Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sync: 0.17.2 #1908

Merged
merged 10 commits into from
Jun 14, 2024
4 changes: 4 additions & 0 deletions cmake/modules/CompilerFlags.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,12 @@ else() # MSVC
set(CMAKE_C_FLAGS_RELEASE "${FALCOSECURITY_LIBS_RELEASE_FLAGS}")
set(CMAKE_CXX_FLAGS_RELEASE "${FALCOSECURITY_LIBS_RELEASE_FLAGS}")

# "_DISABLE_CONSTEXPR_MUTEX_CONSTRUCTOR" enables a
# workaround for windows GH runner issue, see
# https://github.com/actions/runner-images/issues/10004
add_compile_definitions(
_HAS_STD_BYTE=0
WIN32_LEAN_AND_MEAN
_DISABLE_CONSTEXPR_MUTEX_CONSTRUCTOR
)
endif()
4 changes: 2 additions & 2 deletions cmake/modules/cares.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ else()
message(STATUS "Using bundled c-ares in '${CARES_SRC}'")
ExternalProject_Add(c-ares
PREFIX "${PROJECT_BINARY_DIR}/c-ares-prefix"
URL "https://c-ares.haxx.se/download/c-ares-1.19.1.tar.gz"
URL_HASH "SHA256=321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e"
URL "https://github.com/c-ares/c-ares/releases/download/v1.30.0/c-ares-1.30.0.tar.gz"
URL_HASH "SHA256=4fea312112021bcef081203b1ea020109842feb58cd8a36a3d3f7e0d8bc1138c"
CONFIGURE_COMMAND CPPFLAGS=${CARES_CPPFLAGS} ./configure ${CARES_STATIC_OPTION} --prefix=${CARES_INSTALL_DIR}
BUILD_COMMAND make
BUILD_IN_SOURCE 1
Expand Down
2 changes: 1 addition & 1 deletion userspace/libsinsp/filter_compare.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,7 @@ static inline void _throw_if_not_comparable(cmpop op, Check c)
}

template<typename T>
static inline bool flt_compare_numeric(cmpop op, uint64_t operand1, uint64_t operand2)
static inline bool flt_compare_numeric(cmpop op, T operand1, T operand2)
{
switch(op)
{
Expand Down
26 changes: 13 additions & 13 deletions userspace/libsinsp/metrics_collector.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -457,19 +457,6 @@ void libs_metrics_collector::snapshot()
return;
}

/*
* plugins metrics
*/

if(m_metrics_flags & METRICS_V2_PLUGINS)
{
for (auto& p : m_inspector->get_plugin_manager()->plugins())
{
std::vector<metrics_v2> plugin_metrics = p->get_metrics();
m_metrics.insert(m_metrics.end(), plugin_metrics.begin(), plugin_metrics.end());
}
}

/*
* libscap metrics
*/
Expand Down Expand Up @@ -783,6 +770,19 @@ void libs_metrics_collector::snapshot()
}
}
}

/*
* plugins metrics
*/

if(m_metrics_flags & METRICS_V2_PLUGINS)
{
for (auto& p : m_inspector->get_plugin_manager()->plugins())
{
std::vector<metrics_v2> plugin_metrics = p->get_metrics();
m_metrics.insert(m_metrics.end(), plugin_metrics.begin(), plugin_metrics.end());
}
}
}

const std::vector<metrics_v2>& libs_metrics_collector::get_metrics() const
Expand Down
1 change: 1 addition & 0 deletions userspace/libsinsp/test/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ set(LIBSINSP_UNIT_TESTS_SOURCES
filter_parser.ut.cpp
filter_op_bcontains.ut.cpp
filter_op_pmatch.ut.cpp
filter_op_numeric_compare.ut.cpp
filter_compiler.ut.cpp
filter_transformer.ut.cpp
user.ut.cpp
Expand Down
59 changes: 59 additions & 0 deletions userspace/libsinsp/test/filter_op_numeric_compare.ut.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2024 The Falco Authors.

Licensed under the Apache License, Version 2.0 (the "License"));
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

*/

#include <libsinsp/sinsp.h>
#include <gtest/gtest.h>

#include <sinsp_with_test_input.h>

TEST_F(sinsp_with_test_input, signed_int_compare)
{
add_default_init_thread();

open_inspector();

sinsp_evt * evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_EPOLL_CREATE_X, 1, (uint64_t)-22);

EXPECT_EQ(get_field_as_string(evt, "evt.cpu"), "1");

EXPECT_TRUE(eval_filter(evt, "evt.cpu < 300"));
EXPECT_FALSE(eval_filter(evt, "evt.cpu > 300"));
EXPECT_TRUE(eval_filter(evt, "evt.cpu < 2"));
EXPECT_TRUE(eval_filter(evt, "evt.cpu > -500"));
EXPECT_TRUE(eval_filter(evt, "evt.cpu < 500"));
EXPECT_TRUE(eval_filter(evt, "evt.cpu <= 500"));

EXPECT_TRUE(eval_filter(evt, "evt.cpu <= 1025"));
EXPECT_FALSE(eval_filter(evt, "evt.cpu >= 1025"));

EXPECT_FALSE(eval_filter(evt, "evt.rawarg.res > 0"));
EXPECT_TRUE(eval_filter(evt, "evt.rawarg.res < 0"));
EXPECT_FALSE(eval_filter(evt, "evt.rawarg.res > 4294967295"));
EXPECT_TRUE(eval_filter(evt, "evt.rawarg.res < -1"));
EXPECT_TRUE(eval_filter(evt, "evt.rawarg.res > -65535"));

evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_OPEN_E, 3, "/tmp/the_file", PPM_O_NONE, 0666);
evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_OPEN_X, 6, (int64_t)(-1), "/tmp/the_file", PPM_O_NONE, 0666, 123, (uint64_t)456);

EXPECT_FALSE(eval_filter(evt, "fd.num >= 0"));
EXPECT_FALSE(eval_filter(evt, "fd.num > 0"));
EXPECT_TRUE(eval_filter(evt, "fd.num < 0"));
EXPECT_FALSE(eval_filter(evt, "fd.num > 4294967295"));
EXPECT_FALSE(eval_filter(evt, "fd.num < -1"));
EXPECT_TRUE(eval_filter(evt, "fd.num > -65535"));
}
14 changes: 14 additions & 0 deletions userspace/libsinsp/test/sinsp_with_test_input.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -497,6 +497,20 @@ std::string sinsp_with_test_input::get_field_as_string(sinsp_evt* evt, std::stri
return result;
}

bool sinsp_with_test_input::eval_filter(sinsp_evt* evt, std::string filter_str)
{
auto factory = std::make_shared<sinsp_filter_factory>(&m_inspector, m_default_filterlist);
sinsp_filter_compiler compiler(factory, filter_str);

auto filter = compiler.compile();
if (!filter)
{
throw sinsp_exception(std::string("could not compile filter ") + filter_str);
}

return filter->run(evt);
}

sinsp_evt* sinsp_with_test_input::next_event()
{
sinsp_evt* evt;
Expand Down
3 changes: 3 additions & 0 deletions userspace/libsinsp/test/sinsp_with_test_input.h
Original file line number Diff line number Diff line change
Expand Up @@ -192,12 +192,15 @@ class sinsp_with_test_input : public ::testing::Test
void add_default_init_thread();
void add_simple_thread(int64_t tid, int64_t pid, int64_t ptid, const std::string& comm = "random");
uint64_t increasing_ts();

bool field_exists(sinsp_evt*, std::string_view field_name);
bool field_exists(sinsp_evt*, std::string_view field_name, filter_check_list&);
bool field_has_value(sinsp_evt*, std::string_view field_name);
bool field_has_value(sinsp_evt*, std::string_view field_name, filter_check_list&);
std::string get_field_as_string(sinsp_evt*, std::string_view field_name);
std::string get_field_as_string(sinsp_evt*, std::string_view field_name, filter_check_list&);
bool eval_filter(sinsp_evt* evt, std::string filter);

sinsp_evt* next_event();

scap_test_input_data m_test_data;
Expand Down
23 changes: 19 additions & 4 deletions userspace/libsinsp/test/user.ut.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -169,13 +169,13 @@ class usergroup_manager_host_root_test : public sinsp_with_test_input

{
std::ofstream ofs(etc + "/passwd");
ofs << "toor:x:0:0:toor:/toor:/bin/ash" << std::endl;
ofs.close();
ofs << "toor:x:0:0:toor:/toor:/bin/ash\n"
<< "+testuser::::::\n";
}
{
std::ofstream ofs(etc + "/group");
ofs << "toor:x:0:toor" << std::endl;
ofs.close();
ofs << "toor:x:0:toor\n"
<< "+testgroup::::::\n";
}
}

Expand Down Expand Up @@ -211,4 +211,19 @@ TEST_F(usergroup_manager_host_root_test, host_root_lookup)
ASSERT_EQ(group->gid, 0);
ASSERT_STREQ(group->name, "toor");
}

TEST_F(usergroup_manager_host_root_test, nss_user_lookup)
{
std::string container_id; // empty container_id means host

sinsp_usergroup_manager mgr(&m_inspector);
mgr.add_user(container_id, -1, 0, 0, {}, {}, {});
mgr.add_user(container_id, -1, 65534, 0, {}, {}, {});

auto* usr = mgr.add_user(container_id, -1, 0, 0, "+test_user", "", "");
ASSERT_EQ(usr, nullptr);

auto* grp = mgr.add_group(container_id, -1, 0, "+test_group");
ASSERT_EQ(grp, nullptr);
}
#endif
16 changes: 16 additions & 0 deletions userspace/libsinsp/user.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,14 @@ scap_groupinfo *sinsp_usergroup_manager::groupinfo_map_insert(

scap_userinfo *sinsp_usergroup_manager::add_user(const std::string &container_id, int64_t pid, uint32_t uid, uint32_t gid, std::string_view name, std::string_view home, std::string_view shell, bool notify)
{
// ignore NSS entries
if(!name.empty() && (name[0] == '+' || name[0] == '-'))
{
libsinsp_logger()->format(sinsp_logger::SEV_DEBUG,
"NSS user ignored: %.*s", static_cast<int>(name.length()), name.data());
return nullptr;
}

if (!m_import_users)
{
m_fallback_user.uid = uid;
Expand Down Expand Up @@ -401,6 +409,14 @@ bool sinsp_usergroup_manager::rm_user(const string &container_id, uint32_t uid,

scap_groupinfo *sinsp_usergroup_manager::add_group(const string &container_id, int64_t pid, uint32_t gid, std::string_view name, bool notify)
{
// ignore NSS entries
if(!name.empty() && (name[0] == '+' || name[0] == '-'))
{
libsinsp_logger()->format(sinsp_logger::SEV_DEBUG,
"NSS group ignored: %.*s", static_cast<int>(name.length()), name.data());
return nullptr;
}

if (!m_import_users)
{
m_fallback_grp.gid = gid;
Expand Down
2 changes: 1 addition & 1 deletion userspace/plugin/plugin_api.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ extern "C" {
//
// todo(jasondellaluce): when/if major changes to v4, check and solve all todos
#define PLUGIN_API_VERSION_MAJOR 3
#define PLUGIN_API_VERSION_MINOR 5
#define PLUGIN_API_VERSION_MINOR 6
#define PLUGIN_API_VERSION_PATCH 0

//
Expand Down
1 change: 1 addition & 0 deletions userspace/plugin/plugin_loader.c
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ plugin_handle_t* plugin_load(const char* path, char* err)
SYM_RESOLVE(ret, get_async_events);
SYM_RESOLVE(ret, set_async_event_handler);
SYM_RESOLVE(ret, set_config);
SYM_RESOLVE(ret, get_metrics);
return ret;
}

Expand Down
18 changes: 9 additions & 9 deletions userspace/plugin/plugin_types.h
Original file line number Diff line number Diff line change
Expand Up @@ -298,13 +298,13 @@ typedef enum ss_plugin_log_severity
// Types supported by the by the metric values
typedef enum ss_plugin_metric_value_type
{
SS_PLUGIN_METRIC_VALUE_TYPE_U32 = 1,
SS_PLUGIN_METRIC_VALUE_TYPE_S32 = 2,
SS_PLUGIN_METRIC_VALUE_TYPE_U64 = 3,
SS_PLUGIN_METRIC_VALUE_TYPE_S64 = 4,
SS_PLUGIN_METRIC_VALUE_TYPE_D = 5,
SS_PLUGIN_METRIC_VALUE_TYPE_F = 6,
SS_PLUGIN_METRIC_VALUE_TYPE_I = 7,
SS_PLUGIN_METRIC_VALUE_TYPE_U32 = 0,
SS_PLUGIN_METRIC_VALUE_TYPE_S32 = 1,
SS_PLUGIN_METRIC_VALUE_TYPE_U64 = 2,
SS_PLUGIN_METRIC_VALUE_TYPE_S64 = 3,
SS_PLUGIN_METRIC_VALUE_TYPE_D = 4,
SS_PLUGIN_METRIC_VALUE_TYPE_F = 5,
SS_PLUGIN_METRIC_VALUE_TYPE_I = 6,
} ss_plugin_metric_value_type;

// Data representation of metric values
Expand All @@ -322,8 +322,8 @@ typedef union ss_plugin_metric_value
// Metric types
typedef enum ss_plugin_metric_type
{
SS_PLUGIN_METRIC_TYPE_MONOTONIC = 1,
SS_PLUGIN_METRIC_TYPE_NON_MONOTONIC = 2,
SS_PLUGIN_METRIC_TYPE_MONOTONIC = 0,
SS_PLUGIN_METRIC_TYPE_NON_MONOTONIC = 1,
} ss_plugin_metric_type;

//
Expand Down
Loading