-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
chown.go
67 lines (54 loc) · 1.7 KB
/
chown.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
//go:build linux
// Package selftests holds selftests related files
package selftests
import (
"fmt"
"os/exec"
"os/user"
"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
"github.com/DataDog/datadog-agent/pkg/security/secl/rules"
"github.com/DataDog/datadog-agent/pkg/util/log"
)
// ChownSelfTest defines a chown self test
type ChownSelfTest struct {
ruleID eval.RuleID
filename string
isSuccess bool
}
// GetRuleDefinition returns the rule
func (o *ChownSelfTest) GetRuleDefinition() *rules.RuleDefinition {
o.ruleID = fmt.Sprintf("%s_chown", ruleIDPrefix)
return &rules.RuleDefinition{
ID: o.ruleID,
Expression: fmt.Sprintf(`chown.file.path == "%s"`, o.filename),
}
}
// GenerateEvent generate an event
func (o *ChownSelfTest) GenerateEvent() error {
o.isSuccess = false
// we need to use chown (or any other external program) as our PID is discarded by probes
// so the events would not be generated
currentUser, err := user.Current()
if err != nil {
log.Debugf("error retrieving uid: %v", err)
return err
}
cmd := exec.Command("chown", currentUser.Uid, o.filename)
if err := cmd.Run(); err != nil {
log.Debugf("error running chown: %v", err)
return err
}
return nil
}
// HandleEvent handles self test events
func (o *ChownSelfTest) HandleEvent(event selfTestEvent) {
o.isSuccess = event.RuleID == o.ruleID
}
// IsSuccess return the state of the test
func (o *ChownSelfTest) IsSuccess() bool {
return o.isSuccess
}