From 60d4176e532e5e1ad2021d2d82207cb82493add1 Mon Sep 17 00:00:00 2001 From: Raphael Campos Date: Mon, 23 Sep 2024 11:31:32 -0300 Subject: [PATCH] Revert "perf: benchmark improve sig GetMetadata" This reverts commit 330a34e7c4e8f05e5f090718f48d43f3a47fa974. --- pkg/signatures/benchmark/benchmark_test.go | 53 -------- pkg/signatures/benchmark/helpers_test.go | 20 --- .../signature/golang/performance_static.go | 123 ------------------ 3 files changed, 196 deletions(-) delete mode 100644 pkg/signatures/benchmark/signature/golang/performance_static.go diff --git a/pkg/signatures/benchmark/benchmark_test.go b/pkg/signatures/benchmark/benchmark_test.go index 506c908bf5d7..43b11aa685c7 100644 --- a/pkg/signatures/benchmark/benchmark_test.go +++ b/pkg/signatures/benchmark/benchmark_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/require" - "github.com/aquasecurity/tracee/pkg/events" "github.com/aquasecurity/tracee/pkg/signatures/benchmark/signature/golang" "github.com/aquasecurity/tracee/pkg/signatures/benchmark/signature/rego" "github.com/aquasecurity/tracee/pkg/signatures/engine" @@ -231,58 +230,6 @@ func BenchmarkEngineWithNSignatures(b *testing.B) { } } -func BenchmarkEngineMultipleMethodsGetMetadata(b *testing.B) { - benches := []struct { - name string - sigFuncs []func() (detect.Signature, error) - Enabled bool - }{ - { - name: "Performance sig GetMetadata() - static", - sigFuncs: []func() (detect.Signature, error){golang.NewPerformanceStatic}, - }, - } - - for _, bc := range benches { - b.Run(bc.name, func(b *testing.B) { - var sigs []detect.Signature - for _, sig := range bc.sigFuncs { - s, _ := sig() - sigs = append(sigs, s) - } - - for i := 0; i < b.N; i++ { - // Produce events without timing it - b.StopTimer() - inputs := ProduceEventsInMemory(inputEventsCount) - output := make(chan *detect.Finding, inputEventsCount*len(sigs)) - - config := engine.Config{ - Signatures: sigs, - Enabled: true, - SigNameToEventID: allocateEventIdsForSigs(events.StartSignatureID, sigs), - ShouldDispatchEvent: func(int32) bool { return true }, - } - - e, err := engine.NewEngine(config, inputs, output) - require.NoError(b, err, "constructing engine") - - err = e.Init() - require.NoError(b, err, "initializing engine") - b.StartTimer() - - // Start signatures engine and wait until all events are processed - e.Start(waitForEventsProcessed(inputs.Tracee)) - - b.StopTimer() - - // Set engine to nil to help with garbage collection - e = nil - runtime.GC() - } - }) - } -} func waitForEventsProcessed(eventsCh chan protocol.Event) context.Context { ctx, cancel := context.WithCancel(context.Background()) go func() { diff --git a/pkg/signatures/benchmark/helpers_test.go b/pkg/signatures/benchmark/helpers_test.go index 0afb9705b848..2f2c81cc8d36 100644 --- a/pkg/signatures/benchmark/helpers_test.go +++ b/pkg/signatures/benchmark/helpers_test.go @@ -4,10 +4,7 @@ import ( _ "embed" "math/rand" - "github.com/aquasecurity/tracee/pkg/events" - "github.com/aquasecurity/tracee/pkg/logger" "github.com/aquasecurity/tracee/pkg/signatures/engine" - "github.com/aquasecurity/tracee/types/detect" "github.com/aquasecurity/tracee/types/protocol" "github.com/aquasecurity/tracee/types/trace" ) @@ -174,20 +171,3 @@ func ProduceEventsInMemoryRandom(n int, seed ...trace.Event) engine.EventSources Tracee: eventsCh, } } - -func allocateEventIdsForSigs(startId events.ID, sigs []detect.Signature) map[string]int32 { - namesToIds := make(map[string]int32) - newEventDefID := startId - // First allocate event IDs to all signatures - for _, s := range sigs { - m, err := s.GetMetadata() - if err != nil { - logger.Warnw("Failed to allocate id for signature", "error", err) - continue - } - - namesToIds[m.EventName] = int32(newEventDefID) - newEventDefID++ - } - return namesToIds -} diff --git a/pkg/signatures/benchmark/signature/golang/performance_static.go b/pkg/signatures/benchmark/signature/golang/performance_static.go deleted file mode 100644 index 6554d416f7e5..000000000000 --- a/pkg/signatures/benchmark/signature/golang/performance_static.go +++ /dev/null @@ -1,123 +0,0 @@ -package golang - -import ( - "fmt" - "regexp" - - "github.com/aquasecurity/tracee/signatures/helpers" - "github.com/aquasecurity/tracee/types/detect" - "github.com/aquasecurity/tracee/types/protocol" - "github.com/aquasecurity/tracee/types/trace" -) - -type performanceStatic struct { - processMemFileRegexp *regexp.Regexp - cb detect.SignatureHandler -} - -var performanceStaticRegexp = regexp.MustCompile(`^/proc/(?:\d+|self)/mem$`) - -var performanceStaticMetadata = detect.SignatureMetadata{ - Name: "Code injection", - EventName: "test_event_name", - Description: "Possible process injection detected during runtime", - Tags: []string{"linux", "container"}, - Properties: map[string]interface{}{ - "Severity": 3, - "MITRE ATT&CK": "Defense Evasion: Process Injection", - }, -} - -func NewPerformanceStatic() (detect.Signature, error) { - return &performanceStatic{ - processMemFileRegexp: performanceStaticRegexp, - }, nil -} - -func (sig *performanceStatic) Init(ctx detect.SignatureContext) error { - sig.cb = ctx.Callback - - return nil -} - -func (sig *performanceStatic) GetMetadata() (detect.SignatureMetadata, error) { - return performanceStaticMetadata, nil -} - -func (sig *performanceStatic) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { - return []detect.SignatureEventSelector{ - {Source: "tracee", Name: "ptrace"}, - {Source: "tracee", Name: "open"}, - {Source: "tracee", Name: "openat"}, - {Source: "tracee", Name: "execve"}, - }, nil -} - -func (sig *performanceStatic) OnEvent(event protocol.Event) error { - // event example: - // { "eventName": "ptrace", "args": [{"name": "request", "value": "PTRACE_POKETEXT" }]} - // { "eventName": "open", "args": [{"name": "flags", "value": "o_wronly" }, {"name": "pathname", "value": "/proc/self/mem" }]} - // { "eventName": "execve" args": [{"name": "envp", "value": ["FOO=BAR", "LD_PRELOAD=/something"] }, {"name": "argv", "value": ["ls"] }]} - ee, ok := event.Payload.(trace.Event) - - if !ok { - return fmt.Errorf("failed to cast event's payload") - } - switch ee.EventName { - case "open", "openat": - flags, err := helpers.GetTraceeArgumentByName(ee, "flags", helpers.GetArgOps{DefaultArgs: false}) - if err != nil { - return fmt.Errorf("%v %#v", err, ee) - } - if helpers.IsFileWrite(flags.Value.(string)) { - pathname, err := helpers.GetTraceeArgumentByName(ee, "pathname", helpers.GetArgOps{DefaultArgs: false}) - if err != nil { - return err - } - if sig.processMemFileRegexp.MatchString(pathname.Value.(string)) { - metadata, err := sig.GetMetadata() - if err != nil { - return err - } - sig.cb(&detect.Finding{ - SigMetadata: metadata, - Event: event, - Data: map[string]interface{}{ - "file flags": flags, - "file path": pathname.Value.(string), - }, - }) - } - } - case "ptrace": - request, err := helpers.GetTraceeArgumentByName(ee, "request", helpers.GetArgOps{DefaultArgs: false}) - if err != nil { - return err - } - - requestString, ok := request.Value.(string) - if !ok { - return fmt.Errorf("failed to cast request's value") - } - - if requestString == "PTRACE_POKETEXT" || requestString == "PTRACE_POKEDATA" { - metadata, err := sig.GetMetadata() - if err != nil { - return err - } - sig.cb(&detect.Finding{ - SigMetadata: metadata, - Event: event, - Data: map[string]interface{}{ - "ptrace request": requestString, - }, - }) - } - } - return nil -} - -func (sig *performanceStatic) OnSignal(s detect.Signal) error { - return nil -} -func (sig *performanceStatic) Close() {}