func (*KprobeSockChecker) WithSaddr

func (checker *KprobeSockChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithSaddr adds a Saddr check to the KprobeSockChecker

func (*KprobeSockChecker) WithSport

func (checker *KprobeSockChecker) WithSport(check uint32) *KprobeSockChecker

WithSport adds a Sport check to the KprobeSockChecker

func (*KprobeSockChecker) WithType

WithType adds a Type check to the KprobeSockChecker

type KprobeTruncatedBytesChecker

type KprobeTruncatedBytesChecker struct {
	BytesArg *bytesmatcher.BytesMatcher `json:"bytesArg,omitempty"`
	OrigSize *uint64                    `json:"origSize,omitempty"`
}

KprobeTruncatedBytesChecker implements a checker struct to check a KprobeTruncatedBytes field

func NewKprobeTruncatedBytesChecker

func NewKprobeTruncatedBytesChecker() *KprobeTruncatedBytesChecker

NewKprobeTruncatedBytesChecker creates a new KprobeTruncatedBytesChecker

func (*KprobeTruncatedBytesChecker) Check

Check checks a KprobeTruncatedBytes field

func (*KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes

func (checker *KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes(event *tetragon.KprobeTruncatedBytes) *KprobeTruncatedBytesChecker

FromKprobeTruncatedBytes populates the KprobeTruncatedBytesChecker using data from a KprobeTruncatedBytes field

func (*KprobeTruncatedBytesChecker) GetCheckerType

func (checker *KprobeTruncatedBytesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeTruncatedBytesChecker) WithBytesArg

WithBytesArg adds a BytesArg check to the KprobeTruncatedBytesChecker

func (*KprobeTruncatedBytesChecker) WithOrigSize

func (checker *KprobeTruncatedBytesChecker) WithOrigSize(check uint64) *KprobeTruncatedBytesChecker

WithOrigSize adds a OrigSize check to the KprobeTruncatedBytesChecker

type KprobeUserNamespaceChecker

type KprobeUserNamespaceChecker struct {
	Level *int32            `json:"level,omitempty"`
	Owner *uint32           `json:"owner,omitempty"`
	Group *uint32           `json:"group,omitempty"`
	Ns    *NamespaceChecker `json:"ns,omitempty"`
}

KprobeUserNamespaceChecker implements a checker struct to check a KprobeUserNamespace field

func NewKprobeUserNamespaceChecker

func NewKprobeUserNamespaceChecker() *KprobeUserNamespaceChecker

NewKprobeUserNamespaceChecker creates a new KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) Check

Check checks a KprobeUserNamespace field

func (*KprobeUserNamespaceChecker) FromKprobeUserNamespace

func (checker *KprobeUserNamespaceChecker) FromKprobeUserNamespace(event *tetragon.KprobeUserNamespace) *KprobeUserNamespaceChecker

FromKprobeUserNamespace populates the KprobeUserNamespaceChecker using data from a KprobeUserNamespace field

func (*KprobeUserNamespaceChecker) GetCheckerType

func (checker *KprobeUserNamespaceChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeUserNamespaceChecker) WithGroup

WithGroup adds a Group check to the KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) WithLevel

func (checker *KprobeUserNamespaceChecker) WithLevel(check int32) *KprobeUserNamespaceChecker

WithLevel adds a Level check to the KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) WithNs

WithNs adds a Ns check to the KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) WithOwner

WithOwner adds a Owner check to the KprobeUserNamespaceChecker

type MultiEventChecker

type MultiEventChecker interface {
	// NextEventCheck checks an event and returns a boolean value indicating
	// whether the checker has concluded, and an error indicating whether the
	// check was successful. The boolean value allows short-circuiting checks.
	//
	// Specifically:
	// (false,  nil): this event check was successful, but need to check more events
	// (false, !nil): this event check not was successful, but need to check more events
	// (true,   nil): checker was successful, no need to check more events
	// (true,  !nil): checker failed, no need to check more events
	NextEventCheck(Event, *logrus.Logger) (bool, error)

	// FinalCheck indicates that the sequence of events has ended, and
	// asks the checker to make a final decision. Once this function is
	// called, the checker is expected to return to its initial state so
	// that it can be reused. Hence, this function should only be called
	// once for each stream of events.
	FinalCheck(*logrus.Logger) error
}

MultiEventChecker is an interface for checking multiple Tetragon events

type NamespaceChecker

type NamespaceChecker struct {
	Inum   *uint32 `json:"inum,omitempty"`
	IsHost *bool   `json:"isHost,omitempty"`
}

NamespaceChecker implements a checker struct to check a Namespace field

func NewNamespaceChecker

func NewNamespaceChecker() *NamespaceChecker

NewNamespaceChecker creates a new NamespaceChecker

func (*NamespaceChecker) Check

func (checker *NamespaceChecker) Check(event *tetragon.Namespace) error

Check checks a Namespace field

func (*NamespaceChecker) FromNamespace

func (checker *NamespaceChecker) FromNamespace(event *tetragon.Namespace) *NamespaceChecker

FromNamespace populates the NamespaceChecker using data from a Namespace field

func (*NamespaceChecker) GetCheckerType

func (checker *NamespaceChecker) GetCheckerType() string

Get the type of the checker as a string

func (*NamespaceChecker) WithInum

func (checker *NamespaceChecker) WithInum(check uint32) *NamespaceChecker

WithInum adds a Inum check to the NamespaceChecker

func (*NamespaceChecker) WithIsHost

func (checker *NamespaceChecker) WithIsHost(check bool) *NamespaceChecker

WithIsHost adds a IsHost check to the NamespaceChecker

type NamespacesChecker

type NamespacesChecker struct {
	Uts             *NamespaceChecker `json:"uts,omitempty"`
	Ipc             *NamespaceChecker `json:"ipc,omitempty"`
	Mnt             *NamespaceChecker `json:"mnt,omitempty"`
	Pid             *NamespaceChecker `json:"pid,omitempty"`
	PidForChildren  *NamespaceChecker `json:"pidForChildren,omitempty"`
	Net             *NamespaceChecker `json:"net,omitempty"`
	Time            *NamespaceChecker `json:"time,omitempty"`
	TimeForChildren *NamespaceChecker `json:"timeForChildren,omitempty"`
	Cgroup          *NamespaceChecker `json:"cgroup,omitempty"`
	User            *NamespaceChecker `json:"user,omitempty"`
}

NamespacesChecker implements a checker struct to check a Namespaces field

func NewNamespacesChecker

func NewNamespacesChecker() *NamespacesChecker

NewNamespacesChecker creates a new NamespacesChecker

func (*NamespacesChecker) Check

func (checker *NamespacesChecker) Check(event *tetragon.Namespaces) error

Check checks a Namespaces field

func (*NamespacesChecker) FromNamespaces

func (checker *NamespacesChecker) FromNamespaces(event *tetragon.Namespaces) *NamespacesChecker

FromNamespaces populates the NamespacesChecker using data from a Namespaces field

func (*NamespacesChecker) GetCheckerType

func (checker *NamespacesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*NamespacesChecker) WithCgroup

func (checker *NamespacesChecker) WithCgroup(check *NamespaceChecker) *NamespacesChecker

WithCgroup adds a Cgroup check to the NamespacesChecker

func (*NamespacesChecker) WithIpc

func (checker *NamespacesChecker) WithIpc(check *NamespaceChecker) *NamespacesChecker

WithIpc adds a Ipc check to the NamespacesChecker

func (*NamespacesChecker) WithMnt

func (checker *NamespacesChecker) WithMnt(check *NamespaceChecker) *NamespacesChecker

WithMnt adds a Mnt check to the NamespacesChecker

func (*NamespacesChecker) WithNet

func (checker *NamespacesChecker) WithNet(check *NamespaceChecker) *NamespacesChecker

WithNet adds a Net check to the NamespacesChecker

func (*NamespacesChecker) WithPid

func (checker *NamespacesChecker) WithPid(check *NamespaceChecker) *NamespacesChecker

WithPid adds a Pid check to the NamespacesChecker

func (*NamespacesChecker) WithPidForChildren

func (checker *NamespacesChecker) WithPidForChildren(check *NamespaceChecker) *NamespacesChecker

WithPidForChildren adds a PidForChildren check to the NamespacesChecker

func (*NamespacesChecker) WithTime

func (checker *NamespacesChecker) WithTime(check *NamespaceChecker) *NamespacesChecker

WithTime adds a Time check to the NamespacesChecker

func (*NamespacesChecker) WithTimeForChildren

func (checker *NamespacesChecker) WithTimeForChildren(check *NamespaceChecker) *NamespacesChecker

WithTimeForChildren adds a TimeForChildren check to the NamespacesChecker

func (*NamespacesChecker) WithUser

func (checker *NamespacesChecker) WithUser(check *NamespaceChecker) *NamespacesChecker

WithUser adds a User check to the NamespacesChecker

func (*NamespacesChecker) WithUts

func (checker *NamespacesChecker) WithUts(check *NamespaceChecker) *NamespacesChecker

WithUts adds a Uts check to the NamespacesChecker

type OrderedEventChecker

type OrderedEventChecker struct {
	// contains filtered or unexported fields
}

OrderedEventChecker checks a series of events in order

func NewOrderedEventChecker

func NewOrderedEventChecker(checks ...EventChecker) *OrderedEventChecker

NewOrderedEventChecker creates a new OrderedEventChecker

func (*OrderedEventChecker) AddChecks

func (checker *OrderedEventChecker) AddChecks(checks ...EventChecker)

AddChecks adds one or more checks to the end of this event checker

func (*OrderedEventChecker) FinalCheck

func (checker *OrderedEventChecker) FinalCheck(logger *logrus.Logger) error

FinalCheck implements the MultiEventChecker interface

func (*OrderedEventChecker) GetChecks

func (checker *OrderedEventChecker) GetChecks() []EventChecker

GetChecks returns this checker's list of checks

func (*OrderedEventChecker) GetRemainingChecks

func (checker *OrderedEventChecker) GetRemainingChecks() []EventChecker

GetRemainingChecks returns this checker's list of remaining checks

func (*OrderedEventChecker) NextEventCheck

func (checker *OrderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)

NextEventCheck implements the MultiEventChecker interface

type PodChecker

type PodChecker struct {
	Namespace *stringmatcher.StringMatcher           `json:"namespace,omitempty"`
	Name      *stringmatcher.StringMatcher           `json:"name,omitempty"`
	Labels    map[string]stringmatcher.StringMatcher `json:"labels,omitempty"`
	Container *ContainerChecker                      `json:"container,omitempty"`
	PodLabels map[string]stringmatcher.StringMatcher `json:"podLabels,omitempty"`
}

PodChecker implements a checker struct to check a Pod field

func NewPodChecker

func NewPodChecker() *PodChecker

NewPodChecker creates a new PodChecker

func (*PodChecker) Check

func (checker *PodChecker) Check(event *tetragon.Pod) error

Check checks a Pod field

func (*PodChecker) FromPod

func (checker *PodChecker) FromPod(event *tetragon.Pod) *PodChecker

FromPod populates the PodChecker using data from a Pod field

func (*PodChecker) GetCheckerType

func (checker *PodChecker) GetCheckerType() string

Get the type of the checker as a string

func (*PodChecker) WithContainer

func (checker *PodChecker) WithContainer(check *ContainerChecker) *PodChecker

WithContainer adds a Container check to the PodChecker

func (*PodChecker) WithLabels

func (checker *PodChecker) WithLabels(check map[string]stringmatcher.StringMatcher) *PodChecker

WithLabels adds a Labels check to the PodChecker

func (*PodChecker) WithName

func (checker *PodChecker) WithName(check *stringmatcher.StringMatcher) *PodChecker

WithName adds a Name check to the PodChecker

func (*PodChecker) WithNamespace

func (checker *PodChecker) WithNamespace(check *stringmatcher.StringMatcher) *PodChecker

WithNamespace adds a Namespace check to the PodChecker

func (*PodChecker) WithPodLabels

func (checker *PodChecker) WithPodLabels(check map[string]stringmatcher.StringMatcher) *PodChecker

WithPodLabels adds a PodLabels check to the PodChecker

type ProcessChecker

type ProcessChecker struct {
	ExecId       *stringmatcher.StringMatcher       `json:"execId,omitempty"`
	Pid          *uint32                            `json:"pid,omitempty"`
	Uid          *uint32                            `json:"uid,omitempty"`
	Cwd          *stringmatcher.StringMatcher       `json:"cwd,omitempty"`
	Binary       *stringmatcher.StringMatcher       `json:"binary,omitempty"`
	Arguments    *stringmatcher.StringMatcher       `json:"arguments,omitempty"`
	Flags        *stringmatcher.StringMatcher       `json:"flags,omitempty"`
	StartTime    *timestampmatcher.TimestampMatcher `json:"startTime,omitempty"`
	Auid         *uint32                            `json:"auid,omitempty"`
	Pod          *PodChecker                        `json:"pod,omitempty"`
	Docker       *stringmatcher.StringMatcher       `json:"docker,omitempty"`
	ParentExecId *stringmatcher.StringMatcher       `json:"parentExecId,omitempty"`
	Refcnt       *uint32                            `json:"refcnt,omitempty"`
	Cap          *CapabilitiesChecker               `json:"cap,omitempty"`
	Ns           *NamespacesChecker                 `json:"ns,omitempty"`
}

ProcessChecker implements a checker struct to check a Process field

func NewProcessChecker

func NewProcessChecker() *ProcessChecker

NewProcessChecker creates a new ProcessChecker

func (*ProcessChecker) Check

func (checker *ProcessChecker) Check(event *tetragon.Process) error

Check checks a Process field

func (*ProcessChecker) FromProcess

func (checker *ProcessChecker) FromProcess(event *tetragon.Process) *ProcessChecker

FromProcess populates the ProcessChecker using data from a Process field

func (*ProcessChecker) GetCheckerType

func (checker *ProcessChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessChecker) WithArguments

func (checker *ProcessChecker) WithArguments(check *stringmatcher.StringMatcher) *ProcessChecker

WithArguments adds a Arguments check to the ProcessChecker

func (*ProcessChecker) WithAuid

func (checker *ProcessChecker) WithAuid(check uint32) *ProcessChecker

WithAuid adds a Auid check to the ProcessChecker

func (*ProcessChecker) WithBinary

func (checker *ProcessChecker) WithBinary(check *stringmatcher.StringMatcher) *ProcessChecker

WithBinary adds a Binary check to the ProcessChecker

func (*ProcessChecker) WithCap

func (checker *ProcessChecker) WithCap(check *CapabilitiesChecker) *ProcessChecker

WithCap adds a Cap check to the ProcessChecker

func (*ProcessChecker) WithCwd

func (checker *ProcessChecker) WithCwd(check *stringmatcher.StringMatcher) *ProcessChecker

WithCwd adds a Cwd check to the ProcessChecker

func (*ProcessChecker) WithDocker

func (checker *ProcessChecker) WithDocker(check *stringmatcher.StringMatcher) *ProcessChecker

WithDocker adds a Docker check to the ProcessChecker

func (*ProcessChecker) WithExecId

func (checker *ProcessChecker) WithExecId(check *stringmatcher.StringMatcher) *ProcessChecker

WithExecId adds a ExecId check to the ProcessChecker

func (*ProcessChecker) WithFlags

func (checker *ProcessChecker) WithFlags(check *stringmatcher.StringMatcher) *ProcessChecker

WithFlags adds a Flags check to the ProcessChecker

func (*ProcessChecker) WithNs

func (checker *ProcessChecker) WithNs(check *NamespacesChecker) *ProcessChecker

WithNs adds a Ns check to the ProcessChecker

func (*ProcessChecker) WithParentExecId

func (checker *ProcessChecker) WithParentExecId(check *stringmatcher.StringMatcher) *ProcessChecker

WithParentExecId adds a ParentExecId check to the ProcessChecker

func (*ProcessChecker) WithPid

func (checker *ProcessChecker) WithPid(check uint32) *ProcessChecker

WithPid adds a Pid check to the ProcessChecker

func (*ProcessChecker) WithPod

func (checker *ProcessChecker) WithPod(check *PodChecker) *ProcessChecker

WithPod adds a Pod check to the ProcessChecker

func (*ProcessChecker) WithRefcnt

func (checker *ProcessChecker) WithRefcnt(check uint32) *ProcessChecker

WithRefcnt adds a Refcnt check to the ProcessChecker

func (*ProcessChecker) WithStartTime

func (checker *ProcessChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ProcessChecker

WithStartTime adds a StartTime check to the ProcessChecker

func (*ProcessChecker) WithUid

func (checker *ProcessChecker) WithUid(check uint32) *ProcessChecker

WithUid adds a Uid check to the ProcessChecker

type ProcessExecChecker

type ProcessExecChecker struct {
	CheckerName string              `json:"checkerName"`
	Process     *ProcessChecker     `json:"process,omitempty"`
	Parent      *ProcessChecker     `json:"parent,omitempty"`
	Ancestors   *ProcessListMatcher `json:"ancestors,omitempty"`
}

ProcessExecChecker implements a checker struct to check a ProcessExec event

func NewProcessExecChecker

func NewProcessExecChecker(name string) *ProcessExecChecker

NewProcessExecChecker creates a new ProcessExecChecker

func (*ProcessExecChecker) Check

func (checker *ProcessExecChecker) Check(event *tetragon.ProcessExec) error

Check checks a ProcessExec event

func (*ProcessExecChecker) CheckEvent

func (checker *ProcessExecChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessExecChecker) CheckResponse

func (checker *ProcessExecChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessExecChecker) FromProcessExec

func (checker *ProcessExecChecker) FromProcessExec(event *tetragon.ProcessExec) *ProcessExecChecker

FromProcessExec populates the ProcessExecChecker using data from a ProcessExec event

func (*ProcessExecChecker) GetCheckerName

func (checker *ProcessExecChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessExecChecker) GetCheckerType

func (checker *ProcessExecChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessExecChecker) WithAncestors

func (checker *ProcessExecChecker) WithAncestors(check *ProcessListMatcher) *ProcessExecChecker

WithAncestors adds a Ancestors check to the ProcessExecChecker

func (*ProcessExecChecker) WithParent

func (checker *ProcessExecChecker) WithParent(check *ProcessChecker) *ProcessExecChecker

WithParent adds a Parent check to the ProcessExecChecker

func (*ProcessExecChecker) WithProcess

func (checker *ProcessExecChecker) WithProcess(check *ProcessChecker) *ProcessExecChecker

WithProcess adds a Process check to the ProcessExecChecker

type ProcessExitChecker

type ProcessExitChecker struct {
	CheckerName string                             `json:"checkerName"`
	Process     *ProcessChecker                    `json:"process,omitempty"`
	Parent      *ProcessChecker                    `json:"parent,omitempty"`
	Signal      *stringmatcher.StringMatcher       `json:"signal,omitempty"`
	Status      *uint32                            `json:"status,omitempty"`
	Time        *timestampmatcher.TimestampMatcher `json:"time,omitempty"`
}

ProcessExitChecker implements a checker struct to check a ProcessExit event

func NewProcessExitChecker

func NewProcessExitChecker(name string) *ProcessExitChecker

NewProcessExitChecker creates a new ProcessExitChecker

func (*ProcessExitChecker) Check

func (checker *ProcessExitChecker) Check(event *tetragon.ProcessExit) error

Check checks a ProcessExit event

func (*ProcessExitChecker) CheckEvent

func (checker *ProcessExitChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessExitChecker) CheckResponse

func (checker *ProcessExitChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessExitChecker) FromProcessExit

func (checker *ProcessExitChecker) FromProcessExit(event *tetragon.ProcessExit) *ProcessExitChecker

FromProcessExit populates the ProcessExitChecker using data from a ProcessExit event

func (*ProcessExitChecker) GetCheckerName

func (checker *ProcessExitChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessExitChecker) GetCheckerType

func (checker *ProcessExitChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessExitChecker) WithParent

func (checker *ProcessExitChecker) WithParent(check *ProcessChecker) *ProcessExitChecker

WithParent adds a Parent check to the ProcessExitChecker

func (*ProcessExitChecker) WithProcess

func (checker *ProcessExitChecker) WithProcess(check *ProcessChecker) *ProcessExitChecker

WithProcess adds a Process check to the ProcessExitChecker

func (*ProcessExitChecker) WithSignal

WithSignal adds a Signal check to the ProcessExitChecker

func (*ProcessExitChecker) WithStatus

func (checker *ProcessExitChecker) WithStatus(check uint32) *ProcessExitChecker

WithStatus adds a Status check to the ProcessExitChecker

func (*ProcessExitChecker) WithTime

WithTime adds a Time check to the ProcessExitChecker

type ProcessKprobeChecker

type ProcessKprobeChecker struct {
	CheckerName  string                       `json:"checkerName"`
	Process      *ProcessChecker              `json:"process,omitempty"`
	Parent       *ProcessChecker              `json:"parent,omitempty"`
	FunctionName *stringmatcher.StringMatcher `json:"functionName,omitempty"`
	Args         *KprobeArgumentListMatcher   `json:"args,omitempty"`
	Return       *KprobeArgumentChecker       `json:"return,omitempty"`
	Action       *KprobeActionChecker         `json:"action,omitempty"`
}

ProcessKprobeChecker implements a checker struct to check a ProcessKprobe event

func NewProcessKprobeChecker

func NewProcessKprobeChecker(name string) *ProcessKprobeChecker

NewProcessKprobeChecker creates a new ProcessKprobeChecker

func (*ProcessKprobeChecker) Check

func (checker *ProcessKprobeChecker) Check(event *tetragon.ProcessKprobe) error

Check checks a ProcessKprobe event

func (*ProcessKprobeChecker) CheckEvent

func (checker *ProcessKprobeChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessKprobeChecker) CheckResponse

func (checker *ProcessKprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessKprobeChecker) FromProcessKprobe

func (checker *ProcessKprobeChecker) FromProcessKprobe(event *tetragon.ProcessKprobe) *ProcessKprobeChecker

FromProcessKprobe populates the ProcessKprobeChecker using data from a ProcessKprobe event

func (*ProcessKprobeChecker) GetCheckerName

func (checker *ProcessKprobeChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessKprobeChecker) GetCheckerType

func (checker *ProcessKprobeChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessKprobeChecker) WithAction

func (checker *ProcessKprobeChecker) WithAction(check tetragon.KprobeAction) *ProcessKprobeChecker

WithAction adds a Action check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithArgs

WithArgs adds a Args check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithFunctionName

func (checker *ProcessKprobeChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker

WithFunctionName adds a FunctionName check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithParent

func (checker *ProcessKprobeChecker) WithParent(check *ProcessChecker) *ProcessKprobeChecker

WithParent adds a Parent check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithProcess

func (checker *ProcessKprobeChecker) WithProcess(check *ProcessChecker) *ProcessKprobeChecker

WithProcess adds a Process check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithReturn

WithReturn adds a Return check to the ProcessKprobeChecker

type ProcessListMatcher

type ProcessListMatcher struct {
	Operator listmatcher.Operator `json:"operator"`
	Values   []*ProcessChecker    `json:"values"`
}

ProcessListMatcher checks a list of *tetragon.Process fields

func NewProcessListMatcher

func NewProcessListMatcher() *ProcessListMatcher

NewProcessListMatcher creates a new ProcessListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*ProcessListMatcher) Check

func (checker *ProcessListMatcher) Check(values []*tetragon.Process) error

Check checks a list of *tetragon.Process fields

func (*ProcessListMatcher) WithOperator

func (checker *ProcessListMatcher) WithOperator(operator listmatcher.Operator) *ProcessListMatcher

WithOperator sets the match kind for the ProcessListMatcher

func (*ProcessListMatcher) WithValues

func (checker *ProcessListMatcher) WithValues(values ...*ProcessChecker) *ProcessListMatcher

WithValues sets the checkers that the ProcessListMatcher should use

type ProcessLoaderChecker

type ProcessLoaderChecker struct {
	CheckerName string                       `json:"checkerName"`
	Process     *ProcessChecker              `json:"process,omitempty"`
	Path        *stringmatcher.StringMatcher `json:"path,omitempty"`
	Buildid     *bytesmatcher.BytesMatcher   `json:"buildid,omitempty"`
}

ProcessLoaderChecker implements a checker struct to check a ProcessLoader event

func NewProcessLoaderChecker

func NewProcessLoaderChecker(name string) *ProcessLoaderChecker

NewProcessLoaderChecker creates a new ProcessLoaderChecker

func (*ProcessLoaderChecker) Check

func (checker *ProcessLoaderChecker) Check(event *tetragon.ProcessLoader) error

Check checks a ProcessLoader event

func (*ProcessLoaderChecker) CheckEvent

func (checker *ProcessLoaderChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessLoaderChecker) CheckResponse

func (checker *ProcessLoaderChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessLoaderChecker) FromProcessLoader

func (checker *ProcessLoaderChecker) FromProcessLoader(event *tetragon.ProcessLoader) *ProcessLoaderChecker

FromProcessLoader populates the ProcessLoaderChecker using data from a ProcessLoader event

func (*ProcessLoaderChecker) GetCheckerName

func (checker *ProcessLoaderChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessLoaderChecker) GetCheckerType

func (checker *ProcessLoaderChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessLoaderChecker) WithBuildid

WithBuildid adds a Buildid check to the ProcessLoaderChecker

func (*ProcessLoaderChecker) WithPath

WithPath adds a Path check to the ProcessLoaderChecker

func (*ProcessLoaderChecker) WithProcess

func (checker *ProcessLoaderChecker) WithProcess(check *ProcessChecker) *ProcessLoaderChecker

WithProcess adds a Process check to the ProcessLoaderChecker

type ProcessTracepointChecker

type ProcessTracepointChecker struct {
	CheckerName string                       `json:"checkerName"`
	Process     *ProcessChecker              `json:"process,omitempty"`
	Parent      *ProcessChecker              `json:"parent,omitempty"`
	Subsys      *stringmatcher.StringMatcher `json:"subsys,omitempty"`
	Event       *stringmatcher.StringMatcher `json:"event,omitempty"`
	Args        *KprobeArgumentListMatcher   `json:"args,omitempty"`
}

ProcessTracepointChecker implements a checker struct to check a ProcessTracepoint event

func NewProcessTracepointChecker

func NewProcessTracepointChecker(name string) *ProcessTracepointChecker

NewProcessTracepointChecker creates a new ProcessTracepointChecker

func (*ProcessTracepointChecker) Check

Check checks a ProcessTracepoint event

func (*ProcessTracepointChecker) CheckEvent

func (checker *ProcessTracepointChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessTracepointChecker) CheckResponse

func (checker *ProcessTracepointChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessTracepointChecker) FromProcessTracepoint

func (checker *ProcessTracepointChecker) FromProcessTracepoint(event *tetragon.ProcessTracepoint) *ProcessTracepointChecker

FromProcessTracepoint populates the ProcessTracepointChecker using data from a ProcessTracepoint event

func (*ProcessTracepointChecker) GetCheckerName

func (checker *ProcessTracepointChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessTracepointChecker) GetCheckerType

func (checker *ProcessTracepointChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessTracepointChecker) WithArgs

WithArgs adds a Args check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithEvent

WithEvent adds a Event check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithParent

WithParent adds a Parent check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithProcess

WithProcess adds a Process check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithSubsys

WithSubsys adds a Subsys check to the ProcessTracepointChecker

type TestChecker

type TestChecker struct {
	CheckerName string  `json:"checkerName"`
	Arg0        *uint64 `json:"arg0,omitempty"`
	Arg1        *uint64 `json:"arg1,omitempty"`
	Arg2        *uint64 `json:"arg2,omitempty"`
	Arg3        *uint64 `json:"arg3,omitempty"`
}

TestChecker implements a checker struct to check a Test event

func NewTestChecker

func NewTestChecker(name string) *TestChecker

NewTestChecker creates a new TestChecker

func (*TestChecker) Check

func (checker *TestChecker) Check(event *tetragon.Test) error

Check checks a Test event

func (*TestChecker) CheckEvent

func (checker *TestChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*TestChecker) CheckResponse

func (checker *TestChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*TestChecker) FromTest

func (checker *TestChecker) FromTest(event *tetragon.Test) *TestChecker

FromTest populates the TestChecker using data from a Test event

func (*TestChecker) GetCheckerName

func (checker *TestChecker) GetCheckerName() string

Get the name associated with the checker

func (*TestChecker) GetCheckerType

func (checker *TestChecker) GetCheckerType() string

Get the type of the checker as a string

func (*TestChecker) WithArg0

func (checker *TestChecker) WithArg0(check uint64) *TestChecker

WithArg0 adds a Arg0 check to the TestChecker

func (*TestChecker) WithArg1

func (checker *TestChecker) WithArg1(check uint64) *TestChecker

WithArg1 adds a Arg1 check to the TestChecker

func (*TestChecker) WithArg2

func (checker *TestChecker) WithArg2(check uint64) *TestChecker

WithArg2 adds a Arg2 check to the TestChecker

func (*TestChecker) WithArg3

func (checker *TestChecker) WithArg3(check uint64) *TestChecker

WithArg3 adds a Arg3 check to the TestChecker

type UnorderedEventChecker

type UnorderedEventChecker struct {
	// contains filtered or unexported fields
}

UnorderedEventChecker checks a series of events in arbitrary order

func NewUnorderedEventChecker

func NewUnorderedEventChecker(checks ...EventChecker) *UnorderedEventChecker

NewUnorderedEventChecker creates a new UnorderedEventChecker

func (*UnorderedEventChecker) AddChecks

func (checker *UnorderedEventChecker) AddChecks(checks ...EventChecker)

AddChecks adds one or more checks to the set of checks in this event checker

func (*UnorderedEventChecker) FinalCheck

func (checker *UnorderedEventChecker) FinalCheck(logger *logrus.Logger) error

FinalCheck implements the MultiEventChecker interface

func (*UnorderedEventChecker) GetChecks

func (checker *UnorderedEventChecker) GetChecks() []EventChecker

GetChecks returns this checker's list of checks

func (*UnorderedEventChecker) GetRemainingChecks

func (checker *UnorderedEventChecker) GetRemainingChecks() []EventChecker

GetRemainingChecks returns this checker's list of remaining checks

func (*UnorderedEventChecker) NextEventCheck

func (checker *UnorderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)

NextEventCheck implements the MultiEventChecker interface

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL