From cd80a7d9199fbf08951e646bfb341d41bb6bab27 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 30 Sep 2023 15:34:30 +0100 Subject: [PATCH] refractor(aa-log): merge identical function together. --- cmd/aa-log/main.go | 3 ++- pkg/logs/loggers.go | 55 ++++++++++++++++++++++----------------------- pkg/logs/logs.go | 26 +-------------------- 3 files changed, 30 insertions(+), 54 deletions(-) diff --git a/cmd/aa-log/main.go b/cmd/aa-log/main.go index a7ef9a56..f8cf0509 100644 --- a/cmd/aa-log/main.go +++ b/cmd/aa-log/main.go @@ -9,6 +9,7 @@ import ( "fmt" "io" "os" + "strings" "github.com/roddhjav/apparmor.d/pkg/logs" "golang.org/x/exp/slices" @@ -59,7 +60,7 @@ func aaLog(logger string, path string, profile string) error { } if raw { - fmt.Print(logs.Raw(file, profile)) + fmt.Print(strings.Join(logs.GetApparmorLogs(file, profile), "\n")) return nil } diff --git a/pkg/logs/loggers.go b/pkg/logs/loggers.go index 3f462d0d..54abe43f 100644 --- a/pkg/logs/loggers.go +++ b/pkg/logs/loggers.go @@ -30,6 +30,33 @@ type systemdLog struct { Message string `json:"MESSAGE"` } +// GetApparmorLogs return a list of cleaned apparmor logs from a file +func GetApparmorLogs(file io.Reader, profile string) []string { + res := "" + isAppArmorLog := isAppArmorLogTemplate.Copy() + if profile != "" { + exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")` + exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile) + isAppArmorLog = regexp.MustCompile(exp) + } + + // Select Apparmor logs + scanner := bufio.NewScanner(file) + for scanner.Scan() { + line := scanner.Text() + if isAppArmorLog.MatchString(line) { + res += line + "\n" + } + } + + // Clean & remove doublon in logs + for _, aa := range regCleanLogs { + res = aa.Regex.ReplaceAllLiteralString(res, aa.Repl) + } + logs := strings.Split(res, "\n") + return util.RemoveDuplicate(logs) +} + // GetAuditLogs return a reader with the logs entries from Auditd func GetAuditLogs(path string) (io.Reader, error) { file, err := os.Open(filepath.Clean(path)) @@ -92,31 +119,3 @@ func SelectLogFile(path string) string { } return "" } - -func Raw(file io.Reader, profile string) string { - res := "" - isAppArmorLog := isAppArmorLogTemplate.Copy() - if profile != "" { - exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")` - exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile) - isAppArmorLog = regexp.MustCompile(exp) - } - - // Select Apparmor logs - scanner := bufio.NewScanner(file) - for scanner.Scan() { - line := scanner.Text() - if isAppArmorLog.MatchString(line) { - res += line + "\n" - } - } - - // Clean & remove doublon in logs - for _, aa := range regCleanLogs { - res = aa.Regex.ReplaceAllLiteralString(res, aa.Repl) - } - logs := strings.Split(res, "\n") - logs = util.RemoveDuplicate(logs) - - return strings.Join(logs, "\n") -} diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go index 4d47497e..06576e14 100644 --- a/pkg/logs/logs.go +++ b/pkg/logs/logs.go @@ -5,8 +5,6 @@ package logs import ( - "bufio" - "fmt" "io" "regexp" "strings" @@ -101,29 +99,7 @@ func toQuote(str string) string { // NewApparmorLogs return a new ApparmorLogs list of map from a log file func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs { - log := "" - isAppArmorLog := isAppArmorLogTemplate.Copy() - if profile != "" { - exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")` - exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile) - isAppArmorLog = regexp.MustCompile(exp) - } - - // Select Apparmor logs - scanner := bufio.NewScanner(file) - for scanner.Scan() { - line := scanner.Text() - if isAppArmorLog.MatchString(line) { - log += line + "\n" - } - } - - // Clean & remove doublon in logs - for _, aa := range regCleanLogs { - log = aa.Regex.ReplaceAllLiteralString(log, aa.Repl) - } - logs := strings.Split(log, "\n") - logs = util.RemoveDuplicate(logs) + logs := GetApparmorLogs(file, profile) // Parse log into ApparmorLog struct aaLogs := make(AppArmorLogs, 0)