utils

package
v0.2.178 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2024 License: Apache-2.0 Imports: 40 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ProcessAllowed   = "processAllowed"
	ContainerAllowed = "containerAllowed"
)
View Source 
const (
	ErrKernelVersion = "incompatible kernel version"
	ErrMacOS         = "no vdso address found in auxv"
)
View Source 
const (
	// standard exit codes
	ExitCodeSuccess = iota
	ExitCodeError   = 1

	// custom exit codes
	ExitCodeRuncNotFound       = 100
	ExitCodeIncompatibleKernel = 101
	ExitCodeMacOS              = 102
)
View Source 
const (
	Unknown = iota
	Container
	InitContainer
	EphemeralContainer
)

Variables

View Source 
var (
	ContainerHasTerminatedError = errors.New("container has terminated")
	ContainerReachedMaxTime     = errors.New("container reached max time")
	ObjectCompleted             = errors.New("object is completed")
	TooLargeObjectError         = errors.New("object is too large")
	IncompleteSBOMError         = errors.New("incomplete SBOM")
)

Functions

func AddJitter added in v0.2.134 

func AddJitter(duration time.Duration, maxJitterPercentage int) time.Duration

AddJitter adds jitter percent to the duration

func After 

func After(value string, a string) string

func Atoi 

func Atoi(s string) int

func Between 

func Between(value string, a string, b string) string

func CalculateFileHashes added in v0.2.122 

func CalculateFileHashes(path string) (sha1Hash string, md5Hash string, err error)

CalculateFileHashes calculates both SHA1 and MD5 hashes of the given file.

func CalculateSHA256FileExecHash 

func CalculateSHA256FileExecHash(path string, args []string) string

func ChunkBy added in v0.2.106 

func ChunkBy[T any](items []T, chunkSize int) [][]T

func CreateK8sContainerID 

func CreateK8sContainerID(namespaceName string, podName string, containerName string) string

func CreateK8sPodID 

func CreateK8sPodID(namespaceName string, podName string) string

func CreateProcessTree 

func CreateProcessTree(process *apitypes.Process, shimPid uint32) (*apitypes.Process, error)

Creates a process tree from a process. The process tree will be built from scanning the /proc filesystem.

func CurrentDir 

func CurrentDir() string

func DetectContainerRuntimeViaK8sAPI added in v0.2.111 

func DetectContainerRuntimeViaK8sAPI(ctx context.Context, k8sClient *k8sinterface.KubernetesApi, nodeName string) (*containerutilsTypes.RuntimeConfig, error)

func DetectContainerRuntimes added in v0.2.111 

func DetectContainerRuntimes(hostMount string) ([]*containerutilsTypes.RuntimeConfig, error)

func EnrichApplicationProfileContainer 

func EnrichApplicationProfileContainer(container *v1beta1.ApplicationProfileContainer, observedCapabilities, observedSyscalls []string, execs map[string][]string, opens map[string]mapset.Set[string], endpoints map[string]*v1beta1.HTTPEndpoint, rulePolicies map[string]v1beta1.RulePolicy)

func EnrichNeighborhoodContainer 

func EnrichNeighborhoodContainer(container *v1beta1.NetworkNeighborhoodContainer, ingress, egress []v1beta1.NetworkNeighbor)

func EscapeJSONPointerElement 

func EscapeJSONPointerElement(s string) string

EscapeJSONPointerElement escapes a JSON pointer element See https://www.rfc-editor.org/rfc/rfc6901#section-3

func GenerateNeighborsIdentifier 

func GenerateNeighborsIdentifier(neighborEntry v1beta1.NetworkNeighbor) (string, error)

func GetApplicationProfileContainer 

func GetApplicationProfileContainer(object *v1beta1.ApplicationProfile, containerType ContainerType, containerIndex int) *v1beta1.ApplicationProfileContainer

TODO make generic?

func GetCmdlineByPid 

func GetCmdlineByPid(pid int) (*string, error)

func GetCommFromPid 

func GetCommFromPid(pid uint32) (string, error)

func GetContainerStatuses 

func GetContainerStatuses(podStatus v1.PodStatus) []v1.ContainerStatus

func GetExecArgsFromEvent 

func GetExecArgsFromEvent(event *tracerexectype.Event) []string

Get exec args from the given event.

func GetExecPathFromEvent 

func GetExecPathFromEvent(event *tracerexectype.Event) string

Get the path of the executable from the given event.

func GetFileSize 

func GetFileSize(path string) (int64, error)

Get the size of the given file.

func GetHostFilePathFromEvent 

func GetHostFilePathFromEvent(event K8sEvent, containerPid uint32) (string, error)

Get the path of the file on the node.

func GetLabels 

func GetLabels(watchedContainer *WatchedContainerData, stripContainer bool) map[string]string

func GetNamespaceMatchLabels 

func GetNamespaceMatchLabels(destinationNamespace, sourceNamespace string) map[string]string

func GetNetworkNeighborhoodContainer 

func GetNetworkNeighborhoodContainer(object *v1beta1.NetworkNeighborhood, containerType ContainerType, containerIndex int) *v1beta1.NetworkNeighborhoodContainer

TODO make generic?

func GetPathFromPid 

func GetPathFromPid(pid uint32) (string, error)

func GetProcessEnv 

func GetProcessEnv(pid int) (map[string]string, error)

func GetProcessFromProcessTree 

func GetProcessFromProcessTree(process *apitypes.Process, pid uint32) *apitypes.Process

func GetProcessStat 

func GetProcessStat(pid int) (*procfs.ProcStat, error)

func MergePolicies added in v0.2.178 

func MergePolicies(primary, secondary v1beta1.RulePolicy) v1beta1.RulePolicy

func RandomDuration added in v0.2.141 

func RandomDuration(max int, duration time.Duration) time.Duration

RandomDuration returns a duration between 1/2 max and max

func SetInMap 

func SetInMap(newExecMap *maps.SafeMap[string, mapset.Set[string]]) func(k string, v mapset.Set[string]) bool

func ToInstanceType 

func ToInstanceType(c ContainerType) helpersv1.InstanceType

func TrimRuntimePrefix 

func TrimRuntimePrefix(id string) string

TrimRuntimePrefix removes the runtime prefix from a container ID.

Types

type ContainerType 

type ContainerType int

func (ContainerType) String 

func (c ContainerType) String() string

type EventType 

type EventType string
const (
	ExecveEventType       EventType = "exec"
	OpenEventType         EventType = "open"
	CapabilitiesEventType EventType = "capabilities"
	DnsEventType          EventType = "dns"
	NetworkEventType      EventType = "network"
	SyscallEventType      EventType = "syscall"
	RandomXEventType      EventType = "randomx"
	SymlinkEventType      EventType = "symlink"
	HardlinkEventType     EventType = "hardlink"
	SSHEventType          EventType = "ssh"
	HTTPEventType         EventType = "http"
	PtraceEventType       EventType = "ptrace"
	AllEventType          EventType = "all"
)

type K8sEvent added in v0.2.145 

type K8sEvent interface {
	GetPod() string
	GetNamespace() string
}

type PatchOperation 

type PatchOperation struct {
	Op    string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value"`
}

func AppendStatusAnnotationPatchOperations 

func AppendStatusAnnotationPatchOperations(existingPatch []PatchOperation, watchedContainer *WatchedContainerData) []PatchOperation

func CreateCapabilitiesPatchOperations 

func CreateCapabilitiesPatchOperations(capabilities, syscalls []string, execs map[string][]string, opens map[string]mapset.Set[string], endpoints map[string]*v1beta1.HTTPEndpoint, rulePolicies map[string]v1beta1.RulePolicy, containerType string, containerIndex int) []PatchOperation

func CreateNetworkPatchOperations 

func CreateNetworkPatchOperations(ingress, egress []v1beta1.NetworkNeighbor, containerType string, containerIndex int) []PatchOperation

type WatchedContainerCompletionStatus 

type WatchedContainerCompletionStatus string
const (
	WatchedContainerCompletionStatusPartial WatchedContainerCompletionStatus = helpersv1.Partial
	WatchedContainerCompletionStatusFull    WatchedContainerCompletionStatus = helpersv1.Complete
)

type WatchedContainerData 

type WatchedContainerData struct {
	InstanceID                                 instanceidhandler.IInstanceID
	UpdateDataTicker                           *time.Ticker
	SyncChannel                                chan error
	SBOMSyftFiltered                           *v1beta1.SBOMSyftFiltered
	RelevantRealtimeFilesByIdentifier          map[string]bool
	RelevantRelationshipsArtifactsByIdentifier map[string]bool
	RelevantArtifactsFilesByIdentifier         map[string]bool
	ParentResourceVersion                      string
	ContainerID                                string
	ImageTag                                   string
	ImageID                                    string
	Wlid                                       string
	TemplateHash                               string
	K8sContainerID                             string
	SBOMResourceVersion                        int
	ContainerType                              ContainerType
	ContainerIndex                             int
	ContainerNames                             map[ContainerType][]string
	NsMntId                                    uint64
	InitialDelayExpired                        bool

	ParentWorkloadSelector *metav1.LabelSelector
	SeccompProfilePath     *string
	// contains filtered or unexported fields
}

func (*WatchedContainerData) GetCompletionStatus 

func (watchedContainer *WatchedContainerData) GetCompletionStatus() WatchedContainerCompletionStatus

func (*WatchedContainerData) GetStatus 

func (watchedContainer *WatchedContainerData) GetStatus() WatchedContainerStatus

func (*WatchedContainerData) ResetStatusUpdatedFlag 

func (watchedContainer *WatchedContainerData) ResetStatusUpdatedFlag()

func (*WatchedContainerData) SetCompletionStatus 

func (watchedContainer *WatchedContainerData) SetCompletionStatus(newStatus WatchedContainerCompletionStatus)

func (*WatchedContainerData) SetContainerInfo 

func (watchedContainer *WatchedContainerData) SetContainerInfo(wl workloadinterface.IWorkload, containerName string)

func (*WatchedContainerData) SetStatus 

func (watchedContainer *WatchedContainerData) SetStatus(newStatus WatchedContainerStatus)

func (*WatchedContainerData) StatusUpdated 

func (watchedContainer *WatchedContainerData) StatusUpdated() bool

type WatchedContainerStatus 

type WatchedContainerStatus string
const (
	WatchedContainerStatusInitializing WatchedContainerStatus = helpersv1.Initializing
	WatchedContainerStatusReady        WatchedContainerStatus = helpersv1.Ready
	WatchedContainerStatusCompleted    WatchedContainerStatus = helpersv1.Completed

	WatchedContainerStatusMissingRuntime WatchedContainerStatus = helpersv1.MissingRuntime
	WatchedContainerStatusTooLarge       WatchedContainerStatus = helpersv1.TooLarge
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.