Skip to content

Commit

Permalink
Allow to not collect process arguments
Browse files Browse the repository at this point in the history
  • Loading branch information
@erthalion
erthalion committed Oct 18, 2024
1 parent 256df25 commit 330b1d4
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 6 deletions.
2 changes: 2 additions & 0 deletions collector/lib/CollectorConfig.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ PathEnvVar tls_client_key_path("ROX_COLLECTOR_TLS_CLIENT_KEY");

PathEnvVar config_file("ROX_COLLECTOR_CONFIG_PATH", "/etc/stackrox/runtime_config.yaml");

BoolEnvVar disable_process_arguments("ROX_COLLECTOR_NO_PROCESS_ARGUMENTS", false);
} // namespace

constexpr bool CollectorConfig::kTurnOffScrape;
Expand Down Expand Up @@ -113,6 +114,7 @@ void CollectorConfig::InitCollectorConfig(CollectorArgs* args) {
use_podman_ce_ = use_podman_ce.value();
enable_introspection_ = enable_introspection.value();
track_send_recv_ = track_send_recv.value();
disable_process_arguments_ = disable_process_arguments.value();

for (const auto& syscall : kSyscalls) {
syscalls_.emplace_back(syscall);
Expand Down
3 changes: 3 additions & 0 deletions collector/lib/CollectorConfig.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ class CollectorConfig {
unsigned int GetSinspThreadCacheSize() const { return sinsp_thread_cache_size_; }
void Start();
void Stop();
bool DisableProcessArguments() const { return disable_process_arguments_; }

static std::pair<option::ArgStatus, std::string> CheckConfiguration(const char* config, Json::Value* root);

Expand Down Expand Up @@ -184,6 +185,8 @@ class CollectorConfig {
// URL to the GRPC server
std::optional<std::string> grpc_server_;

bool disable_process_arguments_ = false;

// One ring buffer will be initialized for this many CPUs
unsigned int sinsp_cpu_per_buffer_ = 0;
// Size of one ring buffer, in bytes.
Expand Down
12 changes: 7 additions & 5 deletions collector/lib/ProcessSignalFormatter.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,13 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_evt* event) {
signal->set_exec_file_path(name_sanitized ? *name_sanitized : *name);
}

// set process arguments
if (const char* args = event_extractor_->get_proc_args(event)) {
std::string args_str = args;
auto args_sanitized = SanitizedUTF8(args_str);
signal->set_args(args_sanitized ? *args_sanitized : args_str);
// set process arguments, if not explicitely disabled
if (!config_->DisableProcessArguments()) {
if (const char* args = event_extractor_->get_proc_args(event)) {
std::string args_str = args;
auto args_sanitized = SanitizedUTF8(args_str);
signal->set_args(args_sanitized ? *args_sanitized : args_str);
}
}

// set pid
Expand Down
5 changes: 4 additions & 1 deletion collector/lib/ProcessSignalFormatter.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,12 @@ class ProcessSignalFormatter : public ProtoSignalFormatter<sensor::SignalStreamM

void GetProcessLineage(sinsp_threadinfo* tinfo, std::vector<LineageInfo>& lineage);

protected:
// Only protected, for testing purposes
ProcessSignal* CreateProcessSignal(sinsp_evt* event);

private:
Signal* CreateSignal(sinsp_evt* event);
ProcessSignal* CreateProcessSignal(sinsp_evt* event);
bool ValidateProcessDetails(const sinsp_threadinfo* tinfo);
bool ValidateProcessDetails(sinsp_evt* event);
std::string ProcessDetails(sinsp_evt* event);
Expand Down
48 changes: 48 additions & 0 deletions collector/test/ProcessSignalFormatterTest.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,25 @@ namespace collector {

using ProcessSignal = ProcessSignalFormatter::ProcessSignal;
using LineageInfo = ProcessSignalFormatter::LineageInfo;
using namespace testing;

class MockCollectorConfig : public CollectorConfig {
public:
MockCollectorConfig() = default;

void SetDisableProcessArguments(bool value) {
disable_process_arguments_ = value;
}
};

class MockProcessSignalFormatter : public ProcessSignalFormatter {
public:
MockProcessSignalFormatter(sinsp* inspector, const CollectorConfig& config) : ProcessSignalFormatter(inspector, config) {};

ProcessSignal* MockCreateProcessSignal(sinsp_evt* event) {
return CreateProcessSignal(event);
}
};

namespace {

Expand Down Expand Up @@ -628,6 +647,35 @@ TEST(ProcessSignalFormatterTest, Rox3377ProcessLineageWithNoVPidTest) {
CollectorStats::Reset();
}

TEST(ProcessSignalFormatterTest, NoProcessArguments) {
std::unique_ptr<sinsp> inspector(new sinsp());
MockCollectorConfig config;

config.SetDisableProcessArguments(true);
MockProcessSignalFormatter processSignalFormatter(inspector.get(), config);

auto tinfo = inspector->build_threadinfo();
tinfo->m_pid = 3;
tinfo->m_tid = 3;
tinfo->m_ptid = -1;
tinfo->m_vpid = 0;
tinfo->m_user.set_uid(42);
tinfo->m_container_id = "";
tinfo->m_exepath = "qwerty";

std::vector<std::string> args = {std::string("args")};
tinfo->set_args(args);

std::unique_ptr<sinsp_evt> evt(new sinsp_evt());
std::unique_ptr<scap_evt> s_evt(new scap_evt());

s_evt->type = PPME_SYSCALL_EXECVE_19_X;
evt.get()->set_tinfo(tinfo.get());
evt.get()->set_scap_evt(s_evt.get());

auto signal = processSignalFormatter.MockCreateProcessSignal(evt.get());
EXPECT_TRUE(signal->args().empty());
}
} // namespace

} // namespace collector

0 comments on commit 330b1d4

Please sign in to comment.