Skip to content

Commit

Permalink
Fix more process attributes without namespace (#1363)
Browse files Browse the repository at this point in the history
Co-authored-by: Josh Suereth <[email protected]>
  • Loading branch information
lmolkova and jsuereth authored Aug 28, 2024
1 parent 46d9eac commit 5eb37f7
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 15 deletions.
10 changes: 5 additions & 5 deletions docs/attributes-registry/process.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,17 @@ An operating system process.
| `process.saved_user.id` | int | The saved user ID (SUID) of the process. | `1002` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.saved_user.name` | string | The username of the saved user. | `operator` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.session_leader.pid` | int | The PID of the process's session leader. This is also the session ID (SID) of the process. | `14` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.title` | string | Process title (proctitle) [2] | `cat /etc/hostname`; `xfce4-session`; `bash` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.user.id` | int | The effective user ID (EUID) of the process. | `1001` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.user.name` | string | The username of the effective user of the process. | `root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.vpid` | int | Virtual process identifier. [2] | `12` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `title` | string | Process title (proctitle) [3] | `cat /etc/hostname`; `xfce4-session`; `bash` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `working_directory` | string | The working directory of the process. | `/root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.vpid` | int | Virtual process identifier. [3] | `12` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.working_directory` | string | The working directory of the process. | `/root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |

**[1]:** This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.

**[2]:** The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.
**[2]:** In many Unix-like systems, process title (proctitle), is the string that represents the name or command line of a running process, displayed by system monitoring tools like ps, top, and htop.

**[3]:** In many Unix-like systems, process title (proctitle), is the string that represents the name or command line of a running process, displayed by system monitoring tools like ps, top, and htop.
**[3]:** The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.

`process.context_switch_type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Expand Down
4 changes: 2 additions & 2 deletions model/registry/process.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ groups:
An additional description about the runtime of the process, for example
a specific vendor customization of the runtime environment.
examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
- id: title
- id: process.title
type: string
stability: experimental
brief: >
Expand Down Expand Up @@ -192,7 +192,7 @@ groups:
stability: experimental
brief: >
Whether the process is connected to an interactive shell.
- id: working_directory
- id: process.working_directory
type: string
stability: experimental
brief: >
Expand Down
16 changes: 16 additions & 0 deletions policies/yaml_schema.rego
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,20 @@ deny[yaml_schema_violation(description, group.id, name)] {
description := sprintf("Attribute name '%s' is invalid. Attribute name %s", [name, invalid_name_helper])
}

# checks attribute name has a namespace
deny[yaml_schema_violation(description, group.id, name)] {
group := input.groups[_]
attr := group.attributes[_]
name := attr.id

# some deprecated attributes have no namespace and need to be ignored
not attr.deprecated
not regex.match(has_namespace_regex, name)

description := sprintf("Attribute name '%s' should have a namespace. Attribute name %s", [name, invalid_name_helper])
}


# checks metric name format
deny[yaml_schema_violation(description, group.id, name)] {
group := input.groups[_]
Expand Down Expand Up @@ -71,4 +85,6 @@ yaml_schema_violation(description, group, attr) = violation {
# valid: 'foo.bar', 'foo.1bar', 'foo.1_bar'
name_regex := "^[a-z][a-z0-9]*([._][a-z0-9]+)*$"

has_namespace_regex := "^[a-z0-9_]+\\.([a-z0-9._]+)+$"

invalid_name_helper := "must consist of lowercase alphanumeric characters separated by '_' and '.'"
14 changes: 9 additions & 5 deletions policies/yaml_schema_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,23 @@ import future.keywords

test_fails_on_invalid_attribute_name if {
every name in invalid_names {
count(deny) == 1 with input as {"groups": create_attribute_group(name)}
count(deny) >= 1 with input as {"groups": create_attribute_group(name)}
}
}

test_fails_on_attribute_name_without_namespace if {
count(deny) >= 1 with input as {"groups": create_attribute_group("foo")}
}

test_fails_on_invalid_metric_name if {
every name in invalid_names {
count(deny) == 1 with input as {"groups": create_metric(name)}
count(deny) >= 1 with input as {"groups": create_metric(name)}
}
}

test_fails_on_invalid_event_name if {
every name in invalid_names {
count(deny) == 1 with input as {"groups": create_event(name)}
count(deny) >= 1 with input as {"groups": create_event(name)}
}
}

Expand Down Expand Up @@ -52,9 +56,9 @@ invalid_names := [
"foo.bar.",
"foo..bar",
"foo._bar",
"foo__bar",
"foo.bar__baz",
"foo_.bar",
"foo,bar",
"foo.bar,baz",
"fü.bär",
]

Expand Down
6 changes: 3 additions & 3 deletions policies_test/registry_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ test_registry_attribute_groups if {

test_attribute_ids if {
# This requires a prefix for use with opa, but weaver will fill in.
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "not_registry", "prefix": "", "attributes": [{"id": "foo"}]}]}
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "not_registry", "prefix": "", "attributes": [{"id": "foo.bar"}]}]}
count(before_resolution.deny) == 0 with input as {"groups": [
{"id": "registry.test", "prefix": "", "attributes": [{"id": "foo"}]},
{"id": "not_registry", "prefix": "", "attributes": [{"ref": "foo"}]},
{"id": "registry.test", "prefix": "", "attributes": [{"id": "foo.bar"}]},
{"id": "not_registry", "prefix": "", "attributes": [{"ref": "foo.bar"}]},
]}
}

Expand Down

0 comments on commit 5eb37f7

Please sign in to comment.