feat(aa-log): add --raw option.

2024-11-14 23:43:56 +01:00 · 2023-09-24 19:50:15 +01:00 · 2023-09-24 19:50:15 +01:00 · 99d1a4e302
commit 99d1a4e302
parent 64564095e6
3 changed files with 44 additions and 2 deletions
--- a/cmd/aa-log/main.go
+++ b/cmd/aa-log/main.go
@ -29,6 +29,7 @@ Options:
    -f, --file FILE    Set a logfile or a suffix to the default log file.
    -s, --systemd      Parse systemd logs from journalctl.
    -r, --rules        Convert the log into AppArmor rules.
+    -R, --raw          Print the raw log without any formatting.

 `

@ -38,6 +39,7 @@ var (
 	rules   bool
 	path    string
 	systemd bool
+	raw     bool
 )

 func aaLog(logger string, path string, profile string) error {
@ -56,6 +58,11 @@ func aaLog(logger string, path string, profile string) error {
 		return err
 	}

+	if raw {
+		fmt.Print(logs.Raw(file, profile))
+		return nil
+	}
+
 	aaLogs := logs.NewApparmorLogs(file, profile)
 	if rules {
 		profiles := aaLogs.ParseToProfiles()
@ -77,6 +84,8 @@ func init() {
 	flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.")
 	flag.BoolVar(&rules, "r", false, "Convert the log into AppArmor rules.")
 	flag.BoolVar(&rules, "rules", false, "Convert the log into AppArmor rules.")
+	flag.BoolVar(&raw, "R", false, "Print the raw log without any formatting.")
+	flag.BoolVar(&raw, "raw", false, "Print the raw log without any formatting.")
 }

 func main() {
--- a/pkg/logs/loggers.go
+++ b/pkg/logs/loggers.go
@ -5,13 +5,18 @@
 package logs

 import (
+	"bufio"
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"regexp"
 	"strings"
+
+	"github.com/roddhjav/apparmor.d/pkg/util"
 )

 // LogFiles is the list of default path to query
@ -29,7 +34,7 @@ type systemdLog struct {
 func GetAuditLogs(path string) (io.Reader, error) {
 	file, err := os.Open(filepath.Clean(path))
 	if err != nil {
-		return nil, err
+		return file, err
 	}
 	return file, err
 }
@ -87,3 +92,31 @@ func SelectLogFile(path string) string {
 	}
 	return ""
 }
+
+func Raw(file io.Reader, profile string) string {
+	res := ""
+	isAppArmorLog := isAppArmorLogTemplate.Copy()
+	if profile != "" {
+		exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")`
+		exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile)
+		isAppArmorLog = regexp.MustCompile(exp)
+	}
+
+	// Select Apparmor logs
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if isAppArmorLog.MatchString(line) {
+			res += line + "\n"
+		}
+	}
+
+	// Clean & remove doublon in logs
+	for _, aa := range regCleanLogs {
+		res = aa.Regex.ReplaceAllLiteralString(res, aa.Repl)
+	}
+	logs := strings.Split(res, "\n")
+	logs = util.RemoveDuplicate(logs)
+
+	return strings.Join(logs, "\n")
+}
--- a/pkg/logs/loggers_test.go
+++ b/pkg/logs/loggers_test.go
@ -78,7 +78,7 @@ func TestSelectLogFile(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := SelectLogFile(tt.path); got != tt.want {
-				t.Errorf("getLogFile() = %v, want %v", got, tt.want)
+				t.Errorf("SelectLogFile() = %v, want %v", got, tt.want)
 			}
 		})
 	}