falcosecurity · poiana · Sep 20, 2024 · Sep 16, 2024 · Sep 16, 2024 · Sep 19, 2024
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -16,9 +16,9 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.21
+          go-version: 1.23.1
 
       - name: Build
         run: make build

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -31,7 +31,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.21
+          go-version: 1.23.1
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v3

diff --git a/Dockerfile b/Dockerfile
@@ -1,22 +1,20 @@
-FROM alpine:latest as builder
+FROM golang:1.23.1-alpine3.20 AS builder
 
 LABEL maintainer="[email protected]"
 
-RUN apk add --no-cache make bash git build-base go
+RUN apk add --no-cache make bash
 
 WORKDIR /event-generator
+
 COPY . .
 
 RUN make
 
-FROM alpine:latest
 
-COPY --from=builder /event-generator/event-generator /bin/event-generator
+FROM alpine:3.20
 
-# Need to have this for helper.RunShell
-RUN apk add bash
+RUN apk add --no-cache sudo polkit libcap e2fsprogs-extra openssh nmap netcat-openbsd wget curl
 
-# Need to have this for syscall.WriteBelowRpmDatabase
-RUN mkdir -p /var/lib/rpm/
+COPY --from=builder /event-generator/event-generator /bin/event-generator
 
 ENTRYPOINT ["/bin/event-generator"]
diff --git a/Makefile b/Makefile
@@ -47,12 +47,12 @@ prepare: clean events/k8saudit/yaml/bundle.go
 
 .PHONY: ${output}
 ${output}:
-	$(GO) build -buildmode=pie -buildvcs=false -ldflags "$(LDFLAGS)" -o $@ ${main}
+	CGO_ENABLED=0 $(GO) build -buildmode=pie -buildvcs=false -ldflags "$(LDFLAGS)" -o $@ ${main}
 
 .PHONY: clean
 clean:
 	$(RM) -R ${output}
-	$(RM) -f events/k8saudit/yaml/bundle.go
+	$(RM) events/k8saudit/yaml/bundle.go
 	$(RM) -R ${output} ${docgen}
 
 .PHONY: test
@@ -78,11 +78,9 @@ image:
 	$(DOCKER) build \
 		-t "$(IMAGE_NAME_BRANCH)" \
 		-f Dockerfile .
-	$(DOCKER) tag $(IMAGE_NAME_BRANCH) $(IMAGE_NAME_COMMIT)
-	$(DOCKER) tag "$(IMAGE_NAME_BRANCH)" $(IMAGE_NAME_COMMIT)
-
+	$(DOCKER) tag "$(IMAGE_NAME_BRANCH)" "$(IMAGE_NAME_COMMIT)"
 
 .PHONY: push
 push:
-	$(DOCKER) push $(IMAGE_NAME_BRANCH)
-	$(DOCKER) push $(IMAGE_NAME_COMMIT)
+	$(DOCKER) push "$(IMAGE_NAME_BRANCH)"
+	$(DOCKER) push "$(IMAGE_NAME_COMMIT)"
diff --git a/README.md b/README.md
@@ -87,7 +87,7 @@ INFO action executed                               action=syscall.ReadSensitiveF
 
 Useful options:
 - `--loop` to run actions in a loop
-- `--sleep` to set the length of time to wait before running an action (default to `1s`)
+- `--sleep` to set the length of time to wait before running an action (default to `100ms`)
 
 Also, note that not all actions are enabled by default. To run all actions, use the `--all` option.
 
@@ -145,7 +145,7 @@ The `syscall` collection performs a variety of suspect actions detected by the [
 $ docker run -it --rm falcosecurity/event-generator run syscall --loop
 ```
 
-The above command loops forever, incessantly generating a sample event each second. 
+The above command loops forever, incessantly generating a sample event every 100 miliseconds. 
 
 
 ### Generate activity for the k8s audit rules

diff --git a/cmd/bench.go b/cmd/bench.go
@@ -38,18 +38,18 @@ func NewBench() *cobra.Command {
 This command generates a high number of Event Per Second (EPS), to test the events throughput allowed by Falco.
 The number of EPS is controlled by the "--sleep" option: reduce the sleeping duration to increase the EPS.
 If the "--loop" option is set, the sleeping duration is halved on each round.
-The "--pid" option can be used to monitor the Falco process. 
+The "--pid" option can be used to monitor the Falco process.
 
 N.B.:
 	- the Falco gRPC Output must be enabled to use this command
 	- "outputs.rate" and "outputs.max_burst" values within the Falco configuration must be increased,
 	  otherwise EPS will be rate-limited by the throttling mechanism
-	- since not all actions can be used for benchmarking, 
+	- since not all actions can be used for benchmarking,
 	  only those actions matching the given regular expression are used
 
 One commmon way to use this command is as following:
 
-	event-generator bench "ChangeThreadNamespace|ReadSensitiveFileUntrusted" --all --loop --sleep 10ms --pid $(pidof -s falco) 
+	event-generator bench "ChangeThreadNamespace|ReadSensitiveFileUntrusted" --all --loop --sleep 10ms --pid $(pidof -s falco)
 
 
 ` + runWarningMessage

diff --git a/cmd/config_options.go b/cmd/config_options.go
@@ -15,7 +15,7 @@ limitations under the License.
 package cmd
 
 import (
-	"fmt"
+	"errors"
 
 	"github.com/creasty/defaults"
 	"github.com/falcosecurity/event-generator/cmd/internal/validate"
@@ -42,11 +42,11 @@ func NewConfigOptions() *ConfigOptions {
 // Validate validates the ConfigOptions fields.
 func (co *ConfigOptions) Validate() []error {
 	if err := validate.V.Struct(co); err != nil {
-		errors := err.(validator.ValidationErrors)
+		errs := err.(validator.ValidationErrors)
 		errArr := []error{}
-		for _, e := range errors {
+		for _, e := range errs {
 			// Translate each error one at a time
-			errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
+			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
 		return errArr
 	}

diff --git a/cmd/internal/validate/isfilepath.go b/cmd/internal/validate/isfilepath.go
@@ -29,10 +29,7 @@ func isFilePath(fl validator.FieldLevel) bool {
 	case reflect.String:
 		fileInfo, err := os.Stat(field.String())
 		if err != nil {
-			if !os.IsNotExist(err) {
-				return false
-			}
-			return true
+			return os.IsNotExist(err)
 		}
 
 		return !fileInfo.IsDir()

diff --git a/cmd/internal/validate/islogruslevel.go b/cmd/internal/validate/islogruslevel.go
@@ -22,8 +22,5 @@ import (
 func isLogrusLevel(fl validator.FieldLevel) bool {
 	level := fl.Field().String()
 	_, err := logger.ParseLevel(level)
-	if err != nil {
-		return false
-	}
-	return true
+	return err == nil
 }
diff --git a/cmd/internal/validate/validate.go b/cmd/internal/validate/validate.go
@@ -44,16 +44,24 @@ func init() {
 		return name
 	})
 
-	V.RegisterValidation("filepath", isFilePath)
-	V.RegisterValidation("logrus", isLogrusLevel)
+	if err := V.RegisterValidation("filepath", isFilePath); err != nil {
+		panic(err)
+	}
+
+	if err := V.RegisterValidation("logrus", isLogrusLevel); err != nil {
+		panic(err)
+	}
+
 	V.RegisterAlias("format", "eq=text|eq=json")
 
 	eng := en.New()
 	uni := ut.New(eng, eng)
 	T, _ = uni.GetTranslator("en")
-	en_translations.RegisterDefaultTranslations(V, T)
+	if err := en_translations.RegisterDefaultTranslations(V, T); err != nil {
+		panic(err)
+	}
 
-	V.RegisterTranslation(
+	if err := V.RegisterTranslation(
 		"filepath",
 		T,
 		func(ut ut.Translator) error {
@@ -63,9 +71,11 @@ func init() {
 			t, _ := ut.T("filepath", fe.Field())
 			return t
 		},
-	)
+	); err != nil {
+		panic(err)
+	}
 
-	V.RegisterTranslation(
+	if err := V.RegisterTranslation(
 		"logrus",
 		T,
 		func(ut ut.Translator) error {
@@ -75,9 +85,11 @@ func init() {
 			t, _ := ut.T("logrus", fe.Value().(string))
 			return t
 		},
-	)
+	); err != nil {
+		panic(err)
+	}
 
-	V.RegisterTranslation(
+	if err := V.RegisterTranslation(
 		"format",
 		T,
 		func(ut ut.Translator) error {
@@ -87,5 +99,7 @@ func init() {
 			t, _ := ut.T("format", fe.Value().(string))
 			return t
 		},
-	)
+	); err != nil {
+		panic(err)
+	}
 }
diff --git a/cmd/root.go b/cmd/root.go
@@ -77,7 +77,9 @@ func New(configOptions *ConfigOptions) *cobra.Command {
 			debugFlags(flags)
 		},
 		Run: func(c *cobra.Command, args []string) {
-			c.Help()
+			if err := c.Help(); err != nil {
+				logger.WithError(err).Fatal("error running help")
+			}
 		},
 	}
 
@@ -202,14 +204,19 @@ func initConfig(configFile string) {
 // - config file (e.g. ~/.falco-event-generator.yaml)
 // - its default
 func initFlags(flags *pflag.FlagSet, exclude map[string]bool) {
-	viper.BindPFlags(flags)
+	if err := viper.BindPFlags(flags); err != nil {
+		logger.WithError(err).Fatal("error binding flags to configuration")
+	}
+
 	flags.VisitAll(func(f *pflag.Flag) {
 		if exclude[f.Name] {
 			return
 		}
 		viper.SetDefault(f.Name, f.DefValue)
 		if v := viper.GetString(f.Name); v != f.DefValue {
-			flags.Set(f.Name, v)
+			if err := flags.Set(f.Name, v); err != nil {
+				logger.WithError(err).WithField("flag", f.Name).Fatal("error setting flag")
+			}
 		}
 	})
 }

diff --git a/cmd/run.go b/cmd/run.go
@@ -73,23 +73,27 @@ Without arguments it runs all actions, otherwise only those actions matching the
 
 	ns := flags.Lookup("namespace")
 	ns.DefValue = DefaultNamespace
-	ns.Value.Set(DefaultNamespace)
+	if err := ns.Value.Set(DefaultNamespace); err != nil {
+		panic(err)
+	}
 
 	return c, func(c *cobra.Command, args []string, options ...runner.Option) error {
-
 		flags := c.Flags()
 		ns, err := flags.GetString("namespace")
 		if err != nil {
 			return err
 		}
+
 		sleep, err := flags.GetDuration("sleep")
 		if err != nil {
 			return err
 		}
+
 		loop, err := flags.GetBool("loop")
 		if err != nil {
 			return err
 		}
+
 		all, err := flags.GetBool("all")
 		if err != nil {
 			return err

diff --git a/cmd/test.go b/cmd/test.go
@@ -15,8 +15,6 @@ limitations under the License.
 package cmd
 
 import (
-
-	// register event collections
 	"time"
 
 	"github.com/falcosecurity/event-generator/pkg/runner"

diff --git a/events/README.md b/events/README.md
@@ -63,7 +63,7 @@ For this reason, *actions* should revert any operation that changed the state of
 
 ```golang
 func WriteBelowEtc(h events.Helper) error {
-	const filename = "/etc/created-by-event-generator"
+	const filename = "/etc/falco-event-generator"
 	h.Log().Infof("writing to %s", filename)
 	defer os.Remove(filename) // clean up here!!!
 	return os.WriteFile(filename, nil, os.FileMode(0755))