Rewrite Python code in Go (#47)

Rewrite Python code in Go

.gitignore

@@ -1,4 +1,6 @@
-*__pycache__*
+.vscode
 .idea
+tracee_*
+*__pycache__*
 venv
 *.pyc

Makefile

@@ -1,2 +1,19 @@
-test:
-	python -m unittest -v test_container_tracer
+os ?= $(shell uname -s | tr '[:upper:]' '[:lower:]')
+
+.PHONY: build
+build: tracee_$(os)
+
+SRC = $(shell find . -type f -name '*.go')
+tracee_%: $(SRC)
+	GOOS=$* go build -o $(@F)
+
+.PHONY: test
+test: $(SRC)
+	go test -v .
+
+.PHONY: clean
+clean:
+	rm tracee_*
+
+python-test:
+	python -m unittest -v test_container_tracer

go.mod

@@ -0,0 +1,8 @@
+module github.com/aquasecurity/tracee
+
+go 1.13
+
+require (
+	github.com/iovisor/gobpf v0.0.0-20191219090757-e72091e3c5e6
+	github.com/urfave/cli/v2 v2.1.1
+)

go.sum

@@ -0,0 +1,17 @@
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/iovisor/gobpf v0.0.0-20191017091429-c3024dcc6881 h1:DRdqUzrTOOIlh9Fzmf59XZBLoTrUdiSN3Z0ThUkVfqM=
+github.com/iovisor/gobpf v0.0.0-20191017091429-c3024dcc6881/go.mod h1:+5U5qu5UOu8YJ5oHVLvWKH7/Dr5QNHU7mZ2RfPEeXg8=
+github.com/iovisor/gobpf v0.0.0-20191219090757-e72091e3c5e6 h1:iFG10/KLpx/+XAWkOp7cCg4cHC4ZJ1NfYyhy+ti6GMA=
+github.com/iovisor/gobpf v0.0.0-20191219090757-e72091e3c5e6/go.mod h1:+5U5qu5UOu8YJ5oHVLvWKH7/Dr5QNHU7mZ2RfPEeXg8=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
+github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
+github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

main.go

@@ -0,0 +1,101 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"strings"
+
+	"github.com/aquasecurity/tracee/tracee"
+	"github.com/urfave/cli/v2"
+)
+
+func main() {
+	app := &cli.App{
+		Name:  "Tracee",
+		Usage: "Trace OS events and syscalls using eBPF",
+		Action: func(c *cli.Context) error {
+			if c.Bool("list") {
+				printList()
+				return nil
+			}
+			cfg, err := tracee.NewConfig(
+				c.StringSlice("events-to-trace"),
+				c.Bool("container"),
+				c.Bool("detect-original-syscall"),
+				c.String("output"),
+			)
+			if err != nil {
+				return fmt.Errorf("error creating Tracee config: %v", err)
+			}
+			t, err := tracee.New(*cfg)
+			if err != nil {
+				// t is being closed internally
+				return fmt.Errorf("error creating Tracee: %v", err)
+			}
+			return t.Run()
+		},
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:    "output",
+				Aliases: []string{"o"},
+				Value:   "table",
+				Usage:   "output format: table (default)/json",
+			},
+			&cli.StringSliceFlag{
+				Name:    "events-to-trace",
+				Aliases: []string{"e"},
+				Value:   nil,
+				Usage:   "trace only the specified events and syscalls",
+			},
+			&cli.BoolFlag{
+				Name:    "list",
+				Aliases: []string{"l"},
+				Value:   false,
+				Usage:   "just list tracable events",
+			},
+			&cli.BoolFlag{
+				Name:    "container",
+				Aliases: []string{"c"},
+				Value:   false,
+				Usage:   "trace only containers",
+			},
+			&cli.BoolFlag{
+				Name:  "detect-original-syscall",
+				Value: false,
+				Usage: "when tracing kernel functions which are not syscalls (such as cap_capable), detect and show the original syscall that called that function",
+			},
+		},
+	}
+
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func printList() {
+	const sep = ", "
+	var b strings.Builder
+	var i int32
+	for i = 0; i <= tracee.EventIDSyscallMax; i++ {
+		if name, ok := tracee.EventsIDToName[i]; ok {
+			b.WriteString(name)
+			b.WriteString(sep)
+		}
+	}
+	fmt.Println("System calls:")
+	fmt.Println(strings.TrimSuffix(b.String(), sep))
+
+	b.Reset()
+	fmt.Println()
+
+	for i = tracee.EventIDSyscallMax + 1; i <= tracee.EventIDMax; i++ {
+		if name, ok := tracee.EventsIDToName[i]; ok {
+			b.WriteString(name)
+			b.WriteString(sep)
+		}
+	}
+	fmt.Println("System events:")
+	fmt.Println(strings.TrimSuffix(b.String(), sep))
+}