/
processes.go
78 lines (69 loc) · 2.17 KB
/
processes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/*
* Copyright 2019 New Relic Corporation. All rights reserved.
* SPDX-License-Identifier: Apache-2.0
*/
package discovery
import (
"fmt"
"strings"
"github.com/newrelic/nri-flex/internal/load"
"github.com/shirou/gopsutil/v3/net"
"github.com/shirou/gopsutil/v3/process"
"github.com/sirupsen/logrus"
)
// ProcessNetworkStat x
type ProcessNetworkStat struct {
Name string
Data string
}
// Processes loops through tcp connections and returns the corresponding process and connection information
func Processes() {
conns, err := net.Connections("tcp")
if err != nil {
load.Logrus.WithFields(logrus.Fields{
"err": err,
}).Error("discovery: processes unable to get tcp connections")
} else {
load.DiscoveredProcesses = map[string]string{}
for _, conn := range conns {
p, err := process.NewProcess(conn.Pid)
if err == nil {
running, _ := p.IsRunning()
if running {
name, err := p.Name()
if err != nil {
load.Logrus.WithFields(logrus.Fields{
"err": err,
}).Error("discovery: processes unable to get name")
}
cmd, err := p.Cmdline()
if err != nil {
load.Logrus.WithFields(logrus.Fields{
"err": err,
}).Error("discovery: processes unable to cmd line")
}
if checkBlacklistedProcess(name, cmd) {
continue
}
load.DiscoveredProcesses[fmt.Sprintf("%v", conn.Pid)] =
fmt.Sprintf(`{"name":"%v","cmd":"%v","localIP":"%v","localPort":"%v","remoteIP":"%v","remotePort":"%v"}`, name, cmd, conn.Laddr.IP, conn.Laddr.Port, conn.Raddr.IP, conn.Raddr.Port)
}
}
}
}
}
func checkBlacklistedProcess(name string, cmd string) bool {
blacklistedProcesses := []string{
"Chrome", "Visual Studio Code", "BlueJeans", "WhatsApp", "Insomnia", "Slack", "SpotifyWebHelper", "ZoomOpener",
"Dashlane", "docker.for.mac", "svchost", "lsass", "wininit", "spoolsv", "[System Process]"}
for _, blProcess := range blacklistedProcesses {
if caseInsensitiveContains(name, blProcess) || caseInsensitiveContains(cmd, blProcess) {
return true
}
}
return false
}
func caseInsensitiveContains(s, substr string) bool {
s, substr = strings.ToUpper(s), strings.ToUpper(substr)
return strings.Contains(s, substr)
}