From 61ee247b5ad4fc035363330a0af2708a869daf86 Mon Sep 17 00:00:00 2001
From: Jose Donizetti <jdbjunior@gmail.com>
Date: Wed, 14 Jun 2023 20:17:05 -0300
Subject: [PATCH] tracee: skip golang plugin for static binaries

---
 pkg/signatures/signature/signature.go | 30 +++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/pkg/signatures/signature/signature.go b/pkg/signatures/signature/signature.go
index b8dda42a763..171aa749e90 100644
--- a/pkg/signatures/signature/signature.go
+++ b/pkg/signatures/signature/signature.go
@@ -2,6 +2,7 @@ package signature
 
 import (
 	"bytes"
+	"debug/elf"
 	"fmt"
 	"io/fs"
 	"os"
@@ -58,6 +59,11 @@ func Find(target string, partialEval bool, signaturesDir string, signatures []st
 func findGoSigs(dir string) ([]detect.Signature, error) {
 	var res []detect.Signature
 
+	if isBinaryStatic() {
+		logger.Warnw("The tracee static can't load golang signatures. Skipping ...")
+		return res, nil
+	}
+
 	errWD := filepath.WalkDir(dir,
 		func(path string, d fs.DirEntry, err error) error {
 			if err != nil {
@@ -188,3 +194,27 @@ func isRegoFile(name string) bool {
 func isHelper(name string) bool {
 	return strings.HasSuffix(name, "helpers.rego")
 }
+
+func isBinaryStatic() bool {
+	exePath, err := os.Executable()
+	if err != nil {
+		logger.Errorw("Error getting tracee executable path", "error", err)
+		return false
+	}
+
+	loadedObject, err := elf.Open(exePath)
+	if err != nil {
+		logger.Errorw("Error opening tracee executable", "error", err)
+		return false
+	}
+
+	defer func() {
+		if err = loadedObject.Close(); err != nil {
+			logger.Errorw("Error closing file", "error", err)
+		}
+	}()
+
+	_, err = loadedObject.DynamicSymbols()
+
+	return err != nil
+}