profile

package
v0.0.0-...-2feb83d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Overview

Package profile holds profile related files

Package profile holds profile related files

Index

Constants

View Source 
const DefaultProfileName = "default"

DefaultProfileName used as default profile name

Variables

This section is empty.

Functions

func FillProfileContextFromProfile 

func FillProfileContextFromProfile(ctx *model.SecurityProfileContext, profile *SecurityProfile, imageTag string)

FillProfileContextFromProfile fills the given ctx with profile infos

func LoadProtoFromFile 

func LoadProtoFromFile(filepath string) (*proto.SecurityProfile, error)

LoadProtoFromFile loads proto profile from file

func ProtoToSecurityProfile 

func ProtoToSecurityProfile(output *SecurityProfile, pathsReducer *activity_tree.PathsReducer, input *proto.SecurityProfile)

ProtoToSecurityProfile decodes a Security Profile from its protobuf representation

func SecurityProfileToProto 

func SecurityProfileToProto(input *SecurityProfile) *proto.SecurityProfile

SecurityProfileToProto incode a Security Profile to its protobuf representation

Types

type ActivityDumpManager 

type ActivityDumpManager interface {
	StopDumpsWithSelector(selector cgroupModel.WorkloadSelector)
}

ActivityDumpManager is a generic interface to reach the Activity Dump manager

type DirectoryProvider 

type DirectoryProvider struct {
	sync.Mutex
	// contains filtered or unexported fields
}

DirectoryProvider is a ProfileProvider that fetches Security Profiles from the filesystem

func NewDirectoryProvider 

func NewDirectoryProvider(directory string, watch bool) (*DirectoryProvider, error)

NewDirectoryProvider returns a new instance of DirectoryProvider

func (*DirectoryProvider) OnLocalStorageCleanup 

func (dp *DirectoryProvider) OnLocalStorageCleanup(files []string)

OnLocalStorageCleanup removes the provided files from the entries of the directory provider

func (*DirectoryProvider) SendStats 

func (dp *DirectoryProvider) SendStats(client statsd.ClientInterface) error

SendStats sends the metrics of the directory provider

func (*DirectoryProvider) SetOnNewProfileCallback 

func (dp *DirectoryProvider) SetOnNewProfileCallback(onNewProfileCallback func(selector cgroupModel.WorkloadSelector, profile *proto.SecurityProfile))

SetOnNewProfileCallback sets the onNewProfileCallback function

func (*DirectoryProvider) Start 

func (dp *DirectoryProvider) Start(ctx context.Context) error

Start runs the directory provider

func (*DirectoryProvider) Stop 

func (dp *DirectoryProvider) Stop() error

Stop closes the directory provider

func (*DirectoryProvider) UpdateWorkloadSelectors 

func (dp *DirectoryProvider) UpdateWorkloadSelectors(selectors []cgroupModel.WorkloadSelector)

UpdateWorkloadSelectors updates the selectors used to query profiles

type EventFilteringProfileState 

type EventFilteringProfileState uint8

EventFilteringProfileState is used to compute metrics for the event filtering feature 

const (
	// NoProfile is used to count the events for which we didn't have a profile
	NoProfile EventFilteringProfileState = iota
	// ProfileAtMaxSize is used to count the events that didn't make it into a profile because their matching profile
	// reached the max size threshold
	ProfileAtMaxSize
	// UnstableEventType is used to count the events that didn't make it into a profile because their matching profile was
	// unstable for their event type
	UnstableEventType
	// StableEventType is used to count the events linked to a stable profile for their event type
	StableEventType
	// AutoLearning is used to count the event during the auto learning phase
	AutoLearning
	// WorkloadWarmup is used to count the learned events due to workload warm up time
	WorkloadWarmup
)

func ProtoToState 

func ProtoToState(eps proto.EventProfileState) EventFilteringProfileState

ProtoToState converts a proto state to a profile one

func (EventFilteringProfileState) String 

func (efr EventFilteringProfileState) String() string

type EventFilteringResult 

type EventFilteringResult uint8

EventFilteringResult is used to compute metrics for the event filtering feature 

const (
	// NA not applicable for profil NoProfile and ProfileAtMaxSize state
	NA EventFilteringResult = iota
	// InProfile is used to count the events that matched a profile
	InProfile
	// NotInProfile is used to count the events that didn't match their profile
	NotInProfile
)

type EventTypeState 

type EventTypeState struct {
	// contains filtered or unexported fields
}

EventTypeState defines an event type state

type LoadOpts 

type LoadOpts struct {
	DNSMatchMaxDepth  int
	DifferentiateArgs bool
}

LoadOpts defines options applied when loading a profile

type Provider 

type Provider interface {
	// Start runs the profile provider
	Start(ctx context.Context) error
	// Stop closes the profile provider
	Stop() error
	// SendStats sends the metrics of the profile provider
	SendStats(statsdClient statsd.ClientInterface) error

	// UpdateWorkloadSelectors updates the selectors used to query profiles
	UpdateWorkloadSelectors(selectors []cgroupModel.WorkloadSelector)
	// SetOnNewProfileCallback sets the onNewProfileCallback function
	SetOnNewProfileCallback(onNewProfileCallback func(selector cgroupModel.WorkloadSelector, profile *proto.SecurityProfile))
}

Provider defines a profile provider

type SecurityProfile 

type SecurityProfile struct {
	sync.Mutex

	// Instances is the list of workload instances to witch the profile should apply
	Instances []*cgroupModel.CacheEntry

	// Metadata contains metadata for the current profile
	Metadata mtdt.Metadata

	// ActivityTree contains the activity tree of the Security Profile
	ActivityTree *activity_tree.ActivityTree
	// contains filtered or unexported fields
}

SecurityProfile defines a security profile

func NewSecurityProfile 

func NewSecurityProfile(selector cgroupModel.WorkloadSelector, eventTypes []model.EventType, pathsReducer *activity_tree.PathsReducer) *SecurityProfile

NewSecurityProfile creates a new instance of Security Profile

func (*SecurityProfile) GetGlobalEventTypeState 

func (p *SecurityProfile) GetGlobalEventTypeState(et model.EventType) EventFilteringProfileState

GetGlobalEventTypeState returns the global state of a profile for a given event type: AutoLearning, StableEventType or UnstableEventType

func (*SecurityProfile) GetGlobalState 

func (p *SecurityProfile) GetGlobalState() EventFilteringProfileState

GetGlobalState returns the global state of a profile: AutoLearning, StableEventType or UnstableEventType

func (*SecurityProfile) GetState 

func (p *SecurityProfile) GetState(imageTag string) EventFilteringProfileState

GetState returns the state of a profile for a given imageTag

func (*SecurityProfile) GetVersionContextIndex 

func (p *SecurityProfile) GetVersionContextIndex(index int) *VersionContext

GetVersionContextIndex returns the context of the givent version if any

func (*SecurityProfile) GetVersions 

func (p *SecurityProfile) GetVersions() []string

GetVersions returns the number of versions stored in the profile (debug purpose only)

func (*SecurityProfile) IsEventTypeValid 

func (p *SecurityProfile) IsEventTypeValid(evtType model.EventType) bool

IsEventTypeValid is used to control which event types should trigger anomaly detection alerts

func (*SecurityProfile) ListAllVersionStates 

func (p *SecurityProfile) ListAllVersionStates()

ListAllVersionStates is a debug function to list all version and their states

func (*SecurityProfile) LoadFromProto 

func (p *SecurityProfile) LoadFromProto(input *proto.SecurityProfile, opts LoadOpts)

LoadFromProto populates the security-profile from the protobuf version

func (*SecurityProfile) LoadFromProtoFile 

func (p *SecurityProfile) LoadFromProtoFile(path string, opts LoadOpts) error

LoadFromProtoFile populates the security-profile from the protobuf file

func (*SecurityProfile) MatchesSelector 

func (p *SecurityProfile) MatchesSelector(entry *model.ProcessCacheEntry) bool

MatchesSelector is used to control how an event should be added to a profile

func (*SecurityProfile) NewProcessNodeCallback 

func (p *SecurityProfile) NewProcessNodeCallback(_ *activity_tree.ProcessNode)

NewProcessNodeCallback is a callback function used to propagate the fact that a new process node was added to the activity tree

func (*SecurityProfile) SendStats 

func (p *SecurityProfile) SendStats(client statsd.ClientInterface) error

SendStats sends profile stats

func (*SecurityProfile) SetVersionState 

func (p *SecurityProfile) SetVersionState(imageTag string, state EventFilteringProfileState) error

SetVersionState force a state for a given version (debug purpose only)

func (*SecurityProfile) ToSecurityProfileMessage 

func (p *SecurityProfile) ToSecurityProfileMessage() *api.SecurityProfileMessage

ToSecurityProfileMessage returns a SecurityProfileMessage filled with the content of the current Security Profile

type SecurityProfileManager 

type SecurityProfileManager struct {
	// contains filtered or unexported fields
}

SecurityProfileManager is used to manage Security Profiles

func NewSecurityProfileManager 

func NewSecurityProfileManager(config *config.Config, statsdClient statsd.ClientInterface, resolvers *resolvers.EBPFResolvers, manager *manager.Manager) (*SecurityProfileManager, error)

NewSecurityProfileManager returns a new instance of SecurityProfileManager

func (*SecurityProfileManager) CountEvictedVersion 

func (m *SecurityProfileManager) CountEvictedVersion(imageName, imageTag string)

CountEvictedVersion count the evicted version for associated metric

func (*SecurityProfileManager) FetchSilentWorkloads 

func (m *SecurityProfileManager) FetchSilentWorkloads() map[cgroupModel.WorkloadSelector][]*cgroupModel.CacheEntry

FetchSilentWorkloads returns the list of workloads for which we haven't received any profile

func (*SecurityProfileManager) FillProfileContextFromContainerID 

func (m *SecurityProfileManager) FillProfileContextFromContainerID(id string, ctx *model.SecurityProfileContext, imageTag string)

FillProfileContextFromContainerID populates a SecurityProfileContext for the given container ID

func (*SecurityProfileManager) GetProfile 

func (m *SecurityProfileManager) GetProfile(selector cgroupModel.WorkloadSelector) *SecurityProfile

GetProfile returns a profile by its selector

func (*SecurityProfileManager) LinkProfile 

func (m *SecurityProfileManager) LinkProfile(profile *SecurityProfile, workload *cgroupModel.CacheEntry)

LinkProfile applies a profile to the provided workload

func (*SecurityProfileManager) ListAllProfileStates 

func (m *SecurityProfileManager) ListAllProfileStates()

ListAllProfileStates list all profiles and their versions (debug purpose only)

func (*SecurityProfileManager) ListSecurityProfiles 

func (m *SecurityProfileManager) ListSecurityProfiles(params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)

ListSecurityProfiles returns the list of security profiles

func (*SecurityProfileManager) LookupEventInProfiles 

func (m *SecurityProfileManager) LookupEventInProfiles(event *model.Event)

LookupEventInProfiles lookups event in profiles

func (*SecurityProfileManager) OnCGroupDeletedEvent 

func (m *SecurityProfileManager) OnCGroupDeletedEvent(workload *cgroupModel.CacheEntry)

OnCGroupDeletedEvent is used to handle a CGroupDeleted event

func (*SecurityProfileManager) OnLocalStorageCleanup 

func (m *SecurityProfileManager) OnLocalStorageCleanup(files []string)

OnLocalStorageCleanup performs the necessary cleanup when the Activity Dump Manager local storage cleans up an entry

func (*SecurityProfileManager) OnNewProfileEvent 

func (m *SecurityProfileManager) OnNewProfileEvent(selector cgroupModel.WorkloadSelector, newProfile *proto.SecurityProfile)

OnNewProfileEvent handles the arrival of a new profile (or the new version of a profile) from a provider

func (*SecurityProfileManager) OnWorkloadSelectorResolvedEvent 

func (m *SecurityProfileManager) OnWorkloadSelectorResolvedEvent(workload *cgroupModel.CacheEntry)

OnWorkloadSelectorResolvedEvent is used to handle the creation of a new cgroup with its resolved tags

func (*SecurityProfileManager) SaveSecurityProfile 

func (m *SecurityProfileManager) SaveSecurityProfile(params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)

SaveSecurityProfile saves the requested security profile to disk

func (*SecurityProfileManager) SendStats 

func (m *SecurityProfileManager) SendStats() error

SendStats sends metrics about the Security Profile manager

func (*SecurityProfileManager) SetActivityDumpManager 

func (m *SecurityProfileManager) SetActivityDumpManager(manager ActivityDumpManager)

SetActivityDumpManager sets the stopDumpsWithSelectorCallback function

func (*SecurityProfileManager) ShouldDeleteProfile 

func (m *SecurityProfileManager) ShouldDeleteProfile(profile *SecurityProfile)

ShouldDeleteProfile checks if a profile should be deleted (happens if no instance is linked to it)

func (*SecurityProfileManager) Start 

func (m *SecurityProfileManager) Start(ctx context.Context)

Start runs the manager of Security Profiles

func (*SecurityProfileManager) UnlinkProfile 

func (m *SecurityProfileManager) UnlinkProfile(profile *SecurityProfile, workload *cgroupModel.CacheEntry)

UnlinkProfile removes the link between a workload and a profile

type VersionContext 

type VersionContext struct {

	// Syscalls is the syscalls profile
	Syscalls []uint32

	// Tags defines the tags used to compute this profile, for each present profile versions
	Tags []string
	// contains filtered or unexported fields
}

VersionContext holds the context of one version (defined by its image tag)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.