feat(aa-log): minor structure improvments.

2025-01-18 00:48:10 +01:00 · 2023-07-23 17:00:52 +01:00 · 2023-07-23 17:00:52 +01:00 · 6325314825
commit 6325314825
parent 85e7832f0b
2 changed files with 34 additions and 20 deletions
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@ -36,14 +36,11 @@ const Username = "AAD"
 var (
 	quoted                bool
 	isAppArmorLogTemplate = regexp.MustCompile(`apparmor=("DENIED"|"ALLOWED"|"AUDIT")`)
-	regAALogs             = []struct {
-		regex *regexp.Regexp
-		repl  string
-	}{
-		{regexp.MustCompile(`.*apparmor="`), `apparmor="`},
-		{regexp.MustCompile(`(peer_|)pid=[0-9]*\s`), " "},
-		{regexp.MustCompile(`\x1d`), " "},
-	}
+	regAALogs             = util.ToRegexRepl([]string{
+		`.*apparmor="`, `apparmor="`,
+		`(peer_|)pid=[0-9]*\s`, " ",
+		`\x1d`, " ",
+	})
 )

 type AppArmorLog map[string]string
@ -86,7 +83,7 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {

 	// Clean logs
 	for _, aa := range regAALogs {
-		log = aa.regex.ReplaceAllLiteralString(log, aa.repl)
+		log = aa.Regex.ReplaceAllLiteralString(log, aa.Repl)
 	}

 	// Remove doublon in logs
@ -124,19 +121,16 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
 func (aaLogs AppArmorLogs) Anonymize() {
 	user, _ := user.Current()
 	keys := []string{"name", "comm"}
-	regAnonymizeLogs := []struct {
-		regex *regexp.Regexp
-		repl  string
-	}{
-		{regexp.MustCompile(user.Username), Username},
-		{regexp.MustCompile(`/home/[^/]+`), `/home/` + Username},
-		{regexp.MustCompile(`[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*`), `b08dfa60-83e7-567a-1921-a715000001fb`},
-	}
+	regAnonymizeLogs := util.ToRegexRepl([]string{
+		user.Username, Username,
+		`/home/[^/]+`, `/home/` + Username,
+		`[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*`, `b08dfa60-83e7-567a-1921-a715000001fb`,
+	})
 	for _, log := range aaLogs {
 		for _, key := range keys {
 			if _, ok := log[key]; ok {
 				for _, aa := range regAnonymizeLogs {
-					log[key] = aa.regex.ReplaceAllLiteralString(log[key], aa.repl)
+					log[key] = aa.Regex.ReplaceAllLiteralString(log[key], aa.Repl)
 				}
 			}
 		}
@ -158,12 +152,12 @@ func (aaLogs AppArmorLogs) String() string {
 		"mask", "bus", "path", "interface", "member", // dbus
 		"info", "comm",
 		"laddr", "lport", "faddr", "fport", "family", "sock_type", "protocol",
-		"requested_mask", "denied_mask", "signal", "peer", // "fsuid", "ouid", "FSUID", "OUID",
+		"requested_mask", "denied_mask", "signal", "peer",
 	}
 	// Key to not print
 	ignore := []string{
 		"fsuid", "ouid", "FSUID", "OUID", "exe", "SAUID", "sauid", "terminal",
-		"UID", "AUID", "hostname", "addr",
+		"UID", "AUID", "hostname", "addr", "class",
 	}
 	// Color template to use
 	colors := map[string]string{
--- a/pkg/util/tools.go
+++ b/pkg/util/tools.go
@ -11,6 +11,11 @@ import (

 var isHexa = regexp.MustCompile("^[0-9A-Fa-f]+$")

+type RegexRepl struct {
+	Regex *regexp.Regexp
+	Repl  string
+}
+
 // DecodeHex decode a string if it is hexa.
 func DecodeHex(str string) string {
 	if isHexa.MatchString(str) {
@ -34,3 +39,18 @@ func RemoveDuplicate[T comparable](inlist []T) []T {
 	}
 	return list
 }
+
+// ToRegexRepl convert slice of regex into a slice of RegexRepl
+func ToRegexRepl(in []string) []RegexRepl {
+	out := make([]RegexRepl, 0)
+	idx := 0
+	for idx < len(in)-1 {
+		regex, repl := in[idx], in[idx+1]
+		out = append(out, RegexRepl{
+			Regex: regexp.MustCompile(regex),
+			Repl:  repl,
+		})
+		idx = idx + 2
+	}
+	return out
+}