From b4748230f68de01000aff1525e2e56a2c073fb9a Mon Sep 17 00:00:00 2001 From: Dmitrii Dolgov <9erthalion6@gmail.com> Date: Fri, 18 Oct 2024 17:13:03 +0200 Subject: [PATCH] Allow to not collect process arguments --- collector/lib/CollectorConfig.cpp | 2 + collector/lib/CollectorConfig.h | 3 ++ collector/lib/ProcessSignalFormatter.cpp | 12 +++-- collector/lib/ProcessSignalFormatter.h | 5 +- collector/test/ProcessSignalFormatterTest.cpp | 48 +++++++++++++++++++ 5 files changed, 64 insertions(+), 6 deletions(-) diff --git a/collector/lib/CollectorConfig.cpp b/collector/lib/CollectorConfig.cpp index 5ab45006ef..926fc9b3d6 100644 --- a/collector/lib/CollectorConfig.cpp +++ b/collector/lib/CollectorConfig.cpp @@ -83,6 +83,7 @@ PathEnvVar tls_client_key_path("ROX_COLLECTOR_TLS_CLIENT_KEY"); PathEnvVar config_file("ROX_COLLECTOR_CONFIG_PATH", "/etc/stackrox/runtime_config.yaml"); +BoolEnvVar disable_process_arguments("ROX_COLLECTOR_NO_PROCESS_ARGUMENTS", false); } // namespace constexpr bool CollectorConfig::kTurnOffScrape; @@ -113,6 +114,7 @@ void CollectorConfig::InitCollectorConfig(CollectorArgs* args) { use_podman_ce_ = use_podman_ce.value(); enable_introspection_ = enable_introspection.value(); track_send_recv_ = track_send_recv.value(); + disable_process_arguments_ = disable_process_arguments.value(); for (const auto& syscall : kSyscalls) { syscalls_.emplace_back(syscall); diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h index 191bae946d..23fa5ced25 100644 --- a/collector/lib/CollectorConfig.h +++ b/collector/lib/CollectorConfig.h @@ -132,6 +132,7 @@ class CollectorConfig { unsigned int GetSinspThreadCacheSize() const { return sinsp_thread_cache_size_; } void Start(); void Stop(); + bool DisableProcessArguments() const { return disable_process_arguments_; } static std::pair CheckConfiguration(const char* config, Json::Value* root); @@ -184,6 +185,8 @@ class CollectorConfig { // URL to the GRPC server std::optional grpc_server_; + bool disable_process_arguments_ = false; + // One ring buffer will be initialized for this many CPUs unsigned int sinsp_cpu_per_buffer_ = 0; // Size of one ring buffer, in bytes. diff --git a/collector/lib/ProcessSignalFormatter.cpp b/collector/lib/ProcessSignalFormatter.cpp index eaf8fd3985..3cc0b293b5 100644 --- a/collector/lib/ProcessSignalFormatter.cpp +++ b/collector/lib/ProcessSignalFormatter.cpp @@ -148,11 +148,13 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_evt* event) { signal->set_exec_file_path(name_sanitized ? *name_sanitized : *name); } - // set process arguments - if (const char* args = event_extractor_->get_proc_args(event)) { - std::string args_str = args; - auto args_sanitized = SanitizedUTF8(args_str); - signal->set_args(args_sanitized ? *args_sanitized : args_str); + // set process arguments, if not explicitely disabled + if (!config_->DisableProcessArguments()) { + if (const char* args = event_extractor_->get_proc_args(event)) { + std::string args_str = args; + auto args_sanitized = SanitizedUTF8(args_str); + signal->set_args(args_sanitized ? *args_sanitized : args_str); + } } // set pid diff --git a/collector/lib/ProcessSignalFormatter.h b/collector/lib/ProcessSignalFormatter.h index bf923370a5..ce01997085 100644 --- a/collector/lib/ProcessSignalFormatter.h +++ b/collector/lib/ProcessSignalFormatter.h @@ -38,9 +38,12 @@ class ProcessSignalFormatter : public ProtoSignalFormatter& lineage); + protected: + // Only protected, for testing purposes + ProcessSignal* CreateProcessSignal(sinsp_evt* event); + private: Signal* CreateSignal(sinsp_evt* event); - ProcessSignal* CreateProcessSignal(sinsp_evt* event); bool ValidateProcessDetails(const sinsp_threadinfo* tinfo); bool ValidateProcessDetails(sinsp_evt* event); std::string ProcessDetails(sinsp_evt* event); diff --git a/collector/test/ProcessSignalFormatterTest.cpp b/collector/test/ProcessSignalFormatterTest.cpp index 6038753028..d14db3d6e4 100644 --- a/collector/test/ProcessSignalFormatterTest.cpp +++ b/collector/test/ProcessSignalFormatterTest.cpp @@ -12,6 +12,25 @@ namespace collector { using ProcessSignal = ProcessSignalFormatter::ProcessSignal; using LineageInfo = ProcessSignalFormatter::LineageInfo; +using namespace testing; + +class MockCollectorConfig : public CollectorConfig { + public: + MockCollectorConfig() = default; + + void SetDisableProcessArguments(bool value) { + disable_process_arguments_ = value; + } +}; + +class MockProcessSignalFormatter : public ProcessSignalFormatter { + public: + MockProcessSignalFormatter(sinsp* inspector, const CollectorConfig& config) : ProcessSignalFormatter(inspector, config) {}; + + ProcessSignal* MockCreateProcessSignal(sinsp_evt* event) { + return CreateProcessSignal(event); + } +}; namespace { @@ -628,6 +647,35 @@ TEST(ProcessSignalFormatterTest, Rox3377ProcessLineageWithNoVPidTest) { CollectorStats::Reset(); } +TEST(ProcessSignalFormatterTest, NoProcessArguments) { + std::unique_ptr inspector(new sinsp()); + MockCollectorConfig config; + + config.SetDisableProcessArguments(true); + MockProcessSignalFormatter processSignalFormatter(inspector.get(), config); + + auto tinfo = inspector->build_threadinfo(); + tinfo->m_pid = 3; + tinfo->m_tid = 3; + tinfo->m_ptid = -1; + tinfo->m_vpid = 0; + tinfo->m_user.set_uid(42); + tinfo->m_container_id = ""; + tinfo->m_exepath = "qwerty"; + + std::vector args = {std::string("args")}; + tinfo->set_args(args); + + sinsp_evt* evt = new sinsp_evt(); + scap_evt* s_evt = new scap_evt(); + + s_evt->type = PPME_SYSCALL_EXECVE_19_X; + evt->set_tinfo(tinfo.get()); + evt->set_scap_evt(s_evt); + + auto signal = processSignalFormatter.MockCreateProcessSignal(evt); + EXPECT_TRUE(signal->args().empty()); +} } // namespace } // namespace collector