Skip to content

Commit

Permalink
fix #17 : data model harmonization
Browse files Browse the repository at this point in the history 
Signed-off-by: qjerome <[email protected]>
  • Loading branch information
@qjerome
qjerome committed Jan 22, 2024
1 parent 5558037 commit 83a9dfb
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 25 deletions.
28 changes: 14 additions & 14 deletions kunai/src/bin/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,7 @@ impl EventProcessor {
event: &bpf_events::CloneEvent,
) -> UserEvent<CloneData> {
let data = CloneData {
exe: event.data.executable.to_path_buf(),
exe: event.data.executable.to_path_buf().into(),
command_line: event.data.argv.to_command_line(),
flags: event.data.flags,
};
Expand All @@ -436,7 +436,7 @@ impl EventProcessor {
.to_string();

let data = PrctlData {
exe,
exe: exe.into(),
command_line,
option,
arg2: event.data.arg2,
Expand Down Expand Up @@ -465,7 +465,7 @@ impl EventProcessor {

let data = kunai::events::MmapExecData {
command_line: self.get_command_line(ck),
exe: exe,
exe: exe.into(),
mapped: mmapped_hashes,
};

Expand Down Expand Up @@ -503,7 +503,7 @@ impl EventProcessor {
for r in responses {
let mut data = DnsQueryData::new().with_responses(r.answers);
data.command_line = command_line.clone();
data.exe = exe.clone();
data.exe = exe.clone().into();
data.query = r.question.clone();
data.proto = proto.clone().into();
data.dns_server = NetworkInfo {
Expand Down Expand Up @@ -534,7 +534,7 @@ impl EventProcessor {

let data = RWData {
command_line,
exe,
exe: exe.into(),
path: event.data.path.to_path_buf(),
};

Expand All @@ -551,7 +551,7 @@ impl EventProcessor {

let data = UnlinkData {
command_line,
exe,
exe: exe.into(),
path: event.data.path.into(),
success: event.data.success,
};
Expand All @@ -569,7 +569,7 @@ impl EventProcessor {

let data = MountData {
command_line,
exe,
exe: exe.into(),
dev_name: event.data.dev_name.into(),
path: event.data.path.into(),
ty: event.data.ty.into(),
Expand All @@ -589,7 +589,7 @@ impl EventProcessor {

let mut data = BpfProgLoadData {
command_line,
exe,
exe: exe.into(),
id: event.data.id,
prog_type: BpfProgTypeInfo {
id: event.data.prog_type,
Expand Down Expand Up @@ -631,7 +631,7 @@ impl EventProcessor {

let data = BpfSocketFilterData {
command_line,
exe,
exe: exe.into(),
socket: SocketInfo {
domain: event.data.socket_info.domain_to_string(),
ty: event.data.socket_info.type_to_string().into(),
Expand Down Expand Up @@ -661,7 +661,7 @@ impl EventProcessor {

let data = MprotectData {
command_line: cmd_line,
exe: exe,
exe: exe.into(),
addr: event.data.start,
prot: event.data.prot,
};
Expand All @@ -680,7 +680,7 @@ impl EventProcessor {

let data = ConnectData {
command_line,
exe,
exe: exe.into(),
dst: NetworkInfo {
hostname: Some(self.get_resolved(dst_ip, &info).into()),
ip: dst_ip,
Expand All @@ -704,7 +704,7 @@ impl EventProcessor {
let dst_ip: IpAddr = event.data.ip_port.into();

let data = SendDataData {
exe,
exe: exe.into(),
command_line,
dst: NetworkInfo {
hostname: Some(self.get_resolved(dst_ip, &info).into()),
Expand Down Expand Up @@ -751,7 +751,7 @@ impl EventProcessor {

let data = FileRenameData {
command_line,
exe,
exe: exe.into(),
old: event.data.old_name.into(),
new: event.data.new_name.into(),
};
Expand All @@ -769,7 +769,7 @@ impl EventProcessor {

let data = ExitData {
command_line,
exe,
exe: exe.into(),
error_code: event.data.error_code,
};

Expand Down
33 changes: 22 additions & 11 deletions kunai/src/events.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,17 @@ use crate::{
info::{ContainerInfo, StdEventInfo},
};

#[derive(Debug, Default, Serialize, Deserialize, FieldGetter)]
pub struct File {
pub file: PathBuf,
}

impl From<PathBuf> for File {
fn from(value: PathBuf) -> Self {
Self { file: value }
}
}

#[derive(FieldGetter, Serialize, Deserialize)]
pub struct ContainerSection {
pub name: String,
Expand Down Expand Up @@ -202,7 +213,7 @@ macro_rules! impl_std_iocs {
($ty:ty) => {
impl IocGetter for $ty {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![self.exe.to_string_lossy()]
vec![self.exe.file.to_string_lossy()]
}
}
};
Expand Down Expand Up @@ -338,7 +349,7 @@ macro_rules! def_user_data {
#[derive(Debug, Serialize, Deserialize, FieldGetter)]
$struct_vis struct $struct_name {
pub command_line: String,
pub exe: PathBuf,
pub exe: File,
$(
$(#[$struct_meta])*
$vis $field_name: $field_type
Expand Down Expand Up @@ -408,7 +419,7 @@ def_user_data!(

impl IocGetter for MmapExecData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
let mut v = vec![self.exe.to_string_lossy()];
let mut v = vec![self.exe.file.to_string_lossy()];
v.extend(self.mapped.iocs());
v
}
Expand Down Expand Up @@ -517,7 +528,7 @@ impl IocGetter for DnsQueryData {
self.cache_responses();

// set executable
let mut v = vec![self.exe.to_string_lossy()];
let mut v = vec![self.exe.file.to_string_lossy()];
// the ip addresses in the response
v.extend(
self.responses
Expand All @@ -543,7 +554,7 @@ def_user_data!(

impl IocGetter for SendDataData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
let mut v = vec![self.exe.to_string_lossy()];
let mut v = vec![self.exe.file.to_string_lossy()];
v.extend(self.dst.iocs());
v
}
Expand Down Expand Up @@ -575,7 +586,7 @@ def_user_data!(

impl IocGetter for RWData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![self.exe.to_string_lossy(), self.path.to_string_lossy()]
vec![self.exe.file.to_string_lossy(), self.path.to_string_lossy()]
}
}

Expand All @@ -588,7 +599,7 @@ def_user_data!(

impl IocGetter for UnlinkData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![self.exe.to_string_lossy(), self.path.to_string_lossy()]
vec![self.exe.file.to_string_lossy(), self.path.to_string_lossy()]
}
}

Expand All @@ -604,7 +615,7 @@ def_user_data!(

impl IocGetter for MountData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![self.exe.to_string_lossy(), self.path.to_string_lossy()]
vec![self.exe.file.to_string_lossy(), self.path.to_string_lossy()]
}
}

Expand All @@ -618,7 +629,7 @@ def_user_data!(
impl IocGetter for FileRenameData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![
self.exe.to_string_lossy(),
self.exe.file.to_string_lossy(),
self.old.to_string_lossy(),
self.new.to_string_lossy(),
]
Expand Down Expand Up @@ -657,7 +668,7 @@ def_user_data!(
impl IocGetter for BpfProgLoadData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![
self.exe.to_string_lossy(),
self.exe.file.to_string_lossy(),
self.bpf_prog.md5.as_str().into(),
self.bpf_prog.sha1.as_str().into(),
self.bpf_prog.sha256.as_str().into(),
Expand Down Expand Up @@ -694,7 +705,7 @@ def_user_data!(
impl IocGetter for BpfSocketFilterData {
fn iocs(&mut self) -> Vec<Cow<'_, str>> {
vec![
self.exe.to_string_lossy(),
self.exe.file.to_string_lossy(),
self.filter.md5.as_str().into(),
self.filter.sha1.as_str().into(),
self.filter.sha256.as_str().into(),
Expand Down

0 comments on commit 83a9dfb

Please sign in to comment.