Skip to content

Commit

Permalink
feat: add version and description to definition
Browse files Browse the repository at this point in the history
  • Loading branch information
@josedonizetti
josedonizetti committed Sep 11, 2023
1 parent 1a47a4e commit 6bb5cb9
Show file tree
Hide file tree
Showing 11 changed files with 733 additions and 44 deletions.
19 changes: 19 additions & 0 deletions pkg/cmd/initialize/sigs.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package initialize

import (
"strconv"

"github.com/aquasecurity/tracee/pkg/events"
"github.com/aquasecurity/tracee/pkg/logger"
"github.com/aquasecurity/tracee/types/detect"
Expand Down Expand Up @@ -35,10 +37,27 @@ func CreateEventsFromSignatures(startId events.ID, sigs []detect.Signature) {
evtDependency = append(evtDependency, eventDefID)
}

version, err := events.NewVersionFromString(m.Version)
// if the version is not valid semver, set it to 1.0.X,
// where X is either 0 or the version number from the signature
if err != nil {
var x uint64

if m.Version != "" {
n, _ := strconv.Atoi(m.Version)
// if there is an error, n is 0, setting the version to 1.0.0
x = uint64(n)
}

version = events.NewVersion(1, 0, x)
}

newEventDef := events.NewDefinition(
newEventDefID, // id,
events.Sys32Undefined, // id32
m.EventName, // eventName
version, // version
m.Description, // description
"", // docPath
false, // internal
false, // syscall
Expand Down
12 changes: 11 additions & 1 deletion pkg/cmd/initialize/sigs_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ func Test_CreateEventsFromSigs(t *testing.T) {
events.ID(6001), // id,
events.Sys32Undefined, // id32
"fake_event_0", // eventName
events.NewVersion(1, 0, 0), // version
"fake_description", // description
"", // docPath
false, // internal
false, // syscall
Expand Down Expand Up @@ -64,6 +66,8 @@ func Test_CreateEventsFromSigs(t *testing.T) {
events.ID(6010), // id,
events.Sys32Undefined, // id32
"fake_event_1", // eventName
events.NewVersion(1, 0, 0), // version
"fake_description", // description
"", // docPath
false, // internal
false, // syscall
Expand All @@ -81,6 +85,8 @@ func Test_CreateEventsFromSigs(t *testing.T) {
events.ID(6011), // id,
events.Sys32Undefined, // id32
"fake_event_2", // eventName
events.NewVersion(1, 0, 0), // version
"fake_description", // description
"", // docPath
false, // internal
false, // syscall
Expand Down Expand Up @@ -115,6 +121,8 @@ func Test_CreateEventsFromSigs(t *testing.T) {
events.ID(6100), // id,
events.Sys32Undefined, // id32
"fake_event_3", // eventName
events.NewVersion(1, 0, 0), // version
"fake_description", // description
"", // docPath
false, // internal
false, // syscall
Expand Down Expand Up @@ -163,7 +171,9 @@ func newFakeSignature(name string, deps []string) detect.Signature {
return &signature.FakeSignature{
FakeGetMetadata: func() (detect.SignatureMetadata, error) {
return detect.SignatureMetadata{
EventName: name,
EventName: name,
Description: "fake_description",
Version: "1.0.0",
}, nil
},
FakeGetSelectedEvents: func() ([]detect.SignatureEventSelector, error) {
Expand Down
16 changes: 9 additions & 7 deletions pkg/ebpf/finding_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,15 @@ func createFakeEventAndFinding() detect.Finding {
eventName := "fake_signature_event"

eventDefinition := events.NewDefinition(
0, // id
events.Sys32Undefined, // id32
eventName, // eventName
"", // docPath
false, // internal
false, // syscall
[]string{"signatures"}, // sets
0, // id
events.Sys32Undefined, // id32
eventName, // eventName
events.NewVersion(1, 0, 0), // Version
"fake_description", // description
"", // docPath
false, // internal
false, // syscall
[]string{"signatures"}, // sets
events.NewDependencies(
[]events.ID{events.Ptrace},
[]events.KSymbol{},
Expand Down
Loading

0 comments on commit 6bb5cb9

Please sign in to comment.