Skip to content

Commit

Permalink
tracee-ebpf: separate printer and debug package (aquasecurity#1775)
Browse files Browse the repository at this point in the history
  • Loading branch information
@NDStrahilevitz
NDStrahilevitz authored Jun 7, 2022
1 parent 5626d26 commit 557e225
Show file tree
Hide file tree
Showing 8 changed files with 154 additions and 70 deletions.
8 changes: 4 additions & 4 deletions cmd/tracee-ebpf/internal/flags/debug.go → cmd/tracee-ebpf/internal/debug/debug.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package flags
package debug

var (
debug bool
Expand All @@ -9,19 +9,19 @@ func init() {
}

// returns if the internal debug variable has been enabled
func DebugModeEnabled() bool {
func Enabled() bool {
return debug
}

// enable debug mode
func EnableDebugMode() error {
func Enable() error {
debug = true

return nil
}

// disable debug mode
func DisableDebugMode() error {
func Disable() error {
debug = false

return nil
Expand Down
25 changes: 25 additions & 0 deletions cmd/tracee-ebpf/internal/debug/debug_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package debug_test

import (
"testing"

"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/debug"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

func TestDebug_Initial(t *testing.T) {
assert.Equal(t, false, debug.Enabled())
}

func TestDebug_EnableDebug(t *testing.T) {
err := debug.Enable()
require.NoError(t, err)
assert.Equal(t, true, debug.Enabled())
}

func TestDebug_DisableDebug(t *testing.T) {
err := debug.Disable()
require.NoError(t, err)
assert.Equal(t, false, debug.Enabled())
}
25 changes: 0 additions & 25 deletions cmd/tracee-ebpf/internal/flags/debug_test.go
View file

This file was deleted.

7 changes: 4 additions & 3 deletions cmd/tracee-ebpf/internal/flags/flags-containers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"os"
"strings"

"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/debug"
"github.com/aquasecurity/tracee/pkg/containers/runtime"
)

Expand Down Expand Up @@ -40,7 +41,7 @@ func contains(s []string, val string) bool {

func PrepareContainers(containerFlags []string) (runtime.Sockets, error) {
if len(containerFlags) == 0 {
return autoDiscoverSockets(debug), nil
return autoDiscoverSockets(), nil
}

supportedRuntimes := []string{"crio", "cri-o", "containerd", "docker"}
Expand Down Expand Up @@ -70,7 +71,7 @@ func PrepareContainers(containerFlags []string) (runtime.Sockets, error) {
}

//check default paths for all supported container runtimes and aggregate them
func autoDiscoverSockets(debug bool) runtime.Sockets {
func autoDiscoverSockets() runtime.Sockets {
sockets := runtime.Sockets{}
const (
defaultContainerd = "/var/run/containerd/containerd.sock"
Expand All @@ -89,7 +90,7 @@ func autoDiscoverSockets(debug bool) runtime.Sockets {

func registerSocket(sockets *runtime.Sockets, runtime string, socket string) {
err := sockets.Register(runtimeStringToRuntimeId(runtime), socket)
if DebugModeEnabled() {
if debug.Enabled() {
if err != nil {
fmt.Fprintf(os.Stderr, "RuntimeSockets: failed to register default %s socket:\n%v\n", runtime, err)
} else {
Expand Down
14 changes: 4 additions & 10 deletions cmd/tracee-ebpf/internal/flags/flags-output.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"path/filepath"
"strings"

"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/printer"
tracee "github.com/aquasecurity/tracee/pkg/ebpf"
)

Expand Down Expand Up @@ -39,17 +40,9 @@ Use this flag multiple times to choose multiple output options
`
}

type printerConfig struct {
Kind string
OutPath string
OutFile *os.File
ErrPath string
ErrFile *os.File
}

func PrepareOutput(outputSlice []string) (tracee.OutputConfig, printerConfig, error) {
func PrepareOutput(outputSlice []string) (tracee.OutputConfig, printer.Config, error) {
outcfg := tracee.OutputConfig{}
printcfg := printerConfig{}
printcfg := printer.Config{}
printerKind := "table"
outPath := ""
errPath := ""
Expand Down Expand Up @@ -87,6 +80,7 @@ func PrepareOutput(outputSlice []string) (tracee.OutputConfig, printerConfig, er
outcfg.ExecEnv = true
case "relative-time":
outcfg.RelativeTime = true
printcfg.RelativeTS = true
case "exec-hash":
outcfg.ExecHash = true
case "parse-arguments":
Expand Down
58 changes: 34 additions & 24 deletions cmd/tracee-ebpf/printer.go → cmd/tracee-ebpf/internal/printer/printer.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package main
package printer

import (
"encoding/gob"
Expand All @@ -14,7 +14,7 @@ import (
"github.com/aquasecurity/tracee/types/trace"
)

type eventPrinter interface {
type EventPrinter interface {
// Init serves as the initializer method for every event Printer type
Init() error
// Preamble prints something before event printing begins (one time)
Expand All @@ -29,51 +29,61 @@ type eventPrinter interface {
Close()
}

func newEventPrinter(kind string, containerMode bool, relativeTS bool, out io.WriteCloser, err io.WriteCloser) (eventPrinter, error) {
var res eventPrinter
var initError error
type Config struct {
Kind string
OutPath string
OutFile io.WriteCloser
ErrPath string
ErrFile io.WriteCloser
ContainerMode bool
RelativeTS bool
}

func New(config Config) (EventPrinter, error) {
var res EventPrinter
kind := config.Kind
switch {
case kind == "ignore":
res = &ignoreEventPrinter{
err: err,
err: config.ErrFile,
}
case kind == "table":
res = &tableEventPrinter{
out: out,
err: err,
out: config.OutFile,
err: config.ErrFile,
verbose: false,
containerMode: containerMode,
relativeTS: relativeTS,
containerMode: config.ContainerMode,
relativeTS: config.RelativeTS,
}
case kind == "table-verbose":
res = &tableEventPrinter{
out: out,
err: err,
out: config.OutFile,
err: config.ErrFile,
verbose: true,
containerMode: containerMode,
relativeTS: relativeTS,
containerMode: config.ContainerMode,
relativeTS: config.RelativeTS,
}
case kind == "json":
res = &jsonEventPrinter{
out: out,
err: err,
out: config.OutFile,
err: config.ErrFile,
}
case kind == "gob":
res = &gobEventPrinter{
out: out,
err: err,
out: config.OutFile,
err: config.ErrFile,
}
case strings.HasPrefix(kind, "gotemplate="):
res = &templateEventPrinter{
out: out,
err: err,
containerMode: containerMode,
out: config.OutFile,
err: config.ErrFile,
containerMode: config.ContainerMode,
templatePath: strings.Split(kind, "=")[1],
}
}
initError = res.Init()
if initError != nil {
return nil, initError
err := res.Init()
if err != nil {
return nil, err
}
return res, nil
}
Expand Down
75 changes: 75 additions & 0 deletions cmd/tracee-ebpf/internal/printer/printer_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
package printer_test

import (
"fmt"
"os"
"testing"

"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/flags"
"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/printer"
"github.com/stretchr/testify/assert"
)

func TestPrepareOutputPrinterConfig(t *testing.T) {

testCases := []struct {
testName string
outputSlice []string
expectedPrinter printer.Config
expectedError error
}{
{
testName: "invalid format",
outputSlice: []string{"notaformat"},
expectedPrinter: printer.Config{},
expectedError: fmt.Errorf("unrecognized output format: %s. Valid format values: 'table', 'table-verbose', 'json', 'gob' or 'gotemplate='. Use '--output help' for more info", "notaformat"),
},
{
testName: "invalid format with format prefix",
outputSlice: []string{"format:notaformat2"},
expectedPrinter: printer.Config{},
expectedError: fmt.Errorf("unrecognized output format: %s. Valid format values: 'table', 'table-verbose', 'json', 'gob' or 'gotemplate='. Use '--output help' for more info", "notaformat2"),
},
{
testName: "default",
outputSlice: []string{},
expectedPrinter: printer.Config{
Kind: "table",
OutFile: os.Stdout,
ErrFile: os.Stderr,
},
expectedError: nil,
},
{
testName: "format: json",
outputSlice: []string{"format:json"},
expectedPrinter: printer.Config{
Kind: "json",
OutFile: os.Stdout,
ErrFile: os.Stderr,
},
expectedError: nil,
},
{
testName: "option relative timestamp",
outputSlice: []string{"option:relative-time"},
expectedPrinter: printer.Config{
Kind: "table",
OutFile: os.Stdout,
ErrFile: os.Stderr,
RelativeTS: true,
},
expectedError: nil,
},
}
for _, testcase := range testCases {
t.Run(testcase.testName, func(t *testing.T) {
_, printerCfg, err := flags.PrepareOutput(testcase.outputSlice)
if err != nil {
assert.Equal(t, testcase.expectedError, err)
} else {
assert.Equal(t, testcase.expectedPrinter, printerCfg)
}
})
}
}
12 changes: 8 additions & 4 deletions cmd/tracee-ebpf/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ import (

"github.com/aquasecurity/libbpfgo/helpers"
embed "github.com/aquasecurity/tracee"
"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/debug"
"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/flags"
"github.com/aquasecurity/tracee/cmd/tracee-ebpf/internal/printer"
tracee "github.com/aquasecurity/tracee/pkg/ebpf"
"github.com/aquasecurity/tracee/pkg/metrics"
"github.com/aquasecurity/tracee/types/trace"
Expand Down Expand Up @@ -50,14 +52,14 @@ func main() {

// enable debug mode if debug flag is passed
if c.Bool("debug") {
err := flags.EnableDebugMode()
err := debug.Enable()
if err != nil {
return fmt.Errorf("failed to start debug mode: %v", err)
}
}

// for the rest of execution, use this debug mode value
debug := flags.DebugModeEnabled()
debug := debug.Enabled()

// OS release information

Expand Down Expand Up @@ -140,6 +142,8 @@ func main() {
if err != nil {
return err
}

printerConfig.ContainerMode = containerMode
cfg.Output = &output

// environment capabilities
Expand Down Expand Up @@ -242,7 +246,7 @@ func main() {
}
}

printer, err := newEventPrinter(printerConfig.Kind, containerMode, cfg.Output.RelativeTime, printerConfig.OutFile, printerConfig.ErrFile)
printer, err := printer.New(printerConfig)
if err != nil {
return err
}
Expand Down Expand Up @@ -579,7 +583,7 @@ func unpackCOREBinary() ([]byte, error) {
return nil, err
}

if flags.DebugModeEnabled() {
if debug.Enabled() {
fmt.Println("unpacked CO:RE bpf object file into memory")
}

Expand Down

0 comments on commit 557e225

Please sign in to comment.