opensnitch/daemon/procmon/parse.go

package procmon

import (
	"fmt"
	"io/ioutil"
	"os"
	"strings"

	"github.com/evilsocket/opensnitch/daemon/core"
)

func GetPIDFromINode(inode int) int {
	expect := fmt.Sprintf("socket:[%d]", inode)
	found := -1

	forEachProcess(func(pid int, path string, args []string) bool {
		// for every descriptor
		fdPath := fmt.Sprintf("/proc/%d/fd/", pid)
		if descriptors, err := ioutil.ReadDir(fdPath); err == nil {
			for _, desc := range descriptors {
				descLink := fmt.Sprintf("%s%s", fdPath, desc.Name())
				// resolve the symlink and compare to what we expect
				if link, err := os.Readlink(descLink); err == nil && link == expect {
					found = pid
					return true
				}
			}
		}
		// keep looping
		return false
	})

	return found
}

func parseCmdLine(proc *Process) {
	if data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/cmdline", proc.ID)); err == nil {
		for i, b := range data {
			if b == 0x00 {
				data[i] = byte(' ')
			}
		}

		args := strings.Split(string(data), " ")
		for _, arg := range args {
			arg = core.Trim(arg)
			if arg != "" {
				proc.Args = append(proc.Args, arg)
			}
		}
	}
}

func parseEnv(proc *Process) {
	if data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/environ", proc.ID)); err == nil {
		for _, s := range strings.Split(string(data), "\x00") {
			parts := strings.SplitN(core.Trim(s), "=", 2)
			if parts != nil && len(parts) == 2 {
				key := core.Trim(parts[0])
				val := core.Trim(parts[1])
				proc.Env[key] = val
			}
		}
	}
}

func FindProcess(pid int) *Process {
	linkName := fmt.Sprintf("/proc/%d/exe", pid)
	if core.Exists(linkName) == false {
		return nil
	}

	if link, err := os.Readlink(linkName); err == nil && core.Exists(link) == true {
		proc := NewProcess(pid, link)

		parseCmdLine(proc)
		parseEnv(proc)

		return proc
	}
	return nil
}
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`package procmon`

			`import (`
			`"fmt"`
			`"io/ioutil"`
			`"os"`
			`"strings"`

			`"github.com/evilsocket/opensnitch/daemon/core"`
			`)`

optimization 2018-04-16 19:12:46 +02:00			`func GetPIDFromINode(inode int) int {`
			`expect := fmt.Sprintf("socket:[%d]", inode)`
using ftrace in order to track pids in realtime 2018-04-17 18:08:03 +02:00			`found := -1`

			`forEachProcess(func(pid int, path string, args []string) bool {`
optimization 2018-04-16 19:12:46 +02:00			`// for every descriptor`
using ftrace in order to track pids in realtime 2018-04-17 18:08:03 +02:00			`fdPath := fmt.Sprintf("/proc/%d/fd/", pid)`
			`if descriptors, err := ioutil.ReadDir(fdPath); err == nil {`
optimization 2018-04-16 19:12:46 +02:00			`for _, desc := range descriptors {`
using ftrace in order to track pids in realtime 2018-04-17 18:08:03 +02:00			`descLink := fmt.Sprintf("%s%s", fdPath, desc.Name())`
optimization 2018-04-16 19:12:46 +02:00			`// resolve the symlink and compare to what we expect`
			`if link, err := os.Readlink(descLink); err == nil && link == expect {`
using ftrace in order to track pids in realtime 2018-04-17 18:08:03 +02:00			`found = pid`
			`return true`
optimization 2018-04-16 19:12:46 +02:00			`}`
			`}`
			`}`
using ftrace in order to track pids in realtime 2018-04-17 18:08:03 +02:00			`// keep looping`
			`return false`
			`})`

			`return found`
optimization 2018-04-16 19:12:46 +02:00			`}`

misc: small fix or general refactoring i did not bother commenting 2018-04-15 15:39:43 +02:00			`func parseCmdLine(proc *Process) {`
			`if data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/cmdline", proc.ID)); err == nil {`
			`for i, b := range data {`
			`if b == 0x00 {`
			`data[i] = byte(' ')`
			`}`
			`}`

			`args := strings.Split(string(data), " ")`
			`for _, arg := range args {`
			`arg = core.Trim(arg)`
			`if arg != "" {`
			`proc.Args = append(proc.Args, arg)`
			`}`
			`}`
			`}`
			`}`

			`func parseEnv(proc *Process) {`
			`if data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/environ", proc.ID)); err == nil {`
			`for _, s := range strings.Split(string(data), "\x00") {`
			`parts := strings.SplitN(core.Trim(s), "=", 2)`
misc: small fix or general refactoring i did not bother commenting 2018-04-15 15:40:40 +02:00			`if parts != nil && len(parts) == 2 {`
misc: small fix or general refactoring i did not bother commenting 2018-04-15 15:39:43 +02:00			`key := core.Trim(parts[0])`
			`val := core.Trim(parts[1])`
			`proc.Env[key] = val`
			`}`
			`}`
			`}`
			`}`

misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`func FindProcess(pid int) *Process {`
			`linkName := fmt.Sprintf("/proc/%d/exe", pid)`
			`if core.Exists(linkName) == false {`
			`return nil`
			`}`

			`if link, err := os.Readlink(linkName); err == nil && core.Exists(link) == true {`
			`proc := NewProcess(pid, link)`

misc: small fix or general refactoring i did not bother commenting 2018-04-15 15:39:43 +02:00			`parseCmdLine(proc)`
			`parseEnv(proc)`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00
			`return proc`
			`}`
			`return nil`
			`}`