8000 refactor: Rename event parameters to fields by yanivagman · Pull Request #4398 · aquasecurity/tracee · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

refactor: Rename event parameters to fields #4398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 29, 2024
Merged

refactor: Rename event parameters to fields #4398

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions pkg/bufferdecoder/decoder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,13 +89,13 @@ func (decoder *EbpfDecoder) DecodeContext(eCtx *EventContext) error {
// DecodeArguments decodes the remaining buffer's argument values, according to the given event definition.
// It should be called last, and after decoding the argnum with DecodeUint8.
//
// Argument array passed should be initialized with the size of len(evtParams).
func (decoder *EbpfDecoder) DecodeArguments(args []trace.Argument, argnum int, evtParams []trace.ArgMeta, evtName string, eventId events.ID) error {
// Argument array passed should be initialized with the size of len(evtFields).
func (decoder *EbpfDecoder) DecodeArguments(args []trace.Argument, argnum int, evtFields []trace.ArgMeta, evtName string, eventId events.ID) error {
for i := 0; i < argnum; i++ {
idx, arg, err := readArgFromBuff(
eventId,
decoder,
evtParams,
evtFields,
)
if err != nil {
logger.Errorw("error reading argument from buffer", "error", errfmt.Errorf("failed to read argument %d of event %s: %v", i, evtName, err))
Expand All @@ -108,9 +108,9 @@ func (decoder *EbpfDecoder) DecodeArguments(args []trace.Argument, argnum int, e
}

// Fill missing arguments metadata
for i := 0; i < len(evtParams); i++ {
for i := 0; i < len(evtFields); i++ {
if args[i].Value == nil {
args[i].ArgMeta = evtParams[i]
args[i].ArgMeta = evtFields[i]
args[i].Value = args[i].Zero
}
}
Expand Down
12 changes: 6 additions & 6 deletions pkg/bufferdecoder/eventsreader.go
View file
Open in desktop
10000
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ const (

// readArgFromBuff read the next argument from the buffer.
// Return the index of the argument and the parsed argument.
func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, params []trace.ArgMeta,
func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.ArgMeta,
) (
uint, trace.Argument, error,
) {
Expand All @@ -62,11 +62,11 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, params []trace.A
if err != nil {
return 0, arg, errfmt.Errorf("error reading arg index: %v", err)
}
if int(argIdx) >= len(params) {
if int(argIdx) >= len(fields) {
return 0, arg, errfmt.Errorf("invalid arg index %d", argIdx)
}
arg.ArgMeta = params[argIdx]
argType := GetParamType(arg.Type)
arg.ArgMeta = fields[argIdx]
argType := GetFieldType(arg.Type)

switch argType {
case u8T:
Expand Down Expand Up @@ -196,8 +196,8 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, params []trace.A
return uint(argIdx), arg, nil
}

func GetParamType(paramType string) ArgType {
switch paramType {
func GetFieldType(fieldType string) ArgType {
switch fieldType {
case "int", "pid_t", "uid_t", "gid_t", "mqd_t", "clockid_t", "const clockid_t", "key_t", "key_serial_t", "timer_t":
return intT
case "unsigned int", "u32":
Expand Down
38 changes: 19 additions & 19 deletions pkg/bufferdecoder/eventsreader_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ func TestReadArgFromBuff(t *testing.T) {
testCases := []struct {
name string
input []byte
params []trace.ArgMeta
fields []trace.ArgMeta
expectedArg interface{}
expectedError error
}{
Expand All @@ -24,71 +24,71 @@ func TestReadArgFromBuff(t *testing.T) {
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, // -1
},
params: []trace.ArgMeta{{Type: "int", Name: "int0"}},
fields: []trace.ArgMeta{{Type: "int", Name: "int0"}},
expectedArg: int32(-1),
},
{
name: "uintT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, // 4294967295
},
params: []trace.ArgMeta{{Type: "unsigned int", Name: "uint0"}},
fields: []trace.ArgMeta{{Type: "unsigned int", Name: "uint0"}},
expectedArg: uint32(4294967295),
},
{
name: "longT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // -1
},
params: []trace.ArgMeta{{Type: "long", Name: "long0"}},
fields: []trace.ArgMeta{{Type: "long", Name: "long0"}},
expectedArg: int64(-1),
},
{
name: "ulongT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615
},
params: []trace.ArgMeta{{Type: "unsigned long", Name: "ulong0"}},
fields: []trace.ArgMeta{{Type: "unsigned long", Name: "ulong0"}},
expectedArg: uint64(18446744073709551615),
},
{
name: "modeT",
input: []byte{0,
0xB6, 0x11, 0x0, 0x0, // 0x000011B6 == 010666 == S_IFIFO|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH
},
params: []trace.ArgMeta{{Type: "mode_t", Name: "modeT0"}},
fields: []trace.ArgMeta{{Type: "mode_t", Name: "modeT0"}},
expectedArg: uint32(0x11b6),
},
{
name: "devT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, // 4294967295
},
params: []trace.ArgMeta{{Type: "dev_t", Name: "devT0"}},
fields: []trace.ArgMeta{{Type: "dev_t", Name: "devT0"}},
expectedArg: uint32(4294967295),
},
{
name: "offT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615
},
params: []trace.ArgMeta{{Type: "off_t", Name: "offT0"}},
fields: []trace.ArgMeta{{Type: "off_t", Name: "offT0"}},
expectedArg: uint64(18446744073709551615),
},
{
name: "loffT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615
},
params: []trace.ArgMeta{{Type: "loff_t", Name: "loffT0"}},
fields: []trace.ArgMeta{{Type: "loff_t", Name: "loffT0"}},
expectedArg: uint64(18446744073709551615),
},
{ // This is expected to fail. TODO: change pointer parsed type to uint64
name: "pointerT",
input: []byte{0,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
},
params: []trace.ArgMeta{{Type: "void*", Name: "pointer0"}},
fields: []trace.ArgMeta{{Type: "void*", Name: "pointer0"}},
expectedArg: uintptr(0xFFFFFFFFFFFFFFFF),
},
{
Expand All @@ -97,7 +97,7 @@ func TestReadArgFromBuff(t *testing.T) {
16, 0, 0, 0, // len=16
47, 117, 115, 114, 47, 98, 105, 110, 47, 100, 111, 99, 107, 101, 114, 0, // /usr/bin/docker
},
params: []trace.ArgMeta{{Type: "const char*", Name: "str0"}},
fields: []trace.ArgMeta{{Type: "const char*", Name: "str0"}},
expectedArg: "/usr/bin/docker",
},
{
Expand All @@ -109,7 +109,7 @@ func TestReadArgFromBuff(t *testing.T) {
7, 0, 0, 0, // len=7
100, 111, 99, 107, 101, 114, 0, // docker
},
params: []trace.ArgMeta{{Type: "const char*const*", Name: "strArr0"}},
fields: []trace.ArgMeta{{Type: "const char*const*", Name: "strArr0"}},
expectedArg: []string{"/usr/bin", "docker"},
},
{
Expand All @@ -120,7 +120,7 @@ func TestReadArgFromBuff(t *testing.T) {
47, 117, 115, 114, 47, 98, 105, 110, 0, // /usr/bin
100, 111, 99, 107, 101, 114, 0, // docker
},
params: []trace.ArgMeta{{Type: "const char**", Name: "argsArr0"}},
fields: []trace.ArgMeta{{Type: "const char**", Name: "argsArr0"}},
expectedArg: []string{"/usr/bin", "docker"},
},
{
Expand All @@ -131,7 +131,7 @@ func TestReadArgFromBuff(t *testing.T) {
0xFF, 0xFF, 0xFF, 0xFF, // sin_addr=255.255.255.255
0, 0, 0, 0, 0, 0, 0, 0, // padding[8]
},
params: []trace.ArgMeta{{Type: "struct sockaddr*", Name: "sockAddr0"}},
fields: []trace.ArgMeta{{Type: "struct sockaddr*", Name: "sockAddr0"}},
expectedArg: map[string]string(map[string]string{"sa_family": "AF_INET", "sin_addr": "255.255.255.255", "sin_port": "65535"}),
},
{
Expand All @@ -140,7 +140,7 @@ func TestReadArgFromBuff(t *testing.T) {
1, 0, // sa_family=AF_UNIX
47, 116, 109, 112, 47, 115, 111, 99, 107, 101, 116, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 101, 110, 0, 0, 0, // sun_path=/tmp/socket
},
params: []trace.ArgMeta{{Type: "struct sockaddr*", Name: "sockAddr0"}},
fields: []trace.ArgMeta{{Type: "struct sockaddr*", Name: "sockAddr0"}},
expectedArg: map[string]string{"sa_family": "AF_UNIX", "sun_path": "/tmp/socket"},
},
{
Expand All @@ -153,15 +153,15 @@ func TestReadArgFromBuff(t *testing.T) {
input: []byte{0,
0, 0, 0, 1, // len=16777216
},
params: []trace.ArgMeta{{Type: "const char*", Name: "str0"}},
fields: []trace.ArgMeta{{Type: "const char*", Name: "str0"}},
expectedError: errors.New("string size too big: 16777216"),
},
{
name: "multiple params",
name: "multiple fields",
input: []byte{1,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615
},
params: []trace.ArgMeta{{Type: "const char*", Name: "str0"}, {Type: "off_t", Name: "offT1"}},
fields: []trace.ArgMeta{{Type: "const char*", Name: "str0"}, {Type: "off_t", Name: "offT1"}},
expectedArg: uint64(18446744073709551615),
},
}
Expand All @@ -173,7 +173,7 @@ func TestReadArgFromBuff(t *testing.T) {
t.Parallel()

decoder := New(tc.input)
_, actual, err := readArgFromBuff(0, decoder, tc.params)
_, actual, err := readArgFromBuff(0, decoder, tc.fields)

if tc.expectedError != nil {
assert.ErrorContains(t, err, tc.expectedError.Error())
Expand Down
4 changes: 2 additions & 2 deletions pkg/cmd/gptdocs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ func (r GPTDocsRunner) GenerateSyscall(

var y []byte

y, err = yaml.Marshal(evt.GetParams())
y, err = yaml.Marshal(evt.GetFields())
if err != nil {
logger.Errorw("Error marshaling event", "err", err)
}
Expand All @@ -213,7 +213,7 @@ given syscall. The template for this markdown file is the following:
reqStr := fmt.Sprintf("%s"+ // head
"\n%s\n\n"+ // template
"The event, or syscall, name is \"%s\" "+
"and the parameter names and types are:\n"+
"and the field names and types are:\n"+
"\n%s\n",
headNote, templateYaml, evt.GetName(), eventArgsYaml,
)
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/initialize/sigs/sigs_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ func Test_CreateEventsFromSigs(t *testing.T) {
assert.Equal(t, expected.IsInternal(), eventDefinition.IsInternal())
assert.Equal(t, expected.IsSyscall(), eventDefinition.IsSyscall())
assert.ElementsMatch(t, expected.GetSets(), eventDefinition.GetSets())
assert.ElementsMatch(t, expected.GetParams(), eventDefinition.GetParams())
assert.ElementsMatch(t, expected.GetFields(), eventDefinition.GetFields())

dependencies := eventDefinition.GetDependencies()
expDependencies := expected.GetDependencies()
Expand Down
6 changes: 3 additions & 3 deletions pkg/cmd/list.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ import (

func PrintEventList(includeSigs bool, wideOutput bool) {
// TODO: Create String() method in types trace.ArgMeta
paramsToString := func(params []trace.ArgMeta) string {
fieldsToString := func(fields []trace.ArgMeta) string {
strSlice := []string{}
for _, p := range params {
for _, p := range fields {
strSlice = append(strSlice, p.Type+" "+p.Name)
}
return strings.Join(strSlice, ", ")
Expand Down Expand Up @@ -50,7 +50,7 @@ func PrintEventList(includeSigs bool, wideOutput bool) {
return []string{
evtDef.GetName(),
strings.Join(evtDef.GetSets(), ", "),
paramsToString(evtDef.GetParams()),
fieldsToString(evtDef.GetFields()),
}
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/ebpf/c/common/buffer.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -386,12 +386,12 @@ statfunc int save_args_to_submit_buf(event_data_t *event, args_t *args)
void *arg;
short family;

if (unlikely(event->config.param_types == 0))
if (unlikely(event->config.field_types == 0))
return 0;

#pragma unroll
for (i = 0; i < 6; i++) {
type = DEC_ARG(i, event->config.param_types);
type = DEC_ARG(i, event->config.field_types);

// bounds check for the verifier
if (unlikely(type > ARG_TYPE_MAX_ARRAY))
Expand Down
4 changes: 2 additions & 2 deletions pkg/ebpf/c/common/context.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ statfunc int init_program_data(program_data_t *p, void *ctx, u32 event_id)
p->event->config.submit_for_policies = 0;
event_config_t *event_config = get_event_config(event_id, p->event->context.policies_version);
if (event_config != NULL) {
p->event->config.param_types = event_config->param_types;
p->event->config.field_types = event_config->field_types;
p->event->config.submit_for_policies = event_config->submit_for_policies;
}
}
Expand Down Expand Up @@ -251,7 +251,7 @@ statfunc bool reset_event(event_data_t *event, u32 event_id)
if (event_config == NULL)
return false;

event->config.param_types = event_config->param_types;
event->config.field_types = event_config->field_types;
event->config.submit_for_policies = event_config->submit_for_policies;
event->context.matched_policies = event_config->submit_for_policies;

Expand Down
2 changes: 1 addition & 1 deletion pkg/ebpf/c/types.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@ typedef struct config_entry {

typedef struct event_config {
u64 submit_for_policies;
u64 param_types;
u64 field_types;
} event_config_t;

enum capture_options_e
Expand Down
6 changes: 3 additions & 3 deletions pkg/ebpf/controlplane/signal.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ func (sig *signal) Unmarshal(buffer []byte) error {
return errfmt.Errorf("failed to get event %d configuration", sig.id)
}
eventDefinition := events.Core.GetDefinitionByID(sig.id)
evtParams := eventDefinition.GetParams()
evtFields := eventDefinition.GetFields()
evtName := eventDefinition.GetName()
sig.args = make([]trace.Argument, len(evtParams))
err = ebpfDecoder.DecodeArguments(sig.args, int(argnum), evtParams, evtName, sig.id)
sig.args = make([]trace.Argument, len(evtFields))
err = ebpfDecoder.DecodeArguments(sig.args, int(argnum), evtFields, evtName, sig.id)
if err != nil {
return errfmt.Errorf("failed to decode signal arguments: %v", err)
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/ebpf/events_pipeline.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,10 +182,10 @@ func (t *Tracee) decodeEvents(ctx context.Context, sourceChan chan []byte) (<-ch
continue
}
eventDefinition := events.Core.GetDefinitionByID(eventId)
evtParams := eventDefinition.GetParams()
evtFields := eventDefinition.GetFields()
evtName := eventDefinition.GetName()
args := make([]trace.Argument, len(evtParams))
err := ebpfMsgDecoder.DecodeArguments(args, int(argnum), evtParams, evtName, eventId)
args := make([]trace.Argument, len(evtFields))
err := ebpfMsgDecoder.DecodeArguments(args, int(argnum), evtFields, evtName, eventId)
if err != nil {
t.handleError(err)
continue
Expand Down
16 changes: 8 additions & 8 deletions pkg/ebpf/tracee.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ type Tracee struct {
// Events
eventsSorter *sorting.EventsChronologicalSorter
eventsPool *sync.Pool
eventsParamTypes map[events.ID][]bufferdecoder.ArgType
eventsFieldTypes map[events.ID][]bufferdecoder.ArgType
eventProcessor map[events.ID][]func(evt *trace.Event) error
eventDerivations derive.Table
// Artifacts
Expand Down Expand Up @@ -415,14 +415,14 @@ func (t *Tracee) Init(ctx gocontext.Context) error {
return errfmt.Errorf("error initializing event derivation map: %v", err)
}

// Initialize events parameter types map
// Initialize events field types map

t.eventsParamTypes = make(map[events.ID][]bufferdecoder.ArgType)
t.eventsFieldTypes = make(map[events.ID][]bufferdecoder.ArgType)
for _, eventDefinition := range events.Core.GetDefinitions() {
id := eventDefinition.GetID()
params := eventDefinition.GetParams()
for _, param := range params {
t.eventsParamTypes[id] = append(t.eventsParamTypes[id], bufferdecoder.GetParamType(param.Type))
fields := eventDefinition.GetFields()
for _, field := range fields {
t.eventsFieldTypes[id] = append(t.eventsFieldTypes[id], bufferdecoder.GetFieldType(field.Type))
}
}

Expand Down Expand Up @@ -1115,7 +1115,7 @@ func (t *Tracee) populateFilterMaps(updateProcTree bool) error {
polCfg, err := t.policyManager.UpdateBPF(
t.bpfModule,
t.containers,
t.eventsParamTypes,
t.eventsFieldTypes,
true,
updateProcTree,
)
Expand Down Expand Up @@ -1277,7 +1277,7 @@ func (t *Tracee) initBPF() error {
}

// returned PoliciesConfig is not used here, therefore it's discarded
_, err = t.policyManager.UpdateBPF(t.bpfModule, t.containers, t.eventsParamTypes, false, true)
_, err = t.policyManager.UpdateBPF(t.bpfModule, t.containers, t.eventsFieldTypes, false, true)
if err != nil {
return errfmt.WrapError(err)
}
Expand Down
Loading
0