diff --git a/rasp/librasp/src/golang.rs b/rasp/librasp/src/golang.rs index f7e17350e..5642e0687 100644 --- a/rasp/librasp/src/golang.rs +++ b/rasp/librasp/src/golang.rs @@ -123,7 +123,7 @@ pub fn golang_attach(pid: i32) -> Result { }; } -pub fn golang_bin_inspect(bin_file: PathBuf) -> Result { +pub fn golang_bin_inspect(bin_file: PathBuf) -> Result { let metadata = match fs::metadata(bin_file.clone()) { Ok(md) => md, Err(e) => { @@ -131,9 +131,10 @@ pub fn golang_bin_inspect(bin_file: PathBuf) -> Result { } }; let size = metadata.len(); - if size >= (500 * 1024 * 1024) { - return Err(anyhow!("bin file oversize")); - } + // if size >= (500 * 1024 * 1024) { + // return Err(anyhow!("bin file oversize")); + // } + let file = File::open(bin_file)?; let bin = unsafe { MmapOptions::new().map(&file)? }; let elf = Elf::parse(&bin)?; @@ -142,9 +143,9 @@ pub fn golang_bin_inspect(bin_file: PathBuf) -> Result { let offset = section.sh_name; if let Some(name) = shstrtab.get(offset) { if name.unwrap() == ".gopclntab" { - return Ok(true); + return Ok(size); } } } - return Ok(false); + return Ok(0); } diff --git a/rasp/librasp/src/runtime.rs b/rasp/librasp/src/runtime.rs index afa16bda2..c189854c0 100644 --- a/rasp/librasp/src/runtime.rs +++ b/rasp/librasp/src/runtime.rs @@ -25,11 +25,12 @@ impl RuntimeInspect for ProcessInfo {} pub struct Runtime { pub name: &'static str, pub version: String, + pub size: u64, } impl Display for Runtime { fn fmt(&self, f: &mut Formatter) -> fmt::Result { - write!(f, "{} {}", self.name, self.version) + write!(f, "{} {} {}", self.name, self.version, self.size) } } @@ -87,6 +88,7 @@ pub trait RuntimeInspect { return Ok(Some(Runtime { name: "JVM", version: version, + size: 0, })); } let cpython_process_filter: RuntimeFilter = @@ -106,6 +108,7 @@ pub trait RuntimeInspect { return Ok(Some(Runtime { name: "CPython", version: String::new(), + size: 0, })); } let nodejs_process_filter: RuntimeFilter = @@ -144,6 +147,7 @@ pub trait RuntimeInspect { return Ok(Some(Runtime { name: "NodeJS", version, + size: 0, })); } let pid = process_info.pid.clone(); @@ -163,10 +167,11 @@ pub trait RuntimeInspect { } match golang_bin_inspect(path) { Ok(res) => { - if res { + if res > 0 { return Ok(Some(Runtime { name: "Golang", version: String::new(), + size: res, })); } } @@ -183,11 +188,13 @@ pub trait RuntimeInspect { return Ok(Some(Runtime { name: "PHP", version: format!("{}.zts", version), + size: 0, })); } else { return Ok(Some(Runtime { name: "PHP", version: version, + size: 0, })); } } @@ -206,6 +213,7 @@ pub trait RuntimeInspect { return Ok(Some(Runtime { name: "CPython", version, + size: 0, })) } None => {} diff --git a/rasp/plugin/src/report.rs b/rasp/plugin/src/report.rs index a5bc803af..a7bf46160 100644 --- a/rasp/plugin/src/report.rs +++ b/rasp/plugin/src/report.rs @@ -52,6 +52,13 @@ pub fn make_report( None => String::new(), } ); + report.insert( + "runtime_size", + match &process.runtime { + Some(rt) => rt.size.to_string(), + None => String::new(), + } + ); report.insert( "attach_start_time", process diff --git a/rasp/plugin/src/utils.rs b/rasp/plugin/src/utils.rs index f63d8f94f..21b37e037 100644 --- a/rasp/plugin/src/utils.rs +++ b/rasp/plugin/src/utils.rs @@ -33,10 +33,12 @@ pub fn generate_heartbeat(watched_process: &ProcessInfo) -> HashMap<&'static str let runtime = watched_process.runtime.clone().unwrap_or(Runtime { name: "unknown", version: "unknown".to_string(), + size: 0, }); message.insert("runtime", runtime.name.to_string()); message.insert("runtime_version", runtime.version); + message.insert("runtime_size", runtime.size.to_string()); message.insert("attach_start_time", watched_process.attach_start_time.clone().unwrap_or("".to_string())); message.insert("attach_end_time", watched_process.attach_end_time.clone().unwrap_or("".to_string())); message.insert("failed_time", watched_process.failed_time.clone().unwrap_or("".to_string()));