Skip to content

Commit 5febde9

Browse files
matthyxmatthyx
committed
add NormalizePath to ensure IG paths are always full
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
1 parent 5359542 commit 5febde9

File tree

5 files changed

+120
-10
lines changed

5 files changed

+120
-10
lines changed

pkg/utils/datasource_event.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -381,7 +381,7 @@ func (e *DatasourceEvent) GetExePath() string {
381381
switch e.EventType {
382382
case DnsEventType, ExecveEventType, ForkEventType, PtraceEventType, RandomXEventType, KmodEventType, UnshareEventType, BpfEventType:
383383
exepath, _ := e.getFieldAccessor("exepath").String(e.Data)
384-
return exepath
384+
return NormalizePath(exepath)
385385
default:
386386
logger.L().Warning("GetExePath not implemented for event type", helpers.String("eventType", string(e.EventType)))
387387
return ""
@@ -432,7 +432,7 @@ func (e *DatasourceEvent) GetFullPath() string {
432432
if path == "" {
433433
path, _ = e.getFieldAccessor("fname").String(e.Data)
434434
}
435-
return path
435+
return NormalizePath(path)
436436
default:
437437
logger.L().Warning("GetFullPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
438438
return ""
@@ -499,7 +499,7 @@ func (e *DatasourceEvent) GetNewPath() string {
499499
switch e.EventType {
500500
case HardlinkEventType, SymlinkEventType:
501501
newPath, _ := e.getFieldAccessor("newpath").String(e.Data)
502-
return newPath
502+
return NormalizePath(newPath)
503503
default:
504504
logger.L().Warning("GetNewPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
505505
return ""
@@ -521,7 +521,7 @@ func (e *DatasourceEvent) GetOldPath() string {
521521
switch e.EventType {
522522
case HardlinkEventType, SymlinkEventType:
523523
oldPath, _ := e.getFieldAccessor("oldpath").String(e.Data)
524-
return oldPath
524+
return NormalizePath(oldPath)
525525
default:
526526
logger.L().Warning("GetOldPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
527527
return ""
@@ -559,7 +559,7 @@ func (e *DatasourceEvent) GetPath() string {
559559
switch e.EventType {
560560
case OpenEventType:
561561
path, _ := e.getFieldAccessor("fname").String(e.Data)
562-
return path
562+
return NormalizePath(path)
563563
default:
564564
logger.L().Warning("GetPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
565565
return ""

pkg/utils/normalize_path_test.go

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
package utils
2+
3+
import (
4+
"github.com/stretchr/testify/assert"
5+
"testing"
6+
)
7+
8+
func TestNormalizePath(t *testing.T) {
9+
tests := []struct {
10+
name string
11+
input string
12+
expected string
13+
}{
14+
{
15+
name: "empty path",
16+
input: "",
17+
expected: "",
18+
},
19+
{
20+
name: "dot path",
21+
input: ".",
22+
expected: "/",
23+
},
24+
{
25+
name: "absolute path",
26+
input: "/etc/passwd",
27+
expected: "/etc/passwd",
28+
},
29+
{
30+
name: "headless proc path (task)",
31+
input: "/46/task/46/fd",
32+
expected: "/proc/46/task/46/fd",
33+
},
34+
{
35+
name: "headless proc path (fd)",
36+
input: "/46/fd/3",
37+
expected: "/proc/46/fd/3",
38+
},
39+
{
40+
name: "already absolute proc path",
41+
input: "/proc/46/fd/3",
42+
expected: "/proc/46/fd/3",
43+
},
44+
{
45+
name: "relative path (not dot)",
46+
input: "usr/bin/ls",
47+
expected: "/usr/bin/ls",
48+
},
49+
{
50+
name: "relative path with ./",
51+
input: "./config",
52+
expected: "/config",
53+
},
54+
{
55+
name: "path with redundant slashes",
56+
input: "/etc//passwd",
57+
expected: "/etc/passwd",
58+
},
59+
{
60+
name: "path with dot components",
61+
input: "/usr/./bin/../lib",
62+
expected: "/usr/lib",
63+
},
64+
}
65+
66+
for _, tt := range tests {
67+
t.Run(tt.name, func(t *testing.T) {
68+
got := NormalizePath(tt.input)
69+
assert.Equal(t, tt.expected, got)
70+
})
71+
}
72+
}

pkg/utils/path.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
package utils
2+
3+
import (
4+
"path"
5+
"regexp"
6+
"strings"
7+
)
8+
9+
var headlessProcRegex = regexp.MustCompile(`^/\d+/(task|fd)/`)
10+
11+
// NormalizePath normalizes a path by:
12+
// 1. Prepending "/proc" to "headless" proc paths (e.g. /46/task/46/fd -> /proc/46/task/46/fd)
13+
// 2. Ensuring it starts with "/" if it's not empty
14+
// 3. Converting "." to "/"
15+
// 4. Cleaning the path (removing redundant slashes, dot-dots, etc.)
16+
func NormalizePath(p string) string {
17+
if p == "" {
18+
return ""
19+
}
20+
21+
if p == "." {
22+
return "/"
23+
}
24+
25+
if headlessProcRegex.MatchString(p) {
26+
p = "/proc" + p
27+
}
28+
29+
if !strings.HasPrefix(p, "/") {
30+
p = "/" + p
31+
}
32+
33+
return path.Clean(p)
34+
}

pkg/utils/struct_event.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -252,7 +252,7 @@ func (e *StructEvent) GetEventType() EventType {
252252
func (e *StructEvent) GetExePath() string {
253253
switch e.EventType {
254254
case DnsEventType, ExecveEventType, ForkEventType, PtraceEventType, RandomXEventType, KmodEventType, UnshareEventType, BpfEventType:
255-
return e.ExePath
255+
return NormalizePath(e.ExePath)
256256
default:
257257
logger.L().Warning("GetExePath not implemented for event type", helpers.String("eventType", string(e.EventType)))
258258
return ""
@@ -296,7 +296,7 @@ func (e *StructEvent) GetFlagsRaw() uint32 {
296296
func (e *StructEvent) GetFullPath() string {
297297
switch e.EventType {
298298
case OpenEventType:
299-
return e.FullPath
299+
return NormalizePath(e.FullPath)
300300
default:
301301
logger.L().Warning("GetFullPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
302302
return ""
@@ -352,7 +352,7 @@ func (e *StructEvent) GetNamespace() string {
352352
func (e *StructEvent) GetNewPath() string {
353353
switch e.EventType {
354354
case HardlinkEventType, SymlinkEventType:
355-
return e.NewPath
355+
return NormalizePath(e.NewPath)
356356
default:
357357
logger.L().Warning("GetNewPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
358358
return ""
@@ -372,7 +372,7 @@ func (e *StructEvent) GetNumAnswers() int {
372372
func (e *StructEvent) GetOldPath() string {
373373
switch e.EventType {
374374
case HardlinkEventType, SymlinkEventType:
375-
return e.OldPath
375+
return NormalizePath(e.OldPath)
376376
default:
377377
logger.L().Warning("GetOldPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
378378
return ""
@@ -408,7 +408,7 @@ func (e *StructEvent) GetPath() string {
408408
}
409409
switch e.EventType {
410410
case OpenEventType:
411-
return e.Path
411+
return NormalizePath(e.Path)
412412
default:
413413
logger.L().Warning("GetPath not implemented for event type", helpers.String("eventType", string(e.EventType)))
414414
return ""

tests/chart/templates/node-agent/daemonset.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,10 @@ spec:
119119
{{- if .value }}
120120
value: "{{ .value }}"
121121
{{- end }}
122+
{{- if .valueFrom }}
123+
valueFrom:
124+
{{ toYaml .valueFrom | indent 16 }}
125+
{{- end }}
122126
{{- end }}
123127
securityContext:
124128
runAsUser: 0

0 commit comments

Comments
 (0)