utils

package
v0.2.390 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2025 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ErrKernelVersion = "incompatible kernel version"
	ErrMacOS         = "no vdso address found in auxv"
)
View Source 
const (
	// standard exit codes
	ExitCodeSuccess = iota
	ExitCodeError   = 1

	// custom exit codes
	ExitCodeRuncNotFound       = 100
	ExitCodeIncompatibleKernel = 101
	ExitCodeMacOS              = 102
)

Variables

This section is empty.

Functions

func AddJitter added in v0.2.134 

func AddJitter(duration time.Duration, maxJitterPercentage int) time.Duration

AddJitter adds jitter percent to the duration

func CalculateFileHashes added in v0.2.122 

func CalculateFileHashes(path string) (sha1Hash string, md5Hash string, err error)

CalculateFileHashes calculates both SHA1 and MD5 hashes of the given file.

func CalculateProcessTreeDepth added in v0.2.354 

func CalculateProcessTreeDepth(process *apitypes.Process) int

CalculateProcessTreeDepth calculates the maximum depth of a process tree. The depth is the maximum number of levels from the root process to any leaf process. A single process (no children) has a depth of 1.

func CalculateSHA256FileExecHash 

func CalculateSHA256FileExecHash(path string, args []string) string

func CalculateSHA256FileOpenHash added in v0.2.246 

func CalculateSHA256FileOpenHash(path string) string

func CreateK8sContainerID 

func CreateK8sContainerID(namespaceName string, podName string, containerId string) string

func CreateK8sPodID 

func CreateK8sPodID(namespaceName string, podName string) string

func CreateProcessTree 

func CreateProcessTree(process *apitypes.Process, shimPid uint32) (apitypes.Process, error)

Creates a process tree from a process. The process tree will be built from scanning the /proc filesystem.

func CurrentDir 

func CurrentDir() string

func EscapeJSONPointerElement 

func EscapeJSONPointerElement(s string) string

EscapeJSONPointerElement escapes a JSON pointer element See https://www.rfc-editor.org/rfc/rfc6901#section-3

func FuncName added in v0.2.325 

func FuncName(i interface{}) string

func GetCmdlineByPid 

func GetCmdlineByPid(pid int) (*string, error)

func GetCommFromPid 

func GetCommFromPid(pid uint32) (string, error)

func GetContainerStatuses 

func GetContainerStatuses(podStatus v1.PodStatus) []v1.ContainerStatus

func GetExecArgsFromEvent 

func GetExecArgsFromEvent(event *tracerexectype.Event) []string

Get exec args from the given event.

func GetExecPathFromEvent 

func GetExecPathFromEvent(event *tracerexectype.Event) string

Get the path of the executable from the given event.

func GetFileSize 

func GetFileSize(path string) (int64, error)

Get the size of the given file.

func GetHostFilePathFromEvent 

func GetHostFilePathFromEvent(event K8sEvent, containerPid uint32) (string, error)

Get the path of the file on the node.

func GetPathFromPid 

func GetPathFromPid(pid uint32) (string, error)

func GetProcessEnv 

func GetProcessEnv(pid int) (map[string]string, error)

func GetProcessFromProcessTree 

func GetProcessFromProcessTree(process *apitypes.Process, pid uint32) *apitypes.Process

func GetProcessStat 

func GetProcessStat(pid int) (*procfs.ProcStat, error)

func IsSensitivePath added in v0.2.246 

func IsSensitivePath(fullPath string, paths []string) bool

func Jitter added in v0.2.332 

func Jitter(duration *time.Duration, maxJitterPercentage float64)

Jitter returns a random duration

func MapContainerStatuses added in v0.2.263 

func MapContainerStatuses(statuses []v1.ContainerStatus) map[string]v1.ContainerStatus

func MergePolicies added in v0.2.178 

func MergePolicies(primary, secondary v1beta1.RulePolicy) v1beta1.RulePolicy

func RandomDuration added in v0.2.141 

func RandomDuration(max int, duration time.Duration) time.Duration

RandomDuration returns a duration between 1/2 max and max

func TrimRuntimePrefix 

func TrimRuntimePrefix(id string) string

TrimRuntimePrefix removes the runtime prefix from a container ID.

Types

type EnrichEvent added in v0.2.197 

type EnrichEvent interface {
	GetBaseEvent() *types.Event
	GetPID() uint64
	SetExtra(extra interface{})
	GetExtra() interface{}
	GetPod() string
	GetNamespace() string
	GetTimestamp() types.Time
}

type EventType 

type EventType string
const (
	ExecveEventType       EventType = "exec"
	OpenEventType         EventType = "open"
	CapabilitiesEventType EventType = "capabilities"
	DnsEventType          EventType = "dns"
	NetworkEventType      EventType = "network"
	SyscallEventType      EventType = "syscall"
	RandomXEventType      EventType = "randomx"
	SymlinkEventType      EventType = "symlink"
	HardlinkEventType     EventType = "hardlink"
	SSHEventType          EventType = "ssh"
	HTTPEventType         EventType = "http"
	PtraceEventType       EventType = "ptrace"
	IoUringEventType      EventType = "iouring"
	ForkEventType         EventType = "fork"
	ExitEventType         EventType = "exit"
	ProcfsEventType       EventType = "procfs"
	AllEventType          EventType = "all"
)

type K8sEvent added in v0.2.145 

type K8sEvent interface {
	GetPod() string
	GetNamespace() string
	GetTimestamp() types.Time
}

type PatchOperation 

type PatchOperation struct {
	Op    string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.