github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

sync code

Browse Source
This commit is contained in:
Ned Wright
2024-12-29 12:47:25 +00:00
parent 64ebf013eb
commit 108abdb35e
6 changed files with 492 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/env_details/CMakeLists.txt Normal file
View File

@@ -0,0 +1 @@
add_library(env_details env_details.cc)

105
core/env_details/env_details.cc Normal file
View File

@@ -0,0 +1,105 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "env_details.h"
#include "config.h"
#include "debug.h"
#include <sys/stat.h>
using namespace std;
USE_DEBUG_FLAG(D_LOCAL_POLICY);
static const string k8s_service_account = "/var/run/secrets/kubernetes.io/serviceaccount";
static bool
checkExistence(const string &path, bool is_dir)
{
try {
struct stat info;
if (stat(path.c_str(), &info) != 0) return false;
int flag = is_dir ? S_IFDIR : S_IFREG;
return info.st_mode & flag;
} catch (exception &e) {
return false;
}
}
// LCOV_EXCL_START Reason: can't use on the pipline environment
EnvDetails::EnvDetails() : Component("EnvDetails")
{
if (doesFileExist("/.dockerenv")) env_type = EnvType::DOCKER;
token = retrieveToken();
agent_namespace = retrieveNamespace();
if (!token.empty()) {
auto env_res = getenv("deployment_type");
env_type = env_res != nullptr && env_res == string("non_crd_k8s") ? EnvType::NON_CRD_K8S : EnvType::K8S;
}
}
EnvType
EnvDetails::getEnvType()
{
return env_type;
}
string
EnvDetails::getToken()
{
return token;
}
string
EnvDetails::getNameSpace()
{
return agent_namespace;
}
string
EnvDetails::retrieveToken()
{
return readFileContent(k8s_service_account + "/token");
}
string
EnvDetails::retrieveNamespace()
{
return readFileContent(k8s_service_account + "/namespace");
}
string
EnvDetails::readFileContent(const string &file_path)
{
try {
ifstream file(file_path);
stringstream buffer;
buffer << file.rdbuf();
return buffer.str();
} catch (ifstream::failure &f) {
dbgWarning(D_LOCAL_POLICY)
<< "Cannot read the file"
<< " File: " << file_path
<< " Error: " << f.what();
return "";
}
}
bool
EnvDetails::doesFileExist(const string &file_path) const
{
return checkExistence(file_path, false);
}
// LCOV_EXCL_STOP

49
core/include/services_sdk/resources/env_details.h Normal file
View File

@@ -0,0 +1,49 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __ENV_DETAILS_H__
#define __ENV_DETAILS_H__
#include <string>
#include <fstream>
#include <streambuf>
#include "i_env_details.h"
#include "singleton.h"
#include "debug.h"
#include "component.h"
class EnvDetails
:
public Component,
Singleton::Provide<I_EnvDetails>::SelfInterface
{
public:
EnvDetails();
virtual EnvType getEnvType() override;
virtual std::string getToken() override;
virtual std::string getNameSpace() override;
private:
std::string retrieveToken();
std::string retrieveNamespace();
std::string readFileContent(const std::string &file_path);
bool doesFileExist(const std::string &file_path) const;
std::string token;
std::string agent_namespace;
EnvType env_type = EnvType::LINUX;
};
#endif // __ENV_DETAILS_H__

131
core/logging/log_connector.cc Executable file
View File

@@ -0,0 +1,131 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "log_streams.h"
void
LogStreamConnector::maintainConnection()
{
dbgTrace(D_REPORT)
<< "Check if the connection is alive:"
<< (socket.ok() ? " socket ok" : " socket not ok")
<< (did_write_fail_in_this_window ? " previous write failed" : " previous write succeeded");
if (!socket.ok() || did_write_fail_in_this_window) {
dbgTrace(D_REPORT)
<< (socket.ok() ? "" : "The current socket is not ok, trying to connect.");
connect();
did_write_fail_in_this_window = false;
if (!socket.ok()) {
dbgWarning(D_REPORT) << "Failed to connect to the server, logs will not be sent";
return;
}
}
}
void
LogStreamConnector::addLogToQueue(const std::vector<char> &data)
{
if (logs_in_queue.size() < max_data_in_queue) {
dbgTrace(D_REPORT)
<< "Adding log to queue, Amount of logs in queue: "
<< logs_in_queue.size();
logs_in_queue.push_back(data);
} else {
dbgWarning(D_REPORT) << "Queue is full, dropping log";
}
}
void
LogStreamConnector::writeFail()
{
if (!socket.ok()) {
dbgTrace(D_REPORT) << "Socket is not ok, stopping the connect after write failure";
return;
}
dbgTrace(D_REPORT) << (did_write_fail_in_this_window ? "Previous write failed" : "Previous write succeeded");
if (!did_write_fail_in_this_window) {
dbgTrace(D_REPORT)
<< "First time in window that write failed, trying to reconnect to server";
connect();
}
did_write_fail_in_this_window = true;
}
bool
LogStreamConnector::basicWriteLog(const std::vector<char> &data)
{
for (size_t tries = 0; tries < 3; tries++) {
if (socket.ok() && i_socket->writeData(socket.unpack(), data)) {
dbgTrace(D_REPORT) << "log was sent to server";
return true;
} else {
dbgTrace(D_REPORT) << "Failed to send log to server";
writeFail();
}
}
return false;
}
void
LogStreamConnector::sendLogWithQueue(const std::vector<char> &data)
{
if (!socket.ok()) {
dbgTrace(D_REPORT)
<< "Socket not ok. Size of logs in queue: "
<< logs_in_queue.size()
<< ". Adding logs to the queue until the connection is established.";
addLogToQueue(data);
return;
}
if (logs_in_queue.empty() && basicWriteLog(data)) return;
addLogToQueue(data);
int write_iterations = 0;
while (write_iterations < max_logs_per_send && !logs_in_queue.empty()) {
dbgTrace(D_REPORT)
<< " Iteration: "
<< write_iterations
<< " to try and write a log from queue to server"
<< log_name;
int i = 0;
bool write_success = false;
while (
socket.ok() &&
(i < 3) &&
!(write_success = i_socket->writeData(socket.unpack(), logs_in_queue.front()))) {
i++;
}
if (write_success) {
dbgTrace(D_REPORT) << "log was written to " << log_name << " server";
logs_in_queue.erase(logs_in_queue.begin());
write_iterations++;
} else {
dbgTrace(D_REPORT) << "Failed to send log to " << log_name << " server";
writeFail();
return;
}
}
}
void
LogStreamConnector::sendAllLogs()
{
dbgTrace(D_REPORT) << "Sending all logs from queue to server";
for(auto &log : logs_in_queue) {
basicWriteLog(log);
}
logs_in_queue.clear();
}