signatures: use helpers to get addr argument details

roikol · rafaeldtinoco · commit 6a0f8a370146 · 2022-10-20T22:55:13.000-03:00
diff --git a/signatures/golang/docker_abuse.go b/signatures/golang/docker_abuse.go
@@ -79,17 +79,17 @@ func (sig *DockerAbuse) OnEvent(event protocol.Event) error {
 			return err
 		}
 
-		family, familyExists := addr["sa_family"]
-		if !familyExists {
-			return nil
+		supportedFamily, err := helpers.IsUnixFamily(addr)
+		if err != nil {
+			return err
 		}
-		if family != "AF_UNIX" {
+		if !supportedFamily {
 			return nil
 		}
 
-		sunPath, sunPathExists := addr["sun_path"]
-		if !sunPathExists {
-			return nil
+		sunPath, err := helpers.GetPathFromRawAddr(addr)
+		if err != nil {
+			return err
 		}
 
 		path = sunPath
diff --git a/signatures/golang/kubernetes_api_connection.go b/signatures/golang/kubernetes_api_connection.go
@@ -76,12 +76,21 @@ func (sig *K8sApiConnection) OnEvent(event protocol.Event) error {
 			return nil
 		}
 
-		remoteAddrArg, err := helpers.GetTraceeArgumentByName(eventObj, "remote_addr")
+		remoteAddr, err := helpers.GetRawAddrArgumentByName(eventObj, "remote_addr")
 		if err != nil {
 			return err
 		}
-		ip, err := getIPFromAddr(remoteAddrArg)
-		if err != nil || ip == "" {
+
+		supportedFamily, err := helpers.IsInternetFamily(remoteAddr)
+		if err != nil {
+			return err
+		}
+		if !supportedFamily {
+			return nil
+		}
+
+		ip, err := helpers.GetIPFromRawAddr(remoteAddr)
+		if err != nil {
 			return err
 		}
 
@@ -114,19 +123,3 @@ func getApiAddressFromEnvs(envs []string) string {
 	}
 	return ""
 }
-
-func getIPFromAddr(addrArg trace.Argument) (string, error) {
-
-	addr, isOk := addrArg.Value.(map[string]string)
-	if !isOk {
-		return "", fmt.Errorf("couldn't convert arg to addr")
-	}
-
-	if addr["sa_family"] == "AF_INET" {
-		return addr["sin_addr"], nil
-	} else if addr["sa_family"] == "AF_INET6" {
-		return addr["sin6_addr"], nil
-	}
-
-	return "", nil
-}
diff --git a/signatures/helpers/helpers.go b/signatures/helpers/helpers.go
@@ -1,6 +1,7 @@
 package helpers
 
 import (
+	"fmt"
 	"strings"
 )
 
@@ -44,3 +45,131 @@ func IsElf(bytesArray []byte) bool {
 
 	return false
 }
+
+func GetFamilyFromRawAddr(addr map[string]string) (string, error) {
+
+	family, exists := addr["sa_family"]
+	if !exists {
+		return "", fmt.Errorf("family not found in address")
+	}
+
+	return family, nil
+}
+
+func IsInternetFamily(addr map[string]string) (bool, error) {
+
+	family, err := GetFamilyFromRawAddr(addr)
+	if err != nil {
+		return false, err
+	}
+
+	if family == "AF_INET" || family == "AF_INET6" {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+func IsUnixFamily(addr map[string]string) (bool, error) {
+
+	family, err := GetFamilyFromRawAddr(addr)
+	if err != nil {
+		return false, err
+	}
+
+	if family == "AF_UNIX" {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+func GetIPFromRawAddr(addr map[string]string) (string, error) {
+
+	family, err := GetFamilyFromRawAddr(addr)
+	if err != nil {
+		return "", err
+	}
+
+	ip := ""
+	var exists bool
+
+	switch family {
+
+	case "AF_INET":
+		ip, exists = addr["sin_addr"]
+		if !exists {
+			return "", fmt.Errorf("ip not found in address")
+		}
+
+	case "AF_INET6":
+		ip, exists = addr["sin6_addr"]
+		if !exists {
+			return "", fmt.Errorf("ip not found in address")
+		}
+
+	default:
+		return "", fmt.Errorf("address family not supported")
+
+	}
+
+	return ip, nil
+}
+
+func GetPortFromRawAddr(addr map[string]string) (string, error) {
+
+	family, err := GetFamilyFromRawAddr(addr)
+	if err != nil {
+		return "", err
+	}
+
+	port := ""
+	var exists bool
+
+	switch family {
+
+	case "AF_INET":
+		port, exists = addr["sin_port"]
+		if !exists {
+			return "", fmt.Errorf("port not found in address")
+		}
+
+	case "AF_INET6":
+		port, exists = addr["sin6_port"]
+		if !exists {
+			return "", fmt.Errorf("port not found in address")
+		}
+
+	default:
+		return "", fmt.Errorf("address family not supported")
+
+	}
+
+	return port, nil
+}
+
+func GetPathFromRawAddr(addr map[string]string) (string, error) {
+
+	family, err := GetFamilyFromRawAddr(addr)
+	if err != nil {
+		return "", err
+	}
+
+	path := ""
+	var exists bool
+
+	switch family {
+
+	case "AF_UNIX":
+		path, exists = addr["sun_path"]
+		if !exists {
+			return "", fmt.Errorf("path not found in address")
+		}
+
+	default:
+		return "", fmt.Errorf("address family not supported")
+
+	}
+
+	return path, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -79,17 +79,17 @@ func (sig *DockerAbuse) OnEvent(event protocol.Event) error {`
`79`	`79`	`return err`
`80`	`80`	`}`
`81`	`81`
`82`		`- family, familyExists := addr["sa_family"]`
`83`		`- if !familyExists {`
`84`		`- return nil`
	`82`	`+ supportedFamily, err := helpers.IsUnixFamily(addr)`
	`83`	`+ if err != nil {`
	`84`	`+ return err`
`85`	`85`	`}`
`86`		`- if family != "AF_UNIX" {`
	`86`	`+ if !supportedFamily {`
`87`	`87`	`return nil`
`88`	`88`	`}`
`89`	`89`
`90`		`- sunPath, sunPathExists := addr["sun_path"]`
`91`		`- if !sunPathExists {`
`92`		`- return nil`
	`90`	`+ sunPath, err := helpers.GetPathFromRawAddr(addr)`
	`91`	`+ if err != nil {`
	`92`	`+ return err`
`93`	`93`	`}`
`94`	`94`
`95`	`95`	`path = sunPath`