script_core 0.2.6 → 0.2.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (191) hide show
  1. checksums.yaml +4 -4
  2. data/ext/enterprise_script_service/libseccomp/.travis.yml +21 -7
  3. data/ext/enterprise_script_service/libseccomp/CHANGELOG +22 -0
  4. data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
  5. data/ext/enterprise_script_service/libseccomp/CREDITS +8 -0
  6. data/ext/enterprise_script_service/libseccomp/README.md +3 -1
  7. data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
  8. data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
  9. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
  10. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
  11. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
  12. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
  13. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
  14. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
  15. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
  16. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
  17. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
  18. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
  19. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
  20. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
  21. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
  22. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
  23. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
  24. data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +12 -0
  25. data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
  26. data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
  27. data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
  28. data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
  29. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
  30. data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
  31. data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
  32. data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
  33. data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
  34. data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
  35. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
  36. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
  37. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
  38. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
  39. data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
  40. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
  41. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
  42. data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
  43. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
  44. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
  45. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
  46. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
  47. data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
  48. data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
  49. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
  50. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
  51. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
  52. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
  53. data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
  54. data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
  55. data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
  56. data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
  57. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
  58. data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
  59. data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
  60. data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
  61. data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
  62. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
  63. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
  64. data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
  65. data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
  66. data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
  67. data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
  68. data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
  69. data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
  70. data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
  71. data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
  72. data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
  73. data/ext/enterprise_script_service/libseccomp/tests/.gitignore +9 -2
  74. data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
  75. data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
  76. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
  77. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
  78. data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +1 -0
  79. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
  80. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
  81. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
  82. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
  83. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
  84. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
  85. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
  86. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
  87. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
  88. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
  89. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
  90. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
  91. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
  92. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
  93. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
  94. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
  95. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
  96. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
  97. data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
  98. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
  99. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
  100. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
  101. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
  102. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
  103. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
  104. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
  105. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
  106. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
  107. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
  108. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
  109. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
  110. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
  111. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
  112. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
  113. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
  114. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
  115. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
  116. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
  117. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
  118. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
  119. data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +31 -10
  120. data/ext/enterprise_script_service/libseccomp/tests/regression +6 -3
  121. data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
  122. data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
  123. data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
  124. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
  125. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +2 -0
  126. data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
  127. data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
  128. data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
  129. data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
  130. data/ext/enterprise_script_service/mruby/README.md +1 -1
  131. data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
  132. data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
  133. data/ext/enterprise_script_service/mruby/include/mruby.h +13 -0
  134. data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -1
  135. data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
  136. data/ext/enterprise_script_service/mruby/include/mruby/value.h +25 -29
  137. data/ext/enterprise_script_service/mruby/include/mruby/version.h +3 -3
  138. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
  139. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +2 -2
  140. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +17 -10
  141. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
  142. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
  143. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +1 -1
  144. data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
  145. data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
  146. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +1 -2
  147. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +9 -26
  148. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +1 -2
  149. data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
  150. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +3 -4
  151. data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
  152. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +1 -2
  153. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
  154. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
  155. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +3 -3
  156. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +1 -2
  157. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
  158. data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +5 -10
  159. data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
  160. data/ext/enterprise_script_service/mruby/src/array.c +14 -11
  161. data/ext/enterprise_script_service/mruby/src/class.c +22 -21
  162. data/ext/enterprise_script_service/mruby/src/error.c +1 -2
  163. data/ext/enterprise_script_service/mruby/src/etc.c +0 -1
  164. data/ext/enterprise_script_service/mruby/src/gc.c +5 -5
  165. data/ext/enterprise_script_service/mruby/src/hash.c +8 -15
  166. data/ext/enterprise_script_service/mruby/src/kernel.c +4 -7
  167. data/ext/enterprise_script_service/mruby/src/numeric.c +28 -60
  168. data/ext/enterprise_script_service/mruby/src/object.c +11 -1
  169. data/ext/enterprise_script_service/mruby/src/proc.c +7 -8
  170. data/ext/enterprise_script_service/mruby/src/range.c +4 -12
  171. data/ext/enterprise_script_service/mruby/src/string.c +24 -21
  172. data/ext/enterprise_script_service/mruby/src/symbol.c +1 -2
  173. data/ext/enterprise_script_service/mruby/src/vm.c +28 -24
  174. data/ext/enterprise_script_service/mruby/test/t/kernel.rb +7 -0
  175. data/lib/script_core/version.rb +1 -1
  176. metadata +45 -21
  177. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
  178. data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
  179. data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
  180. data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
  181. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
  182. data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
  183. data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
  184. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
  185. data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -642
  186. data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -642
  187. data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
  188. data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
  189. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
  190. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
  191. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py ADDED
@@ -0,0 +1,61 @@
1
+ #!/usr/bin/env python
2
+
3
+ #
4
+ # Seccomp Library test program
5
+ #
6
+ # Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
7
+ # Author: Paul Moore <paul@paul-moore.com>
8
+ #
9
+
10
+ #
11
+ # This library is free software; you can redistribute it and/or modify it
12
+ # under the terms of version 2.1 of the GNU Lesser General Public License as
13
+ # published by the Free Software Foundation.
14
+ #
15
+ # This library is distributed in the hope that it will be useful, but WITHOUT
16
+ # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17
+ # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
18
+ # for more details.
19
+ #
20
+ # You should have received a copy of the GNU Lesser General Public License
21
+ # along with this library; if not, see <http://www.gnu.org/licenses>.
22
+ #
23
+
24
+ import argparse
25
+ import os
26
+ import signal
27
+ import sys
28
+
29
+ import util
30
+
31
+ from seccomp import *
32
+
33
+ def test():
34
+ magic = os.getuid() + 1
35
+ f = SyscallFilter(ALLOW)
36
+ f.set_attr(Attr.CTL_TSYNC, 1)
37
+ f.add_rule(NOTIFY, "getuid")
38
+ f.load()
39
+ pid = os.fork()
40
+ if pid == 0:
41
+ val = os.getuid()
42
+ if val != magic:
43
+ raise RuntimeError("Response return value failed")
44
+ quit(1)
45
+ quit(0)
46
+ else:
47
+ notify = f.receive_notify()
48
+ if notify.syscall != resolve_syscall(Arch(), "getuid"):
49
+ raise RuntimeError("Notification failed")
50
+ f.respond_notify(NotificationResponse(notify, magic, 0, 0))
51
+ wpid, rc = os.waitpid(pid, 0)
52
+ if os.WIFEXITED(rc) == 0:
53
+ raise RuntimeError("Child process error")
54
+ if os.WEXITSTATUS(rc) != 0:
55
+ raise RuntimeError("Child process error")
56
+ quit(160)
57
+
58
+ test()
59
+
60
+ # kate: syntax python;
61
+ # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests ADDED
@@ -0,0 +1,11 @@
1
+ #
2
+ # libseccomp regression test automation data
3
+ #
4
+ # Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
5
+ # Author: Paul Moore <paul@paul-moore.com>
6
+ #
7
+
8
+ test type: live
9
+
10
+ # Testname API Result
11
+ 58-live-tsync_notify 6 ALLOW
data/ext/enterprise_script_service/libseccomp/tests/Makefile.am CHANGED
@@ -57,7 +57,7 @@ check_PROGRAMS = \
57
57
  15-basic-resolver \
58
58
  16-sim-arch_basic \
59
59
  17-sim-arch_merge \
60
- 18-sim-basic_whitelist \
60
+ 18-sim-basic_allowlist \
61
61
  19-sim-missing_syscalls \
62
62
  20-live-basic_die \
63
63
  21-live-basic_allow \
@@ -73,7 +73,7 @@ check_PROGRAMS = \
73
73
  31-basic-version_check \
74
74
  32-live-tsync_allow \
75
75
  33-sim-socket_syscalls_be \
76
- 34-sim-basic_blacklist \
76
+ 34-sim-basic_denylist \
77
77
  35-sim-negative_one \
78
78
  36-sim-ipc_syscalls \
79
79
  37-sim-ipc_syscalls_be \
@@ -90,7 +90,14 @@ check_PROGRAMS = \
90
90
  48-sim-32b_args \
91
91
  49-sim-64b_comparisons \
92
92
  50-sim-hash_collision \
93
- 52-basic-load
93
+ 51-live-user_notification \
94
+ 52-basic-load \
95
+ 53-sim-binary_tree \
96
+ 54-live-binary_tree \
97
+ 55-basic-pfc_binary_tree \
98
+ 56-basic-iterate_syscalls \
99
+ 57-basic-rawsysrc \
100
+ 58-live-tsync_notify
94
101
 
95
102
  EXTRA_DIST_TESTPYTHON = \
96
103
  util.py \
@@ -111,7 +118,7 @@ EXTRA_DIST_TESTPYTHON = \
111
118
  15-basic-resolver.py \
112
119
  16-sim-arch_basic.py \
113
120
  17-sim-arch_merge.py \
114
- 18-sim-basic_whitelist.py \
121
+ 18-sim-basic_allowlist.py \
115
122
  19-sim-missing_syscalls.py \
116
123
  20-live-basic_die.py \
117
124
  21-live-basic_allow.py \
@@ -127,7 +134,7 @@ EXTRA_DIST_TESTPYTHON = \
127
134
  31-basic-version_check.py \
128
135
  32-live-tsync_allow.py \
129
136
  33-sim-socket_syscalls_be.py \
130
- 34-sim-basic_blacklist.py \
137
+ 34-sim-basic_denylist.py \
131
138
  35-sim-negative_one.py \
132
139
  36-sim-ipc_syscalls.py \
133
140
  37-sim-ipc_syscalls_be.py \
@@ -143,7 +150,13 @@ EXTRA_DIST_TESTPYTHON = \
143
150
  48-sim-32b_args.py \
144
151
  49-sim-64b_comparisons.py \
145
152
  50-sim-hash_collision.py \
146
- 52-basic-load.py
153
+ 51-live-user_notification.py \
154
+ 52-basic-load.py \
155
+ 53-sim-binary_tree.py \
156
+ 54-live-binary_tree.py \
157
+ 56-basic-iterate_syscalls.py \
158
+ 57-basic-rawsysrc.py \
159
+ 58-live-tsync_notify.py
147
160
 
148
161
  EXTRA_DIST_TESTCFGS = \
149
162
  01-sim-allow.tests \
@@ -163,7 +176,7 @@ EXTRA_DIST_TESTCFGS = \
163
176
  15-basic-resolver.tests \
164
177
  16-sim-arch_basic.tests \
165
178
  17-sim-arch_merge.tests \
166
- 18-sim-basic_whitelist.tests \
179
+ 18-sim-basic_allowlist.tests \
167
180
  19-sim-missing_syscalls.tests \
168
181
  20-live-basic_die.tests \
169
182
  21-live-basic_allow.tests \
@@ -179,7 +192,7 @@ EXTRA_DIST_TESTCFGS = \
179
192
  31-basic-version_check.tests \
180
193
  32-live-tsync_allow.tests \
181
194
  33-sim-socket_syscalls_be.tests \
182
- 34-sim-basic_blacklist.tests \
195
+ 34-sim-basic_denylist.tests \
183
196
  35-sim-negative_one.tests \
184
197
  36-sim-ipc_syscalls.tests \
185
198
  37-sim-ipc_syscalls_be.tests \
@@ -196,10 +209,18 @@ EXTRA_DIST_TESTCFGS = \
196
209
  48-sim-32b_args.tests \
197
210
  49-sim-64b_comparisons.tests \
198
211
  50-sim-hash_collision.tests \
199
- 52-basic-load.tests
212
+ 51-live-user_notification.tests \
213
+ 52-basic-load.tests \
214
+ 53-sim-binary_tree.tests \
215
+ 54-live-binary_tree.tests \
216
+ 55-basic-pfc_binary_tree.tests \
217
+ 56-basic-iterate_syscalls.tests \
218
+ 57-basic-rawsysrc.tests \
219
+ 58-live-tsync_notify.tests
200
220
 
201
221
  EXTRA_DIST_TESTSCRIPTS = \
202
- 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc
222
+ 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \
223
+ 55-basic-pfc_binary_tree.sh 55-basic-pfc_binary_tree.pfc
203
224
 
204
225
  EXTRA_DIST_TESTTOOLS = regression testdiff testgen
205
226
 
data/ext/enterprise_script_service/libseccomp/tests/regression CHANGED
@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
25
25
  x86 x86_64 x32 \
26
26
  arm aarch64 \
27
27
  mipsel mipsel64 mipsel64n32 \
28
- ppc64le"
28
+ ppc64le \
29
+ riscv64"
29
30
  GLBL_ARCH_BE_SUPPORT=" \
30
31
  mips mips64 mips64n32 \
31
32
  parisc parisc64 \
@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
46
47
  mips64 \
47
48
  parisc64 \
48
49
  ppc64 \
50
+ riscv64 \
49
51
  s390x"
50
52
 
51
53
  GLBL_SYS_ARCH="../tools/scmp_arch_detect"
@@ -270,7 +272,8 @@ function generate_random_data() {
270
272
  else
271
273
  rcount=$[ ($RANDOM % 8) + 1 ]
272
274
  fi
273
- rdata=$(echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c"$rcount"))
275
+ rdata=$(dd if=/dev/urandom bs=64 count=1 status=none | \
276
+ md5sum | awk '{ print $1 }' | head -c"$rcount")
274
277
  echo "$rdata"
275
278
  }
276
279
 
@@ -777,7 +780,7 @@ function run_test_live() {
777
780
 
778
781
  # setup the arch specific return values
779
782
  case "$arch" in
780
- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
783
+ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
781
784
  rc_kill_process=159
782
785
  rc_kill=159
783
786
  rc_allow=160
data/ext/enterprise_script_service/libseccomp/tests/util.c CHANGED
@@ -200,14 +200,14 @@ int util_file_write(const char *path)
200
200
 
201
201
  fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
202
202
  if (fd < 0)
203
- return errno;
203
+ return -errno;
204
204
  if (write(fd, buf, buf_len) < buf_len) {
205
- int rc = errno;
205
+ int rc = -errno;
206
206
  close(fd);
207
207
  return rc;
208
208
  }
209
209
  if (close(fd) < 0)
210
- return errno;
210
+ return -errno;
211
211
 
212
212
  return 0;
213
213
  }
data/ext/enterprise_script_service/libseccomp/tools/check-syntax CHANGED
@@ -26,7 +26,7 @@ CHK_C_LIST="include/seccomp.h.in \
26
26
  src/*.c src/*.h \
27
27
  tests/*.c tests/*.h \
28
28
  tools/*.c tools/*.h"
29
- CHK_C_EXCLUDE=""
29
+ CHK_C_EXCLUDE="src/syscalls.perf.c"
30
30
 
31
31
  ####
32
32
  # functions
data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c CHANGED
@@ -120,6 +120,9 @@ int main(int argc, char *argv[])
120
120
  case SCMP_ARCH_S390X:
121
121
  printf("s390x\n");
122
122
  break;
123
+ case SCMP_ARCH_RISCV64:
124
+ printf("riscv64\n");
125
+ break;
123
126
  default:
124
127
  printf("unknown\n");
125
128
  }
data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c CHANGED
@@ -288,7 +288,7 @@ static void bpf_decode_args(const bpf_instr_raw *bpf, unsigned int line)
288
288
  * @param file the BPF program
289
289
  *
290
290
  * Read the BPF program and display the instructions. Returns zero on success,
291
- * negative values on failure.
291
+ * non-zero values on failure.
292
292
  *
293
293
  */
294
294
  static int bpf_decode(FILE *file)
@@ -424,7 +424,7 @@ static void bpf_dot_decode_args(const bpf_instr_raw *bpf, unsigned int line)
424
424
  * @param file the BPF program
425
425
  *
426
426
  * Read the BPF program and display the instructions. Returns zero on success,
427
- * negative values on failure.
427
+ * non-zero values on failure.
428
428
  *
429
429
  */
430
430
  static int bpf_dot_decode(FILE *file)
@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
508
508
  arch = AUDIT_ARCH_S390;
509
509
  else if (strcmp(optarg, "s390x") == 0)
510
510
  arch = AUDIT_ARCH_S390X;
511
+ else if (strcmp(optarg, "riscv64") == 0)
512
+ arch = AUDIT_ARCH_RISCV64;
511
513
  else
512
514
  exit_usage(argv[0]);
513
515
  break;
data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c CHANGED
@@ -285,6 +285,8 @@ int main(int argc, char *argv[])
285
285
  arch = AUDIT_ARCH_S390;
286
286
  else if (strcmp(optarg, "s390x") == 0)
287
287
  arch = AUDIT_ARCH_S390X;
288
+ else if (strcmp(optarg, "riscv64") == 0)
289
+ arch = AUDIT_ARCH_RISCV64;
288
290
  else
289
291
  exit_fault(EINVAL);
290
292
  break;
data/ext/enterprise_script_service/libseccomp/tools/util.c CHANGED
@@ -78,6 +78,8 @@
78
78
  #define ARCH_NATIVE AUDIT_ARCH_S390X
79
79
  #elif __s390__
80
80
  #define ARCH_NATIVE AUDIT_ARCH_S390
81
+ #elif __riscv && __riscv_xlen == 64
82
+ #define ARCH_NATIVE AUDIT_ARCH_RISCV64
81
83
  #else
82
84
  #error the simulator code needs to know about your machine type
83
85
  #endif
@@ -87,15 +89,15 @@ uint32_t arch = ARCH_NATIVE;
87
89
 
88
90
  /**
89
91
  * Convert a 16-bit target integer into the host's endianess
90
- * @param arch the architecture token
92
+ * @param arch_token the architecture token
91
93
  * @param val the 16-bit integer
92
94
  *
93
95
  * Convert the endianess of the supplied value and return it to the caller.
94
96
  *
95
97
  */
96
- uint16_t ttoh16(uint32_t arch, uint16_t val)
98
+ uint16_t ttoh16(uint32_t arch_token, uint16_t val)
97
99
  {
98
- if (arch & __AUDIT_ARCH_LE)
100
+ if (arch_token & __AUDIT_ARCH_LE)
99
101
  return le16toh(val);
100
102
  else
101
103
  return be16toh(val);
@@ -103,15 +105,15 @@ uint16_t ttoh16(uint32_t arch, uint16_t val)
103
105
 
104
106
  /**
105
107
  * Convert a 32-bit target integer into the host's endianess
106
- * @param arch the architecture token
108
+ * @param arch_token the architecture token
107
109
  * @param val the 32-bit integer
108
110
  *
109
111
  * Convert the endianess of the supplied value and return it to the caller.
110
112
  *
111
113
  */
112
- uint32_t ttoh32(uint32_t arch, uint32_t val)
114
+ uint32_t ttoh32(uint32_t arch_token, uint32_t val)
113
115
  {
114
- if (arch & __AUDIT_ARCH_LE)
116
+ if (arch_token & __AUDIT_ARCH_LE)
115
117
  return le32toh(val);
116
118
  else
117
119
  return be32toh(val);
@@ -119,15 +121,15 @@ uint32_t ttoh32(uint32_t arch, uint32_t val)
119
121
 
120
122
  /**
121
123
  * Convert a 32-bit host integer into the target's endianess
122
- * @param arch the architecture token
124
+ * @param arch_token the architecture token
123
125
  * @param val the 32-bit integer
124
126
  *
125
127
  * Convert the endianess of the supplied value and return it to the caller.
126
128
  *
127
129
  */
128
- uint32_t htot32(uint32_t arch, uint32_t val)
130
+ uint32_t htot32(uint32_t arch_token, uint32_t val)
129
131
  {
130
- if (arch & __AUDIT_ARCH_LE)
132
+ if (arch_token & __AUDIT_ARCH_LE)
131
133
  return htole32(val);
132
134
  else
133
135
  return htobe32(val);
@@ -135,15 +137,15 @@ uint32_t htot32(uint32_t arch, uint32_t val)
135
137
 
136
138
  /**
137
139
  * Convert a 64-bit host integer into the target's endianess
138
- * @param arch the architecture token
140
+ * @param arch_token the architecture token
139
141
  * @param val the 64-bit integer
140
142
  *
141
143
  * Convert the endianess of the supplied value and return it to the caller.
142
144
  *
143
145
  */
144
- uint64_t htot64(uint32_t arch, uint64_t val)
146
+ uint64_t htot64(uint32_t arch_token, uint64_t val)
145
147
  {
146
- if (arch & __AUDIT_ARCH_LE)
148
+ if (arch_token & __AUDIT_ARCH_LE)
147
149
  return htole64(val);
148
150
  else
149
151
  return htobe64(val);
data/ext/enterprise_script_service/libseccomp/tools/util.h CHANGED
@@ -72,6 +72,13 @@
72
72
  #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
73
73
  #endif
74
74
 
75
+ #ifndef AUDIT_ARCH_RISCV64
76
+ #ifndef EM_RISCV
77
+ #define EM_RISCV 243
78
+ #endif /* EM_RISCV */
79
+ #define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
80
+ #endif /* AUDIT_ARCH_RISCV64 */
81
+
75
82
  extern uint32_t arch;
76
83
 
77
84
  uint16_t ttoh16(uint32_t arch, uint16_t val);
data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml ADDED
@@ -0,0 +1,51 @@
1
+ name: "Code scanning - action"
2
+
3
+ on:
4
+ push:
5
+ pull_request:
6
+ schedule:
7
+ - cron: '0 19 * * 4'
8
+
9
+ jobs:
10
+ CodeQL-Build:
11
+
12
+ runs-on: ubuntu-latest
13
+
14
+ steps:
15
+ - name: Checkout repository
16
+ uses: actions/checkout@v2
17
+ with:
18
+ # We must fetch at least the immediate parents so that if this is
19
+ # a pull request then we can checkout the head.
20
+ fetch-depth: 2
21
+
22
+ # If this run was triggered by a pull request event, then checkout
23
+ # the head of the pull request instead of the merge commit.
24
+ - run: git checkout HEAD^2
25
+ if: ${{ github.event_name == 'pull_request' }}
26
+
27
+ # Initializes the CodeQL tools for scanning.
28
+ - name: Initialize CodeQL
29
+ uses: github/codeql-action/init@v1
30
+ # Override language selection by uncommenting this and choosing your languages
31
+ # with:
32
+ # languages: go, javascript, csharp, python, cpp, java
33
+
34
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
35
+ # If this step fails, then you should remove it and run the build manually (see below)
36
+ - name: Autobuild
37
+ uses: github/codeql-action/autobuild@v1
38
+
39
+ # ℹ️ Command-line programs to run using the OS shell.
40
+ # 📚 https://git.io/JvXDl
41
+
42
+ # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
43
+ # and modify them (or add more) to build your code if your project
44
+ # uses a compiled language
45
+
46
+ #- run: |
47
+ # make bootstrap
48
+ # make release
49
+
50
+ - name: Perform CodeQL Analysis
51
+ uses: github/codeql-action/analyze@v1
data/ext/enterprise_script_service/mruby/Doxyfile CHANGED
@@ -6,7 +6,7 @@
6
6
 
7
7
  DOXYFILE_ENCODING = UTF-8
8
8
  PROJECT_NAME = "mruby"
9
- PROJECT_NUMBER = 2.1.1
9
+ PROJECT_NUMBER = 2.1.2
10
10
 
11
11
  PROJECT_BRIEF = "mruby is the lightweight implementation of the Ruby language"
12
12