Skip to content

Commit

Permalink
feat!(events): normalise data presentation types
Browse files Browse the repository at this point in the history
(Almost) all event data type field names (post-decode) should now
conform to go type names. This will ensure a more consistent and simpler
format for event data.
  • Loading branch information
NDStrahilevitz committed Dec 26, 2024
1 parent 2b05b03 commit f6cabd1
Show file tree
Hide file tree
Showing 8 changed files with 1,362 additions and 1,365 deletions.
2 changes: 1 addition & 1 deletion pkg/bufferdecoder/eventsreader.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ func GetDecodeType(fieldType string) trace.DecodeAs {
return trace.SOCK_ADDR_T
case "bytes":
return trace.BYTES_T
case "int[2]":
case "[2]int32":
return trace.INT_ARR_2_T
case "slim_cred_t":
return trace.CRED_T
Expand Down
Binary file modified pkg/dnscache/dns_events_test.gz
Binary file not shown.
2 changes: 1 addition & 1 deletion pkg/ebpf/processor_funcs.go
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@ func (t *Tracee) addHashArg(event *trace.Event, fileKey *filehash.Key) error {
}

hashArg := trace.Argument{
ArgMeta: trace.ArgMeta{Name: "sha256", Type: "char*"},
ArgMeta: trace.ArgMeta{Name: "sha256", Type: "string"},
}

hash, err := t.fileHashes.Get(fileKey)
Expand Down
2,616 changes: 1,308 additions & 1,308 deletions pkg/events/core.go

Large diffs are not rendered by default.

32 changes: 15 additions & 17 deletions pkg/events/parse/params.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,43 +26,41 @@ func ArgVal[T any](args []trace.Argument, argName string) (T, error) {

func ArgZeroValueFromType(t string) interface{} {
switch t {
case "char":
case "char", "byte":
return byte(0)
case "bytes":
case "[]byte":
return []byte{}
case "s8":
case "int8":
return int8(0)
case "u8":
case "uint8":
return uint8(0)
case "s16",
"short":
case "int16":
return int16(0)
case "u16":
case "uint16":
return uint16(0)
case "int":
case "int32":
return int32(0)
case "unsigned int":
case "uint32":
return uint32(0)
case "int[2]":
case "[2]int32":
return [2]int32{}
case "long":
case "int64":
return int64(0)
case "unsigned long":
case "uint64":
return uint64(0)
case "unsigned long[]":
case "[]uint64":
return []uint64{}
case "char*":
case "string":
return string("")
case "const char**",
"const char*const*":
case "[]string":
return []string{}
case "bool":
return false
case "float":
return float32(0)
case "float64":
return float64(0)
case "slim_cred_t":
case "trace.SlimCred":
return trace.SlimCred{}
case "trace.ProtoIPv4":
return trace.ProtoIPv4{}
Expand Down
2 changes: 1 addition & 1 deletion pkg/server/grpc/event_data_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ func Test_getEventData(t *testing.T) {
{
ArgMeta: trace.ArgMeta{
Name: "pipefd",
Type: "int[2]",
Type: "[2]int32",
},
Value: [2]int32{3, 4},
},
Expand Down
31 changes: 15 additions & 16 deletions types/trace/trace.go
Original file line number Diff line number Diff line change
Expand Up @@ -185,20 +185,19 @@ func (d DecodeAs) String() string {
case NONE_T:
return "nil"
case INT_T:
return "int"
return "int32"
case UINT_T:
return "uint"
return "uint32"
case LONG_T:
return "long"
return "int64"
case ULONG_T:
return "ulong"
return "uint64"
case U16_T:
return "u16"
return "uint16"
case U8_T:
return "u8"
return "uint8"
case INT_ARR_2_T:
return "[2]int"

case UINT64_ARR_T:
return "[]uint64"
case POINTER_T:
Expand All @@ -212,7 +211,7 @@ func (d DecodeAs) String() string {
case SOCK_ADDR_T:
return "SockAddr"
case CRED_T:
return "SlimCred"
return "trace.SlimCred"
case TIMESPEC_T:
return "time.Time"
case ARGS_ARR_T:
Expand Down Expand Up @@ -257,29 +256,29 @@ func (arg *Argument) UnmarshalJSON(b []byte) error {
if err != nil {
return err
}
arg.Value = uint64(tmp)
arg.Value = uintptr(tmp)
return nil
}
switch arg.Type {
case "int":
case "int32":
tmp, err := strconv.ParseInt(num.String(), 10, 32)
if err != nil {
return err
}
arg.Value = int32(tmp)
case "long":
case "int64":
tmp, err := num.Int64()
if err != nil {
return err
}
arg.Value = tmp
case "unsigned int":
case "uint32":
tmp, err := strconv.ParseUint(num.String(), 10, 32)
if err != nil {
return err
}
arg.Value = uint32(tmp)
case "unsigned long":
case "uint64":
tmp, err := strconv.ParseUint(num.String(), 10, 64)
if err != nil {
return err
Expand All @@ -297,7 +296,7 @@ func (arg *Argument) UnmarshalJSON(b []byte) error {
return err
}
arg.Value = tmp
case "u16":
case "uint16":
tmp, err := strconv.ParseUint(num.String(), 10, 16)
if err != nil {
return err
Expand All @@ -309,7 +308,7 @@ func (arg *Argument) UnmarshalJSON(b []byte) error {
return err
}
arg.Value = int8(tmp)
case "u8":
case "uint8":
tmp, err := strconv.ParseUint(num.String(), 10, 8)
if err != nil {
return err
Expand All @@ -323,7 +322,7 @@ func (arg *Argument) UnmarshalJSON(b []byte) error {
var err error

switch arg.Type {
case "const char*const*", "const char**":
case "[]string":
if arg.Value != nil {
argValue, ok := arg.Value.([]interface{})
if !ok {
Expand Down
42 changes: 21 additions & 21 deletions types/trace/trace_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ func TestEventUnmarshalJSON(t *testing.T) {
json: `{"timestamp":26018249532,"processId":12434,"threadId":12434,"parentprocessid":23921,
"hostprocessid":12434,"hostthreadid":12434,"hostparentprocessid":23921,"userid":1000,"mountnamespace":4026531840,
"pidnamespace":4026531836,"processname":"strace","hostname":"ubuntu","eventid":"101","eventname":"ptrace",
"argsnum":4,"returnvalue":0,"args":[{"name":"request","type":"long","value":"ptrace_seize"},
{"name":"pid","type":"pid_t","value":12435},{"name":"addr","type":"void*","value":"0x0"},{"name":"data","type":"void*","value":"0x7f6f1eb44b83"}]}`,
expect: Event{Timestamp: 26018249532, ProcessID: 12434, ThreadID: 12434, ParentProcessID: 23921, HostProcessID: 12434, HostThreadID: 12434, HostParentProcessID: 23921, UserID: 1000, MountNS: 4026531840, PIDNS: 4026531836, ProcessName: "strace", HostName: "ubuntu", EventID: 101, EventName: "ptrace", ArgsNum: 4, ReturnValue: 0, Args: []Argument{{ArgMeta: ArgMeta{Name: "request", Type: "long"}, Value: "ptrace_seize"}, {ArgMeta: ArgMeta{Name: "pid", Type: "int"}, Value: int32(12435)}, {ArgMeta: ArgMeta{Name: "addr", Type: "void*"}, Value: "0x0"}, {ArgMeta: ArgMeta{Name: "data", Type: "void*"}, Value: "0x7f6f1eb44b83"}}, ContextFlags: ContextFlags{ContainerStarted: false}},
"argsnum":4,"returnvalue":0,"args":[{"name":"request","type":"int64","value":"ptrace_seize"},
{"name":"pid","type":"int32","value":12435},{"name":"addr","type":"void*","value":"0x0"},{"name":"data","type":"void*","value":"0x7f6f1eb44b83"}]}`,
expect: Event{Timestamp: 26018249532, ProcessID: 12434, ThreadID: 12434, ParentProcessID: 23921, HostProcessID: 12434, HostThreadID: 12434, HostParentProcessID: 23921, UserID: 1000, MountNS: 4026531840, PIDNS: 4026531836, ProcessName: "strace", HostName: "ubuntu", EventID: 101, EventName: "ptrace", ArgsNum: 4, ReturnValue: 0, Args: []Argument{{ArgMeta: ArgMeta{Name: "request", Type: "int64"}, Value: "ptrace_seize"}, {ArgMeta: ArgMeta{Name: "pid", Type: "int32"}, Value: int32(12435)}, {ArgMeta: ArgMeta{Name: "addr", Type: "void*"}, Value: "0x0"}, {ArgMeta: ArgMeta{Name: "data", Type: "void*"}, Value: "0x7f6f1eb44b83"}}, ContextFlags: ContextFlags{ContainerStarted: false}},
},
}
for _, tc := range testCases {
Expand Down Expand Up @@ -77,28 +77,28 @@ func TestArgumentUnmarshalJSON(t *testing.T) {
testCases := []testCase{
{
name: "int arg",
json: `{ "name":"test", "type":"int", "value": ` + string(maxInt32JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "int"}, Value: int32(math.MaxInt32)},
json: `{ "name":"test", "type":"int32", "value": ` + string(maxInt32JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "int32"}, Value: int32(math.MaxInt32)},
},
{
name: "unsigned int arg",
json: `{ "name":"test", "type":"unsigned int", "value": ` + string(maxUint32JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "unsigned int"}, Value: uint32(math.MaxUint32)},
name: "uint32 arg",
json: `{ "name":"test", "type":"uint32", "value": ` + string(maxUint32JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "uint32"}, Value: uint32(math.MaxUint32)},
},
{
name: "long arg",
json: `{ "name":"test", "type":"long", "value": ` + string(maxInt64JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "long"}, Value: int64(math.MaxInt64)},
name: "int64 arg",
json: `{ "name":"test", "type":"int64", "value": ` + string(maxInt64JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "int64"}, Value: int64(math.MaxInt64)},
},
{
name: "unsigned long arg",
json: `{ "name":"test", "type":"unsigned long", "value": ` + string(maxUint64JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "unsigned long"}, Value: uint64(math.MaxUint64)},
name: "uint64 arg",
json: `{ "name":"test", "type":"uint64", "value": ` + string(maxUint64JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "uint64"}, Value: uint64(math.MaxUint64)},
},
{
name: "random_struct* arg",
json: `{ "name":"test", "type":"random_struct*", "value": ` + string(maxUint64JSON) + `}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "random_struct*"}, Value: uint64(math.MaxUint64)},
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "random_struct*"}, Value: uintptr(math.MaxUint64)},
},
{
name: "float arg",
Expand All @@ -111,14 +111,14 @@ func TestArgumentUnmarshalJSON(t *testing.T) {
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "float64"}, Value: float64(math.MaxFloat64)},
},
{
name: "const char*const* arg",
json: `{ "name":"test", "type":"const char*const*", "value": [ "foo", "bar" ]}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "const char*const*"}, Value: []string{"foo", "bar"}},
name: "[]string arg",
json: `{ "name":"test", "type":"[]string", "value": [ "foo", "bar" ]}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "[]string"}, Value: []string{"foo", "bar"}},
},
{
name: "const char*const* arg",
json: `{ "name":"test", "type":"const char*const*", "value": null}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "const char*const*"}, Value: nil},
name: "[]string arg",
json: `{ "name":"test", "type":"[]string", "value": null}`,
expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "[]string"}, Value: nil},
},
{
name: "err arg",
Expand Down

0 comments on commit f6cabd1

Please sign in to comment.