vivarium 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +67 -7
- data/examples/execve_demo.rb +49 -0
- data/examples/file_operation_demo.rb +68 -0
- data/examples/network_client_demo.rb +76 -0
- data/examples/privilege_event_demo.rb +38 -0
- data/examples/signal_kill_demo.rb +38 -0
- data/lib/vivarium/logger.rb +14 -2
- data/lib/vivarium/version.rb +1 -1
- data/lib/vivarium.rb +1221 -136
- data/sig/vivarium.rbs +28 -0
- metadata +22 -3
data/sig/vivarium.rbs
CHANGED
|
@@ -5,11 +5,13 @@ module Vivarium
|
|
|
5
5
|
end
|
|
6
6
|
|
|
7
7
|
class Event < ::Struct
|
|
8
|
+
attr_accessor ktime_ns: Integer?
|
|
8
9
|
attr_accessor pid: Integer?
|
|
9
10
|
attr_accessor event_name: String?
|
|
10
11
|
attr_accessor payload: String?
|
|
11
12
|
|
|
12
13
|
def empty?: bool
|
|
14
|
+
def severity: () -> String
|
|
13
15
|
def self.from_binary: (String raw) -> Event
|
|
14
16
|
end
|
|
15
17
|
|
|
@@ -39,11 +41,37 @@ module Vivarium
|
|
|
39
41
|
|
|
40
42
|
EVENT_NAME_SIZE: Integer
|
|
41
43
|
EVENT_PAYLOAD_SIZE: Integer
|
|
44
|
+
EVENT_TS_SIZE: Integer
|
|
45
|
+
PROC_EXEC_SLOT_SIZE: Integer
|
|
46
|
+
PROC_EXEC_SLOT_COUNT: Integer
|
|
42
47
|
EVENT_STRUCT_SIZE: Integer
|
|
48
|
+
EVENT_TS_OFFSET: Integer
|
|
49
|
+
EVENT_PID_OFFSET: Integer
|
|
50
|
+
EVENT_NAME_OFFSET: Integer
|
|
51
|
+
EVENT_PAYLOAD_OFFSET: Integer
|
|
43
52
|
EVENT_CAPACITY: Integer
|
|
44
53
|
|
|
45
54
|
def self.bpf_pin_dir: () -> String
|
|
46
55
|
def self.bpf_pin_dir=: (String dir) -> String
|
|
56
|
+
def self.event_severity: (String event_name) -> String
|
|
57
|
+
def self.decode_dns_qname: (String raw_payload) -> String
|
|
58
|
+
def self.decode_sock_connect_payload: (String raw_payload) -> String
|
|
59
|
+
def self.decode_odd_socket_payload: (String raw_payload) -> String
|
|
60
|
+
def self.decode_bad_socket_payload: (String raw_payload) -> String
|
|
61
|
+
def self.decode_proc_exec_payload: (String raw_payload) -> String
|
|
62
|
+
def self.decode_ptrace_check_payload: (String raw_payload) -> String
|
|
63
|
+
def self.decode_sb_mount_payload: (String raw_payload) -> String
|
|
64
|
+
def self.decode_kernel_read_file_payload: (String raw_payload) -> String
|
|
65
|
+
def self.decode_task_kill_payload: (String raw_payload) -> String
|
|
66
|
+
def self.decode_setid_change_payload: (String raw_payload) -> String
|
|
67
|
+
def self.decode_capable_check_payload: (String raw_payload) -> String
|
|
68
|
+
def self.decode_bprm_creds_payload: (String raw_payload) -> String
|
|
69
|
+
def self.decode_file_symlink_payload: (String raw_payload) -> String
|
|
70
|
+
def self.decode_file_hardlink_payload: (String raw_payload) -> String
|
|
71
|
+
def self.decode_file_rename_payload: (String raw_payload) -> String
|
|
72
|
+
def self.decode_file_chmod_payload: (String raw_payload) -> String
|
|
73
|
+
def self.decode_file_getdents_payload: (String raw_payload) -> String
|
|
74
|
+
def self.render_event_payload: (Event event) -> String
|
|
47
75
|
def self.observe: (?pin_dir: String pin_dir, ?logger: untyped logger, ?dest: untyped dest, ?format: Symbol format) { () -> untyped } -> untyped
|
|
48
76
|
def self.top_observe: (?pin_dir: String pin_dir, ?logger: untyped logger, ?dest: untyped dest, ?format: Symbol format) -> ObservationSession
|
|
49
77
|
def self.filter_internal_frames?: () -> bool
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vivarium
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Uchio Kondo
|
|
@@ -15,14 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - "~>"
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.11.
|
|
18
|
+
version: 0.11.4
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - "~>"
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.11.
|
|
25
|
+
version: 0.11.4
|
|
26
|
+
- !ruby/object:Gem::Dependency
|
|
27
|
+
name: ostruct
|
|
28
|
+
requirement: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '0'
|
|
33
|
+
type: :development
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
26
40
|
description: Vivarium visualizes low-level events such as file open paths and relates
|
|
27
41
|
them to Ruby method boundaries by combining RbBCC (eBPF LSM) and TracePoint.
|
|
28
42
|
email:
|
|
@@ -34,6 +48,11 @@ extra_rdoc_files: []
|
|
|
34
48
|
files:
|
|
35
49
|
- README.md
|
|
36
50
|
- Rakefile
|
|
51
|
+
- examples/execve_demo.rb
|
|
52
|
+
- examples/file_operation_demo.rb
|
|
53
|
+
- examples/network_client_demo.rb
|
|
54
|
+
- examples/privilege_event_demo.rb
|
|
55
|
+
- examples/signal_kill_demo.rb
|
|
37
56
|
- exe/vivariumd
|
|
38
57
|
- lib/vivarium.rb
|
|
39
58
|
- lib/vivarium/logger.rb
|