-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathdynAnalysisStressTest.py
executable file
·178 lines (141 loc) · 7.55 KB
/
dynAnalysisStressTest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
import os, sys, subprocess, signal
import re
sys.path.insert(0, './python-utils/')
import optparse
import container
import util
import bisect
import time
from datetime import datetime
import sysdig
import constants as C
import processMonitorFactory
class DynamicAnalysisTester():
"""
This class can be used to stress test the monitoring tool used in our dynamic analysis phase
"""
def __init__(self, name, imagePath, options,
monitoringTool, logger, isDependent=False):
self.logger = logger
self.name = name
self.imagePath = imagePath
self.options = options
self.status = False
self.runnable = False
self.installStatus = False
self.debloatStatus = False
self.errorMessage = ""
self.isDependent = isDependent
self.containerName = None
self.monitoringTool = monitoringTool
def getStatus(self):
return self.status
def getRunnableStatus(self):
return self.runnable
def getInstallStatus(self):
return self.installStatus
def getDebloatStatus(self):
return self.debloatStatus
def getErrorMessage(self):
return self.errorMessage
def getContainerName(self):
return self.containerName
def run(self, totalCount):
psListSizes = list()
if os.geteuid() != 0:
self.logger.error("This script must be run as ROOT only!")
exit("This script must be run as ROOT only. Exiting.")
myContainer = container.Container(self.imagePath, self.options, self.logger)
self.containerName = myContainer.getContainerName()
if ( not myContainer.pruneVolumes() ):
self.logger.warning("Pruning volumes failed, storage may run out of space\n")
ttr = 10
logSleepTime = 60
runCount = 1
sysdigErrCount = 0
if ( self.name == "softwareag-apigateway" ):
logSleepTime = 60
if ( self.name == "cirros" ):
logSleepTime = 120
psListAll = set()
self.logger.info("--->Starting MONITOR phase:")
while ( runCount <= totalCount ):
myMonitor = processMonitorFactory.Factory(self.logger, self.monitoringTool)
self.logger.debug("Trying to kill and delete container which might not be running in loop... Not a problem if returns error")
str(myContainer.kill())
str(myContainer.delete())
self.logger.info("Running monitoring tool multiple times. Run count: %d from total: %d", runCount, totalCount)
#sysdigResult = mySysdig.runSysdigWithDuration(logSleepTime)
monitorResult = myMonitor.runWithDuration(logSleepTime)
if ( not monitorResult ):
self.logger.error("Running sysdig with execve failed, not continuing for container: %s", self.name)
self.logger.error("Please make sure sysdig is installed and you are running the script with root privileges. If problem consists please contact our support team.")
self.errorMessage = "Running sysdig with execve failed"
time.sleep(5)
if ( monitorResult and myContainer.runWithoutSeccomp() ):#myContainer.run() ):
self.status = True
self.logger.info("Ran container sleeping for %d seconds to generate logs and extract execve system calls", logSleepTime)
time.sleep(logSleepTime)
myMonitor.waitUntilComplete()
originalLogs = myContainer.checkLogs()
self.logger.debug("originalLog: %s", originalLogs)
time.sleep(10)
if ( not myContainer.checkStatus() ):
self.logger.warning("Container exited after running, trying to run in attached mode!")
self.logger.debug(str(myContainer.delete()))
if ( not myContainer.runInAttachedMode() ):
self.errorMessage = "Container didn't run in attached mode either, forfeiting!"
self.logger.error("Container didn't run in attached mode either, forfeiting!")
self.logger.error("There is a problem launching a container for %s. Please validate you can run the container without Confine. If so, contact our support team.", self.name)
self.logger.debug(str(myContainer.delete()))
return C.NOATTACH
else:
time.sleep(10)
if ( not myContainer.checkStatus() ):
self.errorMessage = "Container got killed after running in attached mode as well!"
self.logger.error("Container got killed after running in attached mode as well, forfeiting!")
self.logger.error("There is a problem launching a container for %s. Please validate you can run the container without Confine. If so, contact our support team.", self.name)
self.logger.debug(str(myContainer.kill()))
self.logger.debug(str(myContainer.delete()))
return C.CONSTOP
psList = myMonitor.extractPsNames("execve", myContainer.getContainerName(), myContainer.getContainerId())
if ( not psList or len(psList) == 0 ):
self.logger.error("PS List is None or empyt from extractPsNames(). Retrying this container: %s", self.name)
self.logger.debug(str(myContainer.kill()))
self.logger.debug(str(myContainer.delete()))
self.errorMessage = "PS List is None or empty from extractPsNames(), error in sysdig, retrying this container"
sysdigErrCount += 1
self.logger.info("current psList: %s", str(psList))
if ( psList ):
psListSizes.append(len(psList))
else:
psListSizes.append(0)
self.logger.info("psListSizes till now: %s", str(psListSizes))
runCount += 1
return psListSizes
import logging
if __name__ == '__main__':
usage = "Usage: --imagename nginx --monitoringtool [sysdig/execsnoop] --count 1000"
parser = optparse.OptionParser(usage=usage, version="1")
parser.add_option("", "--imagename", dest="imagename", default=None, nargs=1,
help="Image name to use for stress test")
parser.add_option("", "--monitoringtool", dest="monitoringtool", default="sysdig", nargs=1,
help="Monitoring tool to be used for dynamic analysis")
parser.add_option("-n", "--count", dest="count", default=1000, nargs=1,
help="Number of times to run stress test")
parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False,
help="Debug enabled/disabled")
(options, args) = parser.parse_args()
rootLogger = logging.getLogger("test")
rootLogger.setLevel(logging.DEBUG)
handler = logging.StreamHandler(sys.stdout)
handler.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
handler.setFormatter(formatter)
rootLogger.addHandler(handler)
killAllContainers = container.killToolContainers(rootLogger)
deleteAllContainers = container.deleteStoppedContainers(rootLogger)
dynTester = DynamicAnalysisTester(options.imagename, options.imagename,
None, options.monitoringtool, rootLogger)
psListSizes = dynTester.run(int(options.count))
rootLogger.info("psListSizes: %s", str(psListSizes))