Merge pull request #470 from kubescape/feature/callstack-support

Feature/callstack support
kubescape · Feb 9, 2025 · e03574f · e03574f
2 parents 3c6256e + e6aa81b
commit e03574f
Show file tree

Hide file tree

Showing 20 changed files with 1,696 additions and 124 deletions.
diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml
@@ -53,6 +53,7 @@ jobs:
           Test_12_MergingProfilesTest,
           Test_13_MergingNetworkNeighborhoodTest,
           Test_14_RulePoliciesTest,
+          Test_15_CompletedApCannotBecomeReadyAgain
         ]
     steps:
       - name: Checkout code

diff --git a/go.mod b/go.mod
@@ -14,6 +14,7 @@ require (
 	github.com/crewjam/rfc5424 v0.1.0
 	github.com/cyphar/filepath-securejoin v0.4.1
 	github.com/deckarep/golang-set/v2 v2.7.0
+	github.com/dghubble/trie v0.1.0
 	github.com/distribution/distribution v2.8.2+incompatible
 	github.com/dustin/go-humanize v1.0.1
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
@@ -30,7 +31,7 @@ require (
 	github.com/kubescape/backend v0.0.25
 	github.com/kubescape/go-logger v0.0.23
 	github.com/kubescape/k8s-interface v0.0.183
-	github.com/kubescape/storage v0.0.156
+	github.com/kubescape/storage v0.0.158
 	github.com/moby/sys/mountinfo v0.7.2
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0

diff --git a/go.sum b/go.sum
@@ -289,6 +289,8 @@ github.com/deckarep/golang-set/v2 v2.7.0 h1:gIloKvD7yH2oip4VLhsv3JyLLFnC0Y2mlusg
 github.com/deckarep/golang-set/v2 v2.7.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da h1:ZOjWpVsFZ06eIhnh4mkaceTiVoktdU67+M7KDHJ268M=
 github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da/go.mod h1:B3tI9iGHi4imdLi4Asdha1Sc6feLMTfPLXh9IUYmysk=
+github.com/dghubble/trie v0.1.0 h1:kJnjBLFFElBwS60N4tkPvnLhnpcDxbBjIulgI8CpNGM=
+github.com/dghubble/trie v0.1.0/go.mod h1:sOmnzfBNH7H92ow2292dDFWNsVQuh/izuD7otCYb1ak=
 github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1/go.mod h1:+hnT3ywWDTAFrW5aE+u2Sa/wT555ZqwoCS+pk3p6ry4=
 github.com/distribution/distribution v2.8.2+incompatible h1:k9+4DKdOG+quPFZXT/mUsiQrGu9vYCp+dXpuPkuqhk8=
 github.com/distribution/distribution v2.8.2+incompatible/go.mod h1:EgLm2NgWtdKgzF9NpMzUKgzmR7AMmb0VQi2B+ZzDRjc=
@@ -692,8 +694,8 @@ github.com/kubescape/go-logger v0.0.23 h1:5xh+Nm8eGImhFbtippRKLaFgsvlKE1ufvQhNM2
 github.com/kubescape/go-logger v0.0.23/go.mod h1:Ayg7g769c7sXVB+P3fkJmbsJpoEmMmaUf9jeo+XuC3U=
 github.com/kubescape/k8s-interface v0.0.183 h1:eTuHlKJkBYYA03AR/YGr4KUC+xnbV6SG0/8+yrt9Yrs=
 github.com/kubescape/k8s-interface v0.0.183/go.mod h1:YjIAQtrK4nCy+XQ/6jwo+BqlLyJk7DN2Mx4pUcbzq10=
-github.com/kubescape/storage v0.0.156 h1:5ioAOufZuSev6s6yLbFoyJjVrOIV6ckYHM15lLyba+E=
-github.com/kubescape/storage v0.0.156/go.mod h1:7ai5ePqTXdSTCGjpEHVFXKggrbey/guM5e13w7Y3yMw=
+github.com/kubescape/storage v0.0.158 h1:TbI1/rrRq+0gNbbPl8Z1weik0ShTWPJfy8lXjnzaDjw=
+github.com/kubescape/storage v0.0.158/go.mod h1:K3QWf+zcXmXxfeQ2HD0dd0bF4FJ5gbxLTRZ7nx4dHXw=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=

diff --git a/main.go b/main.go
@@ -176,7 +176,7 @@ func main() {
 	// Create the application profile manager
 	var applicationProfileManager applicationprofilemanager.ApplicationProfileManagerClient
 	if cfg.EnableApplicationProfile {
-		applicationProfileManager, err = applicationprofilemanagerv1.CreateApplicationProfileManager(ctx, cfg, clusterData.ClusterName, k8sClient, storageClient, k8sObjectCache, seccompManager)
+		applicationProfileManager, err = applicationprofilemanagerv1.CreateApplicationProfileManager(ctx, cfg, clusterData.ClusterName, k8sClient, storageClient, k8sObjectCache, seccompManager, nil)
 		if err != nil {
 			logger.L().Ctx(ctx).Fatal("error creating the application profile manager", helpers.Error(err))
 		}

diff --git a/pkg/applicationprofilemanager/applicationprofile_manager_interface.go b/pkg/applicationprofilemanager/applicationprofile_manager_interface.go
@@ -2,17 +2,29 @@ package applicationprofilemanager
 
 import (
 	containercollection "github.com/inspektor-gadget/inspektor-gadget/pkg/container-collection"
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
+	tracerhardlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/hardlink/types"
 	tracerhttptype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/http/types"
+	tracersymlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/symlink/types"
+	"github.com/kubescape/node-agent/pkg/utils"
+	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 )
 
 type ApplicationProfileManagerClient interface {
 	ContainerCallback(notif containercollection.PubSubEvent)
 	RegisterPeekFunc(peek func(mntns uint64) ([]string, error))
 	ReportCapability(k8sContainerID, capability string)
-	ReportFileExec(k8sContainerID, path string, args []string)
-	ReportFileOpen(k8sContainerID, path string, flags []string)
+	ReportFileExec(k8sContainerID string, event events.ExecEvent)
+	ReportFileOpen(k8sContainerID string, event events.OpenEvent)
 	ReportHTTPEvent(k8sContainerID string, event *tracerhttptype.Event)
 	ReportRulePolicy(k8sContainerID, ruleId, allowedProcess string, allowedContainer bool)
+	ReportIdentifiedCallStack(k8sContainerID string, callStack *v1beta1.IdentifiedCallStack)
+	ReportSymlinkEvent(k8sContainerID string, event *tracersymlinktype.Event)
+	ReportHardlinkEvent(k8sContainerID string, event *tracerhardlinktype.Event)
 	ReportDroppedEvent(k8sContainerID string)
 	ContainerReachedMaxTime(containerID string)
 }
+
+type Enricher interface {
+	EnrichEvent(k8sContainerID string, event utils.EnrichEvent, callID string)
+}
diff --git a/pkg/applicationprofilemanager/applicationprofile_manager_mock.go b/pkg/applicationprofilemanager/applicationprofile_manager_mock.go
@@ -2,7 +2,11 @@ package applicationprofilemanager
 
 import (
 	containercollection "github.com/inspektor-gadget/inspektor-gadget/pkg/container-collection"
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
+	tracerhardlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/hardlink/types"
 	tracerhttptype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/http/types"
+	tracersymlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/symlink/types"
+	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 )
 
 type ApplicationProfileManagerMock struct {
@@ -26,11 +30,11 @@ func (a ApplicationProfileManagerMock) ReportCapability(_, _ string) {
 	// noop
 }
 
-func (a ApplicationProfileManagerMock) ReportFileExec(_, _ string, _ []string) {
+func (a ApplicationProfileManagerMock) ReportFileExec(_ string, _ events.ExecEvent) {
 	// noop
 }
 
-func (a ApplicationProfileManagerMock) ReportFileOpen(_, _ string, _ []string) {
+func (a ApplicationProfileManagerMock) ReportFileOpen(_ string, _ events.OpenEvent) {
 	// noop
 }
 
@@ -46,6 +50,18 @@ func (a ApplicationProfileManagerMock) ReportRulePolicy(_, _, _ string, _ bool)
 	// noop
 }
 
+func (a ApplicationProfileManagerMock) ReportIdentifiedCallStack(_ string, _ *v1beta1.IdentifiedCallStack) {
+	// noop
+}
+
+func (a ApplicationProfileManagerMock) ReportSymlinkEvent(_ string, _ *tracersymlinktype.Event) {
+	// noop
+}
+
+func (a ApplicationProfileManagerMock) ReportHardlinkEvent(_ string, _ *tracerhardlinktype.Event) {
+	// noop
+}
+
 func (a ApplicationProfileManagerMock) ContainerReachedMaxTime(_ string) {
 	// noop
 }