-
Notifications
You must be signed in to change notification settings - Fork 728
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Event scope escape #733
Event scope escape #733
Changes from 8 commits
eb6cd0b
87f73e4
9e44c75
e340987
e52604c
59489f9
ceb8cbc
e909ae7
87e5bfd
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,6 +20,111 @@ along with sysdig. If not, see <http://www.gnu.org/licenses/>. | |
#include "sinsp_int.h" | ||
#include "user_event.h" | ||
|
||
// | ||
// event_scope | ||
// | ||
|
||
const std::string event_scope::SCOPE_OP_AND = "and"; | ||
|
||
// these string lists contain reserved strings; some of the reserved | ||
// strings are escaped and mandatory to be first in RESERVED_STRINGS | ||
// and have their escaped counterparts in the REPLACEMENT_STRINGS, | ||
// in the same order as they appear in RESERVED_STRINGS | ||
const event_scope::string_list_t event_scope::RESERVED_STRINGS = | ||
{"'"}; | ||
const event_scope::string_list_t event_scope::REPLACEMENT_STRINGS = | ||
{"\\'"}; | ||
|
||
event_scope::event_scope(const std::string& key, const std::string& value) | ||
{ | ||
add(key, value, ""); | ||
} | ||
|
||
bool event_scope::add(const std::string& key, const std::string& value, const std::string& op) | ||
{ | ||
if(check(key)) | ||
{ | ||
std::string k(key); | ||
std::string o(!m_scope.empty() ? op : ""); | ||
std::string v(value); | ||
replace(v); | ||
if(!v.empty()) | ||
{ | ||
if(!o.empty()) | ||
{ | ||
m_scope.append(1, ' ').append(trim(o)).append(1, ' '); | ||
} | ||
m_scope.append(trim(k)).append("='").append(trim(v)).append(1, 0x27); | ||
return true; | ||
} | ||
} | ||
else | ||
{ | ||
g_logger.log("Scope key is invalid: [" + key + "], entry will not be added to scope.", | ||
sinsp_logger::SEV_WARNING); | ||
} | ||
return false; | ||
} | ||
|
||
string& event_scope::replace(std::string& value) | ||
{ | ||
ASSERT(RESERVED_STRINGS.size() == REPLACEMENT_STRINGS.size()); | ||
|
||
string_list_t::const_iterator res_it = RESERVED_STRINGS.cbegin(); | ||
string_list_t::const_iterator res_end = RESERVED_STRINGS.cend(); | ||
string_list_t::const_iterator rep_it = REPLACEMENT_STRINGS.cbegin(); | ||
string_list_t::const_iterator rep_end = REPLACEMENT_STRINGS.cend(); | ||
for(; res_it != res_end && rep_it != rep_end; ++res_it, ++rep_it) | ||
{ | ||
replace_in_place(value, *res_it, *rep_it); | ||
} | ||
|
||
return value; | ||
} | ||
|
||
void event_scope::regex_error(const std::string& call, size_t ret, regex_t* preg, const std::string& str) | ||
{ | ||
if(!preg) { return; } | ||
char errbuf[256] = {0}; | ||
if(regerror(ret, preg, errbuf, 256)) | ||
{ | ||
g_logger.log(call + "() error: " + errbuf, sinsp_logger::SEV_WARNING); | ||
} | ||
else | ||
{ | ||
g_logger.log("Can't obtain " + call + "() [" + str + "] error.", sinsp_logger::SEV_WARNING); | ||
} | ||
} | ||
|
||
bool event_scope::check(const std::string& scope) | ||
{ | ||
if(scope.empty()) { return false; } | ||
bool result = false; | ||
std::string exp("[a-zA-Z0-9_/\\.-]*"); | ||
regex_t reg = {0}; | ||
size_t ret = regcomp(®, exp.c_str(), REG_EXTENDED); | ||
if(0 == ret) | ||
{ | ||
regmatch_t rm = {0}; | ||
ret = regexec(®, scope.c_str(), 1, &rm, 0); | ||
if(0 == ret) | ||
{ | ||
if((rm.rm_eo - rm.rm_so) == static_cast<regoff_t>(scope.length())) | ||
{ | ||
result = true; | ||
} | ||
} | ||
else { regex_error("regexec", ret, ®, scope); } | ||
} | ||
else { regex_error("regcomp", ret, ®, exp); } | ||
regfree(®); | ||
return result; | ||
} | ||
|
||
|
||
// | ||
// user_event_meta_t | ||
// | ||
const std::string user_event_meta_t::PERMIT_ALL = "all"; | ||
|
||
user_event_meta_t::user_event_meta_t(const std::string& kind, const type_list_t& types): | ||
|
@@ -266,18 +371,19 @@ sinsp_user_event& sinsp_user_event::operator=(sinsp_user_event&& other) | |
std::string sinsp_user_event::to_string(uint64_t timestamp, | ||
std::string&& name, | ||
std::string&& description, | ||
std::string&& scope, | ||
event_scope&& scope, | ||
tag_map_t&& tags, | ||
uint32_t sev) | ||
{ | ||
const std::string from("\""); | ||
const std::string to("\\\""); | ||
|
||
std::string s(scope.get()); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This breaks the move optimization by requiring a copy from scope to the local string, but you can avoid the copy by changing get() to return an rvalue reference of event_scope::m_scope. The rvalue reference version could also use a scarier name than get() so it's clear it's moving the string. |
||
std::ostringstream ostr; | ||
ostr << "timestamp: " << timestamp << '\n' << | ||
"name: \"" << replace_in_place(name, from, to) << "\"\n" | ||
"description: \"" << replace_in_place(description, from, to) << "\"\n" | ||
"scope: \"" << replace_in_place(scope, from, to) << "\"\n"; | ||
"scope: \"" << replace_in_place(s, from, to) << "\"\n"; | ||
|
||
if(sev != UNKNOWN_SEVERITY) | ||
{ | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,7 +12,7 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of | |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
|
||
You should have received a copy of the GNU General Public License | ||
You should have received a copy of the GNU General Public L nameicense | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fix the license notice, looks like an accidental search/replace |
||
along with sysdig. If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
|
@@ -24,6 +24,54 @@ along with sysdig. If not, see <http://www.gnu.org/licenses/>. | |
#include <string> | ||
#include <set> | ||
#include <unordered_map> | ||
#include <regex.h> | ||
|
||
// | ||
// scope utilities | ||
// | ||
class event_scope | ||
{ | ||
public: | ||
typedef std::vector<std::string> string_list_t; | ||
|
||
static const std::string SCOPE_OP_AND; | ||
static const string_list_t RESERVED_STRINGS; | ||
static const string_list_t REPLACEMENT_STRINGS; | ||
|
||
event_scope(const std::string& key = "", const std::string& value = ""); | ||
|
||
bool add(const std::string& key, const std::string& value, const std::string& op = SCOPE_OP_AND); | ||
|
||
std::string get(); | ||
|
||
void clear(); | ||
|
||
// utility function to check that scope entry is valid; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is out of date, please update it. Also, the name is vague. How about check_key_format()? |
||
// valid entries can not contain characters from RESERVED_STRINGS | ||
// which are not present in REPLACEMENT_STRINGS | ||
static bool check(const std::string& scope); | ||
|
||
private: | ||
|
||
// utility function to replace RESERVED_STRINGS with their | ||
// counterparts in REPLACEMENT_STRINGS | ||
static string& replace(std::string& scope); | ||
|
||
static void regex_error(const std::string& call, size_t ret, regex_t* preg, const std::string& str); | ||
|
||
std::string m_scope; | ||
}; | ||
|
||
inline std::string event_scope::get() | ||
{ | ||
return m_scope; | ||
} | ||
|
||
inline void event_scope::clear() | ||
{ | ||
m_scope.clear(); | ||
} | ||
|
||
|
||
// | ||
// user-configured event meta | ||
|
@@ -207,7 +255,7 @@ class sinsp_user_event | |
static std::string to_string(uint64_t timestamp, | ||
std::string&& name, | ||
std::string&& description, | ||
std::string&& scope, | ||
event_scope&& scope, | ||
tag_map_t&& tags, | ||
uint32_t sev = UNKNOWN_SEVERITY); | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Key can't contain
'
, it should be in[a-zA-Z\.]
format.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not allowing digits?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes allow digits as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
slash, dash,...?
![image](https://cloud.githubusercontent.com/assets/2429093/22560649/01b02ae4-e93b-11e6-8a6f-952548df7555.png)
eg:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
59489f9