seccomp-tools 0.1.0

data/lib/seccomp-tools/syscall.rb

@@ -0,0 +1,67 @@
+require 'seccomp-tools/const'
+require 'seccomp-tools/ptrace'
+
+module SeccompTools
+  # Record syscall number, arguments, return value.
+  class Syscall
+    # Syscall arguments offset of +struct user+ in different arch.
+    ABI = {
+      amd64: { number: 120, args: [112, 104, 96, 56, 72, 44], ret: 80, SYS_prctl: 157 },
+      i386: { number: 120, args: [40, 88, 96, 104, 112, 32], ret: 80, SYS_prctl: 172 }
+    }.freeze
+
+    attr_reader :pid, :abi, :number, :args, :ret
+    # @param [String] pid
+    #   Process-id.
+    def initialize(pid)
+      @pid = pid
+      raise ArgumentError, "Only supports #{ABI.keys.join(', ')}" if ABI[arch].nil?
+      @abi = ABI[arch]
+      @number = peek(abi[:number])
+      @args = abi[:args].map { |off| peek(off) }
+      @ret = peek(abi[:ret])
+    end
+
+    # Is this a +prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, addr)+ syscall?
+    # @return [Boolean]
+    #   +true+ for is a seccomp installation syscall.
+    def set_seccomp?
+      # TODO: handle SECCOMP_MODE_STRICT
+      number == abi[:SYS_prctl] && args[0] == Const::BPF::PR_SET_SECCOMP && args[1] == Const::BPF::SECCOMP_MODE_FILTER
+    end
+
+    # Dump bpf byte from +args[2]+.
+    # @return [String]
+    def dump_bpf
+      addr = args[2]
+      len = Ptrace.peekdata(pid, addr, 0) & 0xffff # len is unsigned short
+      filter = Ptrace.peekdata(pid, addr + bits / 8, 0) & ((1 << bits) - 1)
+      Array.new(len) { |i| Ptrace.peekdata(pid, filter + i * 8, 0) }.pack('Q*')
+    end
+
+    # @return [Symbol]
+    #   Architecture of this syscall.
+    def arch
+      @arch ||= File.open("/proc/#{pid}/exe", 'rb') do |f|
+        f.pos = 4
+        case f.read(1).ord
+        when 1 then :i386
+        when 2 then :amd64
+        end
+      end
+    end
+
+    private
+
+    def bits
+      case arch
+      when :i386 then 32
+      when :amd64 then 64
+      end
+    end
+
+    def peek(offset)
+      Ptrace.peekuser(pid, offset, 0)
+    end
+  end
+end

data/lib/seccomp-tools/util.rb

@@ -0,0 +1,54 @@
+module SeccompTools
+  # Define utility methods.
+  module Util
+    module_function
+
+    # Get currently supported architectures.
+    # @return [Array<Symbol>]
+    #   Architectures.
+    def supported_archs
+      @archs ||= Dir.glob(File.join(__dir__, 'consts', '*.rb')).map { |f| File.basename(f, '.rb').to_sym }.sort
+    end
+
+    # Detect system architecture.
+    # @return [Symbol]
+    def system_arch
+      case RbConfig::CONFIG['host_cpu']
+      when /x86_64/ then :amd64
+      when /i386/ then :i386
+      else :unknown
+      end
+    end
+
+    def disable_color!
+      @disable_color = true
+    end
+
+    # Is colorize enabled?
+    # @return [Boolean]
+    def colorize_enabled?
+      !@disable_color && $stdout.tty?
+    end
+
+    # Color codes for pretty print.
+    COLOR_CODE = {
+      esc_m: "\e[0m",
+      syscall: "\e[38;5;120m", # light green
+      arch: "\e[38;5;230m" # light yellow
+    }.freeze
+    # Wrapper color codes.
+    # @param [String] s
+    #   Contents to wrapper.
+    # @param [Symbol?] sev
+    #   Specific which kind of color to use, valid symbols are defined in +#COLOR_CODE+.
+    # @return [String]
+    #   Wrapper with color codes.
+    def colorize(s, t: nil)
+      s = s.to_s
+      return s unless colorize_enabled?
+      cc = COLOR_CODE
+      color = cc[t]
+      "#{color}#{s.sub(cc[:esc_m], color)}#{cc[:esc_m]}"
+    end
+  end
+end

data/lib/seccomp-tools/version.rb

@@ -0,0 +1,4 @@
+module SeccompTools
+  # Gem version.
+  VERSION = '0.1.0'.freeze
+end

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: seccomp-tools
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- david942j
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-06-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: ''
+email:
+- david942j@gmail.com
+executables:
+- seccomp-tools
+extensions:
+- ext/ptrace/extconf.rb
+extra_rdoc_files: []
+files:
+- README.md
+- bin/seccomp-tools
+- ext/ptrace/extconf.rb
+- ext/ptrace/ptrace.c
+- lib/seccomp-tools.rb
+- lib/seccomp-tools/bpf.rb
+- lib/seccomp-tools/cli/base.rb
+- lib/seccomp-tools/cli/cli.rb
+- lib/seccomp-tools/cli/disasm.rb
+- lib/seccomp-tools/cli/dump.rb
+- lib/seccomp-tools/const.rb
+- lib/seccomp-tools/consts/amd64.rb
+- lib/seccomp-tools/consts/i386.rb
+- lib/seccomp-tools/context.rb
+- lib/seccomp-tools/disasm.rb
+- lib/seccomp-tools/dumper.rb
+- lib/seccomp-tools/instruction/alu.rb
+- lib/seccomp-tools/instruction/base.rb
+- lib/seccomp-tools/instruction/instruction.rb
+- lib/seccomp-tools/instruction/jmp.rb
+- lib/seccomp-tools/instruction/ld.rb
+- lib/seccomp-tools/instruction/ldx.rb
+- lib/seccomp-tools/instruction/misc.rb
+- lib/seccomp-tools/instruction/ret.rb
+- lib/seccomp-tools/instruction/st.rb
+- lib/seccomp-tools/instruction/stx.rb
+- lib/seccomp-tools/syscall.rb
+- lib/seccomp-tools/util.rb
+- lib/seccomp-tools/version.rb
+homepage: https://github.com/david942j/seccomp-tools
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.10
+signing_key: 
+specification_version: 4
+summary: seccomp-tools
+test_files: []