Documentation
¶
Index ¶
- func ContainsBinary(mapsFile *ProcessFile, binaries []string) bool
- func FindAllProcesses() ([]int, error)
- func GetContainerPIDs(containerID string) ([]int, error)
- func GetProcDir() string
- func IsProcessEqualToAny(ctx *ProcessContext, processNames []string) bool
- func ReadBinaryContent(filePath string, maxBytes int) ([]byte, error)
- func SetProcDir(dir string)
- type ELFAnalyzer
- func (ea *ELFAnalyzer) ExtractPHPVersion(executablePath string) (string, error)
- func (ea *ELFAnalyzer) GetDynamicLibraries(executablePath string) ([]string, error)
- func (ea *ELFAnalyzer) GetLibcType(executablePath string) (string, error)
- func (ea *ELFAnalyzer) HasCPlusPlusLibraries(executablePath string) (bool, string, error)
- func (ea *ELFAnalyzer) HasPythonSymbols(executablePath string) (bool, string, error)
- func (ea *ELFAnalyzer) HasRustSymbols(executablePath string) (bool, error)
- func (ea *ELFAnalyzer) IsGoBinary(executablePath string) (bool, string, error)
- type ProcessContext
- type ProcessFile
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ContainsBinary ¶
func ContainsBinary(mapsFile *ProcessFile, binaries []string) bool
ContainsBinary checks if maps file contains any of the specified binaries/libraries
func FindAllProcesses ¶
FindAllProcesses scans /proc and returns all process PIDs
func GetContainerPIDs ¶
GetContainerPIDs returns all PIDs belonging to a specific container
func IsProcessEqualToAny ¶
func IsProcessEqualToAny(ctx *ProcessContext, processNames []string) bool
IsProcessEqualToAny checks if process executable or cmdline matches any of the given names
func ReadBinaryContent ¶
ReadBinaryContent reads a portion of binary file for signature checking
func SetProcDir ¶
func SetProcDir(dir string)
SetProcDir sets the proc directory (e.g., /host/proc for DaemonSet mode)
Types ¶
type ELFAnalyzer ¶
type ELFAnalyzer struct{}
ELFAnalyzer provides utilities for analyzing ELF binaries
func (*ELFAnalyzer) ExtractPHPVersion ¶
func (ea *ELFAnalyzer) ExtractPHPVersion(executablePath string) (string, error)
ExtractPHPVersion extracts PHP version from ELF .rodata section
func (*ELFAnalyzer) GetDynamicLibraries ¶
func (ea *ELFAnalyzer) GetDynamicLibraries(executablePath string) ([]string, error)
GetDynamicLibraries returns all dynamic libraries the binary depends on
func (*ELFAnalyzer) GetLibcType ¶
func (ea *ELFAnalyzer) GetLibcType(executablePath string) (string, error)
GetLibcType determines if the binary uses musl or glibc
func (*ELFAnalyzer) HasCPlusPlusLibraries ¶
func (ea *ELFAnalyzer) HasCPlusPlusLibraries(executablePath string) (bool, string, error)
HasCPlusPlusLibraries checks if binary is linked with C++ libraries
func (*ELFAnalyzer) HasPythonSymbols ¶
func (ea *ELFAnalyzer) HasPythonSymbols(executablePath string) (bool, string, error)
HasPythonSymbols checks if binary has Python-related symbols
func (*ELFAnalyzer) HasRustSymbols ¶
func (ea *ELFAnalyzer) HasRustSymbols(executablePath string) (bool, error)
HasRustSymbols checks if binary has Rust symbols
func (*ELFAnalyzer) IsGoBinary ¶
func (ea *ELFAnalyzer) IsGoBinary(executablePath string) (bool, string, error)
IsGoBinary checks if a binary is a Go executable using buildinfo
type ProcessContext ¶
type ProcessContext struct {
PID int
PPID int
Executable string
Cmdline string
Environ map[string]string
CgroupPath string
ContainerID string
}
ProcessContext contains detailed information about a running process
func GetProcessContext ¶
func GetProcessContext(pid int) (*ProcessContext, error)
GetProcessContext retrieves detailed information about a process
type ProcessFile ¶
ProcessFile represents a file in /proc/[pid]/
func ReadMapsFile ¶
func ReadMapsFile(pid int) (*ProcessFile, error)
ReadMapsFile reads /proc/[pid]/maps file
Source Files