From 7b32e95454315692499bdce79ea3dec6e0f10962 Mon Sep 17 00:00:00 2001 From: Raphael Campos Date: Fri, 20 Sep 2024 09:26:47 -0500 Subject: [PATCH] fix: clone sig metadata properties & bump - bump sig helpers --- go.mod | 4 +++- go.sum | 2 -- signatures/golang/anti_debugging_ptraceme.go | 2 +- signatures/golang/aslr_inspection.go | 2 +- signatures/golang/cgroup_notify_on_release_modification.go | 2 +- signatures/golang/cgroup_release_agent_modification.go | 2 +- signatures/golang/core_pattern_modification.go | 2 +- signatures/golang/default_loader_modification.go | 2 +- signatures/golang/disk_mount.go | 2 +- signatures/golang/docker_abuse.go | 2 +- signatures/golang/dropped_executable.go | 2 +- signatures/golang/dynamic_code_loading.go | 2 +- signatures/golang/fileless_execution.go | 2 +- signatures/golang/hidden_file_created.go | 2 +- signatures/golang/illegitimate_shell.go | 2 +- signatures/golang/k8s_service_account_token.go | 2 +- signatures/golang/kernel_module_loading.go | 2 +- signatures/golang/kubernetes_api_connection.go | 2 +- signatures/golang/kubernetes_certificate_theft_attempt.go | 2 +- signatures/golang/ld_preload.go | 2 +- signatures/golang/proc_fops_hooking.go | 2 +- signatures/golang/proc_kcore_read.go | 2 +- signatures/golang/proc_mem_access.go | 2 +- signatures/golang/proc_mem_code_injection.go | 2 +- signatures/golang/process_vm_write_code_injection.go | 2 +- signatures/golang/ptrace_code_injection.go | 2 +- signatures/golang/rcd_modification.go | 2 +- signatures/golang/sched_debug_recon.go | 2 +- signatures/golang/scheduled_task_modification.go | 2 +- signatures/golang/stdio_over_socket.go | 2 +- signatures/golang/sudoers_modification.go | 2 +- signatures/golang/syscall_table_hooking.go | 3 ++- signatures/golang/system_request_key_config_modification.go | 2 +- signatures/helpers/helpers.go | 6 ++++-- 34 files changed, 39 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index 3031defe94c5..bb46358ad403 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/aquasecurity/libbpfgo v0.7.0-libbpf-1.4.0.20240729111821-61d531acf4ca github.com/aquasecurity/tracee/api v0.0.0-20240905132323-d1eaeef6a19f - github.com/aquasecurity/tracee/signatures/helpers v0.0.0-20240607205742-90c301111aee + github.com/aquasecurity/tracee/signatures/helpers v0.0.0-20240920144223-9d62cbdd8935 github.com/aquasecurity/tracee/types v0.0.0-20240607205742-90c301111aee github.com/containerd/containerd v1.7.21 github.com/docker/docker v26.1.5+incompatible @@ -43,6 +43,8 @@ require ( sigs.k8s.io/controller-runtime v0.18.2 ) +replace github.com/aquasecurity/tracee/signatures/helpers => ./signatures/helpers/ + require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect diff --git a/go.sum b/go.sum index ad9ae14fe212..5d6c867af73f 100644 --- a/go.sum +++ b/go.sum @@ -408,8 +408,6 @@ github.com/aquasecurity/libbpfgo v0.7.0-libbpf-1.4.0.20240729111821-61d531acf4ca github.com/aquasecurity/libbpfgo v0.7.0-libbpf-1.4.0.20240729111821-61d531acf4ca/go.mod h1:UpO6kTehEgAGGKR2twztBxvzjTiLiV/cb2xmlYb+TfE= github.com/aquasecurity/tracee/api v0.0.0-20240905132323-d1eaeef6a19f h1:O4UmMQViaaP1wKL1eXe7C6VylwrUmUB5mYM+roqnUZg= github.com/aquasecurity/tracee/api v0.0.0-20240905132323-d1eaeef6a19f/go.mod h1:Gn6xVkaBkVe1pOQ0++uuHl+lMMClv0TPY8mCQ6j88aA= -github.com/aquasecurity/tracee/signatures/helpers v0.0.0-20240607205742-90c301111aee h1:1KJy6Z2bSpmKQVPShU7hhbXgGVOgMwvzf9rjoWMTYEg= -github.com/aquasecurity/tracee/signatures/helpers v0.0.0-20240607205742-90c301111aee/go.mod h1:SX08YRCsPFh8CvCvzkV8FSn1sqWAarNVEJq9RSZoF/8= github.com/aquasecurity/tracee/types v0.0.0-20240607205742-90c301111aee h1:PDQn0NcQnF/O8wX2zDak0TteAR89IMUTcCm1IwVmo0M= github.com/aquasecurity/tracee/types v0.0.0-20240607205742-90c301111aee/go.mod h1:Jwh9OOuiMHXDoGQY12N9ls5YB+j1FlRcXvFMvh1CmIU= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= diff --git a/signatures/golang/anti_debugging_ptraceme.go b/signatures/golang/anti_debugging_ptraceme.go index 46f07129dd05..18995fa7b6b3 100644 --- a/signatures/golang/anti_debugging_ptraceme.go +++ b/signatures/golang/anti_debugging_ptraceme.go @@ -37,7 +37,7 @@ func (sig *AntiDebuggingPtraceme) Init(ctx detect.SignatureContext) error { } func (sig *AntiDebuggingPtraceme) GetMetadata() (detect.SignatureMetadata, error) { - return antiDebuggingPtracemeMetada, nil + return helpers.CloneMetadataProperties(&antiDebuggingPtracemeMetada), nil } func (sig *AntiDebuggingPtraceme) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/aslr_inspection.go b/signatures/golang/aslr_inspection.go index 09339d5ae416..e59e13b83622 100644 --- a/signatures/golang/aslr_inspection.go +++ b/signatures/golang/aslr_inspection.go @@ -37,7 +37,7 @@ func (sig *AslrInspection) Init(ctx detect.SignatureContext) error { } func (sig *AslrInspection) GetMetadata() (detect.SignatureMetadata, error) { - return aslrInspectionMetadata, nil + return helpers.CloneMetadataProperties(&aslrInspectionMetadata), nil } func (sig *AslrInspection) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/cgroup_notify_on_release_modification.go b/signatures/golang/cgroup_notify_on_release_modification.go index ad209b44b0f3..90194d46fe29 100644 --- a/signatures/golang/cgroup_notify_on_release_modification.go +++ b/signatures/golang/cgroup_notify_on_release_modification.go @@ -38,7 +38,7 @@ func (sig *CgroupNotifyOnReleaseModification) Init(ctx detect.SignatureContext) } func (sig *CgroupNotifyOnReleaseModification) GetMetadata() (detect.SignatureMetadata, error) { - return cgroupNotifyOnReleaseModificationMetadata, nil + return helpers.CloneMetadataProperties(&cgroupNotifyOnReleaseModificationMetadata), nil } func (sig *CgroupNotifyOnReleaseModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/cgroup_release_agent_modification.go b/signatures/golang/cgroup_release_agent_modification.go index 655ab30ceed4..7e7e147b11f4 100644 --- a/signatures/golang/cgroup_release_agent_modification.go +++ b/signatures/golang/cgroup_release_agent_modification.go @@ -38,7 +38,7 @@ func (sig *CgroupReleaseAgentModification) Init(ctx detect.SignatureContext) err } func (sig *CgroupReleaseAgentModification) GetMetadata() (detect.SignatureMetadata, error) { - return cgroupReleaseAgentModificationMetadata, nil + return helpers.CloneMetadataProperties(&cgroupReleaseAgentModificationMetadata), nil } func (sig *CgroupReleaseAgentModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/core_pattern_modification.go b/signatures/golang/core_pattern_modification.go index a4d4e40908bc..584ee83adba3 100644 --- a/signatures/golang/core_pattern_modification.go +++ b/signatures/golang/core_pattern_modification.go @@ -38,7 +38,7 @@ func (sig *CorePatternModification) Init(ctx detect.SignatureContext) error { } func (sig *CorePatternModification) GetMetadata() (detect.SignatureMetadata, error) { - return corePatternModificationMetadata, nil + return helpers.CloneMetadataProperties(&corePatternModificationMetadata), nil } func (sig *CorePatternModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/default_loader_modification.go b/signatures/golang/default_loader_modification.go index dd1d054b006c..5f3d76df0cde 100644 --- a/signatures/golang/default_loader_modification.go +++ b/signatures/golang/default_loader_modification.go @@ -41,7 +41,7 @@ func (sig *DefaultLoaderModification) Init(ctx detect.SignatureContext) error { } func (sig *DefaultLoaderModification) GetMetadata() (detect.SignatureMetadata, error) { - return defaultLoaderModificationMetadata, nil + return helpers.CloneMetadataProperties(&defaultLoaderModificationMetadata), nil } func (sig *DefaultLoaderModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/disk_mount.go b/signatures/golang/disk_mount.go index f5ddf9f29ac9..20293d6e69cc 100644 --- a/signatures/golang/disk_mount.go +++ b/signatures/golang/disk_mount.go @@ -38,7 +38,7 @@ func (sig *DiskMount) Init(ctx detect.SignatureContext) error { } func (sig *DiskMount) GetMetadata() (detect.SignatureMetadata, error) { - return diskMountMetadata, nil + return helpers.CloneMetadataProperties(&diskMountMetadata), nil } func (sig *DiskMount) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/docker_abuse.go b/signatures/golang/docker_abuse.go index d1e82d0d78f8..54fe37ea76a1 100644 --- a/signatures/golang/docker_abuse.go +++ b/signatures/golang/docker_abuse.go @@ -38,7 +38,7 @@ func (sig *DockerAbuse) Init(ctx detect.SignatureContext) error { } func (sig *DockerAbuse) GetMetadata() (detect.SignatureMetadata, error) { - return dockerAbuseMetadata, nil + return helpers.CloneMetadataProperties(&dockerAbuseMetadata), nil } func (sig *DockerAbuse) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/dropped_executable.go b/signatures/golang/dropped_executable.go index dfe2756a9866..1b1039c147c1 100644 --- a/signatures/golang/dropped_executable.go +++ b/signatures/golang/dropped_executable.go @@ -35,7 +35,7 @@ func (sig *DroppedExecutable) Init(ctx detect.SignatureContext) error { } func (sig *DroppedExecutable) GetMetadata() (detect.SignatureMetadata, error) { - return droppedExecutableMetadata, nil + return helpers.CloneMetadataProperties(&droppedExecutableMetadata), nil } func (sig *DroppedExecutable) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/dynamic_code_loading.go b/signatures/golang/dynamic_code_loading.go index 81c7728161e4..0d94f404410d 100644 --- a/signatures/golang/dynamic_code_loading.go +++ b/signatures/golang/dynamic_code_loading.go @@ -37,7 +37,7 @@ func (sig *DynamicCodeLoading) Init(ctx detect.SignatureContext) error { } func (sig *DynamicCodeLoading) GetMetadata() (detect.SignatureMetadata, error) { - return dynamicCodeLoadingMetadata, nil + return helpers.CloneMetadataProperties(&dynamicCodeLoadingMetadata), nil } func (sig *DynamicCodeLoading) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/fileless_execution.go b/signatures/golang/fileless_execution.go index 1728476b192a..85c046b600c4 100644 --- a/signatures/golang/fileless_execution.go +++ b/signatures/golang/fileless_execution.go @@ -35,7 +35,7 @@ func (sig *FilelessExecution) Init(ctx detect.SignatureContext) error { } func (sig *FilelessExecution) GetMetadata() (detect.SignatureMetadata, error) { - return filelessExecutionMetadata, nil + return helpers.CloneMetadataProperties(&filelessExecutionMetadata), nil } func (sig *FilelessExecution) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/hidden_file_created.go b/signatures/golang/hidden_file_created.go index 69a5a68ec9fa..711df89de284 100644 --- a/signatures/golang/hidden_file_created.go +++ b/signatures/golang/hidden_file_created.go @@ -38,7 +38,7 @@ func (sig *HiddenFileCreated) Init(ctx detect.SignatureContext) error { } func (sig *HiddenFileCreated) GetMetadata() (detect.SignatureMetadata, error) { - return hiddenFileCreatedMetadata, nil + return helpers.CloneMetadataProperties(&hiddenFileCreatedMetadata), nil } func (sig *HiddenFileCreated) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/illegitimate_shell.go b/signatures/golang/illegitimate_shell.go index d9234df0f285..252206690d8d 100644 --- a/signatures/golang/illegitimate_shell.go +++ b/signatures/golang/illegitimate_shell.go @@ -40,7 +40,7 @@ func (sig *IllegitimateShell) Init(ctx detect.SignatureContext) error { } func (sig *IllegitimateShell) GetMetadata() (detect.SignatureMetadata, error) { - return illegitimateShellMetadata, nil + return helpers.CloneMetadataProperties(&illegitimateShellMetadata), nil } func (sig *IllegitimateShell) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/k8s_service_account_token.go b/signatures/golang/k8s_service_account_token.go index 4f9bc02a087d..00eeca89de8f 100644 --- a/signatures/golang/k8s_service_account_token.go +++ b/signatures/golang/k8s_service_account_token.go @@ -43,7 +43,7 @@ func (sig *K8SServiceAccountToken) Init(ctx detect.SignatureContext) error { } func (sig *K8SServiceAccountToken) GetMetadata() (detect.SignatureMetadata, error) { - return k8SServiceAccountTokenMetadata, nil + return helpers.CloneMetadataProperties(&k8SServiceAccountTokenMetadata), nil } func (sig *K8SServiceAccountToken) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/kernel_module_loading.go b/signatures/golang/kernel_module_loading.go index 22b207ab793e..49177dbd6782 100644 --- a/signatures/golang/kernel_module_loading.go +++ b/signatures/golang/kernel_module_loading.go @@ -35,7 +35,7 @@ func (sig *KernelModuleLoading) Init(ctx detect.SignatureContext) error { } func (sig *KernelModuleLoading) GetMetadata() (detect.SignatureMetadata, error) { - return kernelModuleLoadingMetadata, nil + return helpers.CloneMetadataProperties(&kernelModuleLoadingMetadata), nil } func (sig *KernelModuleLoading) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/kubernetes_api_connection.go b/signatures/golang/kubernetes_api_connection.go index e26f79b053ce..8de6fe5ed4a7 100644 --- a/signatures/golang/kubernetes_api_connection.go +++ b/signatures/golang/kubernetes_api_connection.go @@ -36,7 +36,7 @@ func (sig *K8sApiConnection) Init(ctx detect.SignatureContext) error { } func (sig *K8sApiConnection) GetMetadata() (detect.SignatureMetadata, error) { - return k8sApiConnectionMetadata, nil + return helpers.CloneMetadataProperties(&k8sApiConnectionMetadata), nil } func (sig *K8sApiConnection) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/kubernetes_certificate_theft_attempt.go b/signatures/golang/kubernetes_certificate_theft_attempt.go index 62032dc6e7ad..3469a589045e 100644 --- a/signatures/golang/kubernetes_certificate_theft_attempt.go +++ b/signatures/golang/kubernetes_certificate_theft_attempt.go @@ -40,7 +40,7 @@ func (sig *KubernetesCertificateTheftAttempt) Init(ctx detect.SignatureContext) } func (sig *KubernetesCertificateTheftAttempt) GetMetadata() (detect.SignatureMetadata, error) { - return kubernetesCertificateTheftAttemptMetadata, nil + return helpers.CloneMetadataProperties(&kubernetesCertificateTheftAttemptMetadata), nil } func (sig *KubernetesCertificateTheftAttempt) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/ld_preload.go b/signatures/golang/ld_preload.go index fc508f652773..2a5b0f184e69 100644 --- a/signatures/golang/ld_preload.go +++ b/signatures/golang/ld_preload.go @@ -40,7 +40,7 @@ func (sig *LdPreload) Init(ctx detect.SignatureContext) error { } func (sig *LdPreload) GetMetadata() (detect.SignatureMetadata, error) { - return ldPreloadMetadata, nil + return helpers.CloneMetadataProperties(&ldPreloadMetadata), nil } func (sig *LdPreload) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/proc_fops_hooking.go b/signatures/golang/proc_fops_hooking.go index 5af0ecf686ae..6ab98bc0c962 100644 --- a/signatures/golang/proc_fops_hooking.go +++ b/signatures/golang/proc_fops_hooking.go @@ -35,7 +35,7 @@ func (sig *ProcFopsHooking) Init(ctx detect.SignatureContext) error { } func (sig *ProcFopsHooking) GetMetadata() (detect.SignatureMetadata, error) { - return procFopsHookingMetadata, nil + return helpers.CloneMetadataProperties(&procFopsHookingMetadata), nil } func (sig *ProcFopsHooking) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/proc_kcore_read.go b/signatures/golang/proc_kcore_read.go index e505f0dfd90c..781b9825615b 100644 --- a/signatures/golang/proc_kcore_read.go +++ b/signatures/golang/proc_kcore_read.go @@ -38,7 +38,7 @@ func (sig *ProcKcoreRead) Init(ctx detect.SignatureContext) error { } func (sig *ProcKcoreRead) GetMetadata() (detect.SignatureMetadata, error) { - return procKcoreReadMetadata, nil + return helpers.CloneMetadataProperties(&procKcoreReadMetadata), nil } func (sig *ProcKcoreRead) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/proc_mem_access.go b/signatures/golang/proc_mem_access.go index 7d171b253949..18bab2c16ca5 100644 --- a/signatures/golang/proc_mem_access.go +++ b/signatures/golang/proc_mem_access.go @@ -41,7 +41,7 @@ func (sig *ProcMemAccess) Init(ctx detect.SignatureContext) error { } func (sig *ProcMemAccess) GetMetadata() (detect.SignatureMetadata, error) { - return procMemAccessMetadata, nil + return helpers.CloneMetadataProperties(&procMemAccessMetadata), nil } func (sig *ProcMemAccess) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/proc_mem_code_injection.go b/signatures/golang/proc_mem_code_injection.go index f5ae29b21676..0d7a88f228e7 100644 --- a/signatures/golang/proc_mem_code_injection.go +++ b/signatures/golang/proc_mem_code_injection.go @@ -41,7 +41,7 @@ func (sig *ProcMemCodeInjection) Init(ctx detect.SignatureContext) error { } func (sig *ProcMemCodeInjection) GetMetadata() (detect.SignatureMetadata, error) { - return procMemCodeInjectionMetadata, nil + return helpers.CloneMetadataProperties(&procMemCodeInjectionMetadata), nil } func (sig *ProcMemCodeInjection) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/process_vm_write_code_injection.go b/signatures/golang/process_vm_write_code_injection.go index d742260b5aa1..4dc4bf8d7a52 100644 --- a/signatures/golang/process_vm_write_code_injection.go +++ b/signatures/golang/process_vm_write_code_injection.go @@ -36,7 +36,7 @@ func (sig *ProcessVmWriteCodeInjection) Init(ctx detect.SignatureContext) error } func (sig *ProcessVmWriteCodeInjection) GetMetadata() (detect.SignatureMetadata, error) { - return processVmWriteCodeInjectionMetadata, nil + return helpers.CloneMetadataProperties(&processVmWriteCodeInjectionMetadata), nil } func (sig *ProcessVmWriteCodeInjection) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/ptrace_code_injection.go b/signatures/golang/ptrace_code_injection.go index 233060e5b54b..872a0e7e3001 100644 --- a/signatures/golang/ptrace_code_injection.go +++ b/signatures/golang/ptrace_code_injection.go @@ -39,7 +39,7 @@ func (sig *PtraceCodeInjection) Init(ctx detect.SignatureContext) error { } func (sig *PtraceCodeInjection) GetMetadata() (detect.SignatureMetadata, error) { - return ptraceCodeInjectionMetadata, nil + return helpers.CloneMetadataProperties(&ptraceCodeInjectionMetadata), nil } func (sig *PtraceCodeInjection) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/rcd_modification.go b/signatures/golang/rcd_modification.go index 3a01b2857a87..2989aaba4924 100644 --- a/signatures/golang/rcd_modification.go +++ b/signatures/golang/rcd_modification.go @@ -43,7 +43,7 @@ func (sig *RcdModification) Init(ctx detect.SignatureContext) error { } func (sig *RcdModification) GetMetadata() (detect.SignatureMetadata, error) { - return rcdModificationMetadata, nil + return helpers.CloneMetadataProperties(&rcdModificationMetadata), nil } func (sig *RcdModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/sched_debug_recon.go b/signatures/golang/sched_debug_recon.go index 02ea12f067ec..9477bb6f948a 100644 --- a/signatures/golang/sched_debug_recon.go +++ b/signatures/golang/sched_debug_recon.go @@ -37,7 +37,7 @@ func (sig *SchedDebugRecon) Init(ctx detect.SignatureContext) error { } func (sig *SchedDebugRecon) GetMetadata() (detect.SignatureMetadata, error) { - return schedDebugReconMetadata, nil + return helpers.CloneMetadataProperties(&schedDebugReconMetadata), nil } func (sig *SchedDebugRecon) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/scheduled_task_modification.go b/signatures/golang/scheduled_task_modification.go index 2586ef7482a9..fce5c2ed1d58 100644 --- a/signatures/golang/scheduled_task_modification.go +++ b/signatures/golang/scheduled_task_modification.go @@ -43,7 +43,7 @@ func (sig *ScheduledTaskModification) Init(ctx detect.SignatureContext) error { } func (sig *ScheduledTaskModification) GetMetadata() (detect.SignatureMetadata, error) { - return scheduledTaskModificationMetadata, nil + return helpers.CloneMetadataProperties(&scheduledTaskModificationMetadata), nil } func (sig *ScheduledTaskModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/stdio_over_socket.go b/signatures/golang/stdio_over_socket.go index d2e89f4d57d6..61b16c2c3329 100644 --- a/signatures/golang/stdio_over_socket.go +++ b/signatures/golang/stdio_over_socket.go @@ -37,7 +37,7 @@ func (sig *StdioOverSocket) Init(ctx detect.SignatureContext) error { } func (sig *StdioOverSocket) GetMetadata() (detect.SignatureMetadata, error) { - return stdioOverSocketMetadata, nil + return helpers.CloneMetadataProperties(&stdioOverSocketMetadata), nil } func (sig *StdioOverSocket) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/sudoers_modification.go b/signatures/golang/sudoers_modification.go index 8c2645b510a2..481e1f49fac5 100644 --- a/signatures/golang/sudoers_modification.go +++ b/signatures/golang/sudoers_modification.go @@ -40,7 +40,7 @@ func (sig *SudoersModification) Init(ctx detect.SignatureContext) error { } func (sig *SudoersModification) GetMetadata() (detect.SignatureMetadata, error) { - return sudoersModificationMetadata, nil + return helpers.CloneMetadataProperties(&sudoersModificationMetadata), nil } func (sig *SudoersModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/syscall_table_hooking.go b/signatures/golang/syscall_table_hooking.go index 9749c67ad90c..ad1506fe7a36 100644 --- a/signatures/golang/syscall_table_hooking.go +++ b/signatures/golang/syscall_table_hooking.go @@ -3,6 +3,7 @@ package main import ( "fmt" + "github.com/aquasecurity/tracee/signatures/helpers" "github.com/aquasecurity/tracee/types/detect" "github.com/aquasecurity/tracee/types/protocol" "github.com/aquasecurity/tracee/types/trace" @@ -34,7 +35,7 @@ func (sig *SyscallTableHooking) Init(ctx detect.SignatureContext) error { } func (sig *SyscallTableHooking) GetMetadata() (detect.SignatureMetadata, error) { - return syscallTableHookingMetadata, nil + return helpers.CloneMetadataProperties(&syscallTableHookingMetadata), nil } func (sig *SyscallTableHooking) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/golang/system_request_key_config_modification.go b/signatures/golang/system_request_key_config_modification.go index bb80aa12832a..ccdcd5206333 100644 --- a/signatures/golang/system_request_key_config_modification.go +++ b/signatures/golang/system_request_key_config_modification.go @@ -37,7 +37,7 @@ func (sig *SystemRequestKeyConfigModification) Init(ctx detect.SignatureContext) } func (sig *SystemRequestKeyConfigModification) GetMetadata() (detect.SignatureMetadata, error) { - return systemRequestKeyConfigModificationMetadata, nil + return helpers.CloneMetadataProperties(&systemRequestKeyConfigModificationMetadata), nil } func (sig *SystemRequestKeyConfigModification) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { diff --git a/signatures/helpers/helpers.go b/signatures/helpers/helpers.go index 94a0a4c12b04..f54281a1f39d 100644 --- a/signatures/helpers/helpers.go +++ b/signatures/helpers/helpers.go @@ -444,6 +444,8 @@ func GetProtoHTTPByName( // TODO: since this helper is a workaround to avoid data races, // perhaps a better solution would be to convert Properties into // a concrete structure. -func CloneMetadataProperties(m *detect.SignatureMetadata) { - m.Properties = maps.Clone(m.Properties) +func CloneMetadataProperties(m *detect.SignatureMetadata) detect.SignatureMetadata { + copy := *m + copy.Properties = maps.Clone(m.Properties) + return copy }