chore(cmd): introduce evt program

Initially, the evt program is able to trigger events in the system by the use of the `trigger` command.
aquasecurity · Jan 10, 2025 · 2eed9e2 · 2eed9e2
1 parent 65a40e8
commit 2eed9e2
Show file tree

Hide file tree

Showing 6 changed files with 453 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 .PHONY: all | env
-all: tracee-ebpf tracee-rules signatures tracee
+all: tracee-ebpf tracee-rules signatures tracee evt
 
 #
 # make
@@ -611,6 +611,39 @@ clean-signatures:
 # other commands
 #
 
+# evt
+
+EVT_SRC_DIRS = ./cmd/evt
+EVT_SRC = $(shell find $(EVT_SRC_DIRS) \
+			-type f \
+			-name '*.go' \
+			! -name '*_test.go' \
+			)
+EVT_TRIGGERS_DIR = $(EVT_SRC_DIRS)/cmd/trigger/triggers
+
+.PHONY: evt
+evt: $(OUTPUT_DIR)/evt
+
+$(OUTPUT_DIR)/evt: \
+	$(EVT_SRC) \
+	$(OUTPUT_DIR)/tracee \
+	| .eval_goenv \
+	.checkver_$(CMD_GO) \
+#
+	$(GO_ENV_EBPF) $(CMD_GO) build \
+		-ldflags="$(GO_DEBUG_FLAG) \
+			" \
+		-v -o $@ \
+		./cmd/evt
+	cp -r $(EVT_TRIGGERS_DIR) $(OUTPUT_DIR)/evt-triggers
+
+
+.PHONY: clean-evt
+clean-evt:
+#
+	$(CMD_RM) -rf $(OUTPUT_DIR)/evt
+	$(CMD_RM) -rf $(OUTPUT_DIR)/evt-triggers
+
 # tracee-bench
 
 TRACEE_BENCH_SRC_DIRS = ./cmd/tracee-bench/

diff --git a/cmd/evt/cmd/helpers/helpers.go b/cmd/evt/cmd/helpers/helpers.go
@@ -0,0 +1,31 @@
+package helpers
+
+import (
+	"fmt"
+	"io"
+	"path/filepath"
+)
+
+type PrefixWriter struct {
+	Prefix []byte
+	Writer io.Writer
+}
+
+// Write writes the given bytes with the prefix
+func (pw *PrefixWriter) Write(p []byte) (int, error) {
+	return pw.Writer.Write(append(pw.Prefix, p...))
+}
+
+const (
+	MaxCommLen = 16
+)
+
+func GetFilterOutCommScope(cmd string) string {
+	comm := filepath.Base(cmd)
+	comm = comm[:min(len(comm), MaxCommLen-1)]
+	return fmt.Sprintf("comm!=%s", comm)
+}
+
+func GetFilterInTreeScope(pid string) string {
+	return fmt.Sprintf("tree=%s", pid)
+}
diff --git a/cmd/evt/cmd/root.go b/cmd/evt/cmd/root.go
@@ -0,0 +1,37 @@
+package cmd
+
+import (
+	"context"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/aquasecurity/tracee/cmd/evt/cmd/trigger"
+)
+
+func init() {
+	rootCmd.AddCommand(trigger.Cmd())
+}
+
+var (
+	rootCmd = &cobra.Command{
+		Use:   "evt",
+		Short: "An event testing tool",
+		Long:  "evt is a simple testing tool that generates events to stress the system",
+	}
+)
+
+func initRootCmd() error {
+	rootCmd.SetOutput(os.Stdout)
+	rootCmd.SetErr(os.Stderr)
+
+	return nil
+}
+
+func Execute(ctx context.Context) error {
+	if err := initRootCmd(); err != nil {
+		return err
+	}
+
+	return rootCmd.ExecuteContext(ctx)
+}
diff --git a/cmd/evt/cmd/trigger/cobra.go b/cmd/evt/cmd/trigger/cobra.go
@@ -0,0 +1,128 @@
+package trigger
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	triggerCmd = &cobra.Command{
+		Use:           "trigger",
+		Aliases:       []string{"t"},
+		Short:         "Trigger events to trigger",
+		RunE:          triggerCmdRun,
+		SilenceErrors: true,
+		SilenceUsage:  true,
+	}
+)
+
+const (
+	defaultTriggerOps   = int32(1)
+	defaultTriggerSleep = 10 * time.Nanosecond
+	triggerTimeout      = 30 * time.Minute
+)
+
+func init() {
+	triggerCmd.Flags().StringP(
+		"event",
+		"e",
+		"",
+		"<name>...\t\tSelect event to trigger",
+	)
+	if err := triggerCmd.MarkFlagRequired("event"); err != nil {
+		triggerCmd.PrintErrf("marking required flag: %v\n", err)
+		os.Exit(1)
+	}
+
+	triggerCmd.Flags().Int32P(
+		"ops",
+		"o",
+		defaultTriggerOps,
+		"<number>...\t\tNumber of operations to perform",
+	)
+
+	triggerCmd.Flags().DurationP(
+		"sleep",
+		"s",
+		defaultTriggerSleep,
+		"<duration>...\t\tSleep time between operations",
+	)
+
+	triggerCmd.Flags().BoolP(
+		"bypass-flags",
+		"b",
+		false,
+		"\t\t\tPrint tracee bypass flags",
+	)
+
+	triggerCmd.Flags().BoolP(
+		"wait-signal",
+		"w",
+		false,
+		"\t\t\tWait for start signal (SIGUSR1)",
+	)
+}
+
+func getTrigger(cmd *cobra.Command) (*trigger, error) {
+	event, err := cmd.Flags().GetString("event")
+	if err != nil {
+		return nil, err
+	}
+
+	ops, err := cmd.Flags().GetInt32("ops")
+	if err != nil {
+		return nil, err
+	}
+	if ops <= 0 {
+		return nil, fmt.Errorf("ops must be greater than 0")
+	}
+
+	sleep, err := cmd.Flags().GetDuration("sleep")
+	if err != nil {
+		return nil, err
+	}
+
+	bypassFlags, err := cmd.Flags().GetBool("bypass-flags")
+	if err != nil {
+		return nil, err
+	}
+
+	waitSignal, err := cmd.Flags().GetBool("wait-signal")
+	if err != nil {
+		return nil, err
+	}
+
+	return &trigger{
+		event:            event,
+		ops:              ops,
+		sleep:            sleep,
+		printBypassFlags: bypassFlags,
+		waitSignal:       waitSignal,
+		cmd:              cmd,
+	}, nil
+}
+
+func triggerCmdRun(cmd *cobra.Command, args []string) error {
+	t, err := getTrigger(cmd)
+	if err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithTimeoutCause(
+		t.cmd.Context(),
+		triggerTimeout,
+		fmt.Errorf("timeout after %v", triggerTimeout),
+	)
+	defer cancel()
+	t.ctx = ctx
+
+	return t.run()
+}
+
+func Cmd() *cobra.Command {
+	return triggerCmd
+}