feat(proctree): fill timestamp of proctree info objects

Fill the timestamp field of proctree info objects upon query.

go.mod

@@ -181,4 +181,5 @@ require (
 	kernel.org/pub/linux/libs/security/libcap/psx v1.2.68 // indirect
 )
 
+replace github.com/aquasecurity/tracee/types => ./types
 replace github.com/kubernetes/cri-api => k8s.io/cri-api v0.23.5-rc.0

pkg/proctree/datasource.go

@@ -143,6 +143,7 @@ func (ptds *DataSource) exportProcessInfo(
 		ThreadsIds:        aliveThreads,
 		ChildProcessesIds: aliveChildren,
 		IsAlive:           info.IsAliveAt(queryTime),
+		Timestamp:         queryTime,
 	}
 }
 
@@ -166,6 +167,7 @@ func (ptds *DataSource) exportThreadInfo(
 		ExitTime:  info.GetExitTime(),
 		Name:      infoFeed.Name,
 		IsAlive:   info.IsAliveAt(queryTime),
+		Timestamp: queryTime,
 	}
 }
 
@@ -215,11 +217,12 @@ func exportFileInfo(fileInfo *FileInfo, queryTime time.Time) datasource.FileInfo
 
 	// Export the information as the expected datasource file structure.
 	return datasource.FileInfo{
-		Path:   fileInfoFeed.Path,
-		Hash:   "", // TODO: Add
-		Inode:  fileInfoFeed.Inode,
-		Device: fileInfoFeed.Dev,
-		Ctime:  time.Unix(0, int64(fileInfoFeed.Ctime)),
-		Mode:   fileInfoFeed.InodeMode,
+		Path:      fileInfoFeed.Path,
+		Hash:      "", // TODO: Add
+		Inode:     fileInfoFeed.Inode,
+		Device:    fileInfoFeed.Dev,
+		Ctime:     time.Unix(0, int64(fileInfoFeed.Ctime)),
+		Mode:      fileInfoFeed.InodeMode,
+		Timestamp: queryTime,
 	}
 }

tests/e2e-inst-signatures/e2e-proctree_data_source.go

@@ -136,11 +136,12 @@ func (sig *e2eProcessTreeDataSource) checkThread(eventObj *trace.Event) error {
 		)
 	}
 
+	queryTime := time.Unix(0, int64(eventObj.Timestamp))
 	// Pick the thread info from the data source
 	threadQueryAnswer, err := sig.processTreeDS.Get(
 		datasource.ThreadKey{
 			EntityId: eventObj.ThreadEntityId,
-			Time:     time.Unix(0, int64(eventObj.Timestamp)), // at the time event was emitted
+			Time:     queryTime, // at the time event was emitted
 		},
 	)
 	if err != nil {
@@ -161,6 +162,9 @@ func (sig *e2eProcessTreeDataSource) checkThread(eventObj *trace.Event) error {
 	if threadInfo.Pid != eventObj.HostProcessID {
 		return fmt.Errorf(debug("no match for pid"))
 	}
+	if threadInfo.Timestamp != queryTime {
+		return fmt.Errorf(debug("no match for info timestamp"))
+	}
 
 	return nil
 }
@@ -175,11 +179,12 @@ func (sig *e2eProcessTreeDataSource) checkProcess(eventObj *trace.Event) error {
 		)
 	}
 
+	queryTime := time.Unix(0, int64(eventObj.Timestamp))
 	// Pick the process info from the data source
 	procQueryAnswer, err := sig.processTreeDS.Get(
 		datasource.ProcKey{
 			EntityId: eventObj.ProcessEntityId,
-			Time:     time.Unix(0, int64(eventObj.Timestamp)),
+			Time:     queryTime,
 		})
 	if err != nil {
 		return fmt.Errorf(debug("could not find process"))
@@ -199,6 +204,9 @@ func (sig *e2eProcessTreeDataSource) checkProcess(eventObj *trace.Event) error {
 	if processInfo.Ppid != eventObj.HostParentProcessID {
 		return fmt.Errorf(debug("no match for ppid"))
 	}
+	if processInfo.Timestamp != queryTime {
+		return fmt.Errorf(debug("no match for timestamp"))
+	}
 
 	// Check if the process lists itself in the list of its threads (case #1)
 	threadExist := false