From 766154a299e916367052bc4d8e8f9341fa9f4778 Mon Sep 17 00:00:00 2001
From: Dmitrii Dolgov <9erthalion6@gmail.com>
Date: Mon, 30 Sep 2024 10:56:30 +0200
Subject: [PATCH] Allow to not collect process arguments

---
 collector/lib/CollectorConfig.cpp        |  3 +++
 collector/lib/CollectorConfig.h          |  3 +++
 collector/lib/ProcessSignalFormatter.cpp | 12 +++++++-----
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/collector/lib/CollectorConfig.cpp b/collector/lib/CollectorConfig.cpp
index e033d8aaf5..1ea0d6cfc3 100644
--- a/collector/lib/CollectorConfig.cpp
+++ b/collector/lib/CollectorConfig.cpp
@@ -58,6 +58,8 @@ BoolEnvVar use_podman_ce("ROX_COLLECTOR_CE_USE_PODMAN", false);
 
 BoolEnvVar enable_introspection("ROX_COLLECTOR_INTROSPECTION_ENABLE", false);
 
+BoolEnvVar disable_process_arguments("ROX_COLLECTOR_NO_PROCESS_ARGUMENTS", false);
+
 }  // namespace
 
 constexpr bool CollectorConfig::kTurnOffScrape;
@@ -87,6 +89,7 @@ void CollectorConfig::InitCollectorConfig(CollectorArgs* args) {
   use_docker_ce_ = use_docker_ce.value();
   use_podman_ce_ = use_podman_ce.value();
   enable_introspection_ = enable_introspection.value();
+  disable_process_arguments_ = disable_process_arguments.value();
 
   for (const auto& syscall : kSyscalls) {
     syscalls_.push_back(syscall);
diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h
index 3af15a77b5..841746f847 100644
--- a/collector/lib/CollectorConfig.h
+++ b/collector/lib/CollectorConfig.h
@@ -87,6 +87,7 @@ class CollectorConfig {
   unsigned int GetSinspBufferSize() const;
   unsigned int GetSinspTotalBufferSize() const { return sinsp_total_buffer_size_; }
   unsigned int GetSinspThreadCacheSize() const { return sinsp_thread_cache_size_; }
+  bool DisableProcessArguments() const { return disable_process_arguments_; }
 
   std::shared_ptr<grpc::Channel> grpc_channel;
 
@@ -122,6 +123,8 @@ class CollectorConfig {
   double connection_stats_error_;
   unsigned int connection_stats_window_;
 
+  bool disable_process_arguments_ = false;
+
   // One ring buffer will be initialized for this many CPUs
   unsigned int sinsp_cpu_per_buffer_ = 0;
   // Size of one ring buffer, in bytes.
diff --git a/collector/lib/ProcessSignalFormatter.cpp b/collector/lib/ProcessSignalFormatter.cpp
index 98379dc203..7522ca62f8 100644
--- a/collector/lib/ProcessSignalFormatter.cpp
+++ b/collector/lib/ProcessSignalFormatter.cpp
@@ -135,11 +135,13 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_evt* event) {
     signal->set_exec_file_path(name_sanitized ? *name_sanitized : *name);
   }
 
-  // set process arguments
-  if (const char* args = event_extractor_->get_proc_args(event)) {
-    std::string args_str = args;
-    auto args_sanitized = SanitizedUTF8(args_str);
-    signal->set_args(args_sanitized ? *args_sanitized : args_str);
+  // set process arguments, if not explicitely disabled
+  if (!config_.DisableProcessArguments()) {
+    if (const char* args = event_extractor_->get_proc_args(event)) {
+      std::string args_str = args;
+      auto args_sanitized = SanitizedUTF8(args_str);
+      signal->set_args(args_sanitized ? *args_sanitized : args_str);
+    }
   }
 
   // set pid