RubyGems - vivarium - Versions diffs - 0.1.2 → 0.3.0 - Mend

vivarium 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/CONTEXT.md +535 -0
data/README.md +56 -7
data/examples/execve_demo.rb +49 -0
data/examples/file_operation_demo.rb +68 -0
data/examples/privilege_event_demo.rb +38 -0
data/examples/raise_demo.rb +42 -0
data/examples/signal_kill_demo.rb +38 -0
data/examples/sudo_attempt_demo.rb +18 -0
data/exe/vivarium +6 -0
data/image.png +0 -0
data/lib/vivarium/cli.rb +40 -0
data/lib/vivarium/correlator.rb +137 -0
data/lib/vivarium/tree_renderer.rb +543 -0
data/lib/vivarium/version.rb +1 -1
data/lib/vivarium.rb +985 -157
data/logo-simple.png +0 -0
data/sig/vivarium.rbs +17 -0
metadata +46 -5
data/lib/vivarium/logger.rb +0 -68

data/logo-simple.png ADDED Viewed

Binary file

data/sig/vivarium.rbs CHANGED Viewed

@@ -11,6 +11,7 @@ module Vivarium
     attr_accessor payload: String?
     def empty?: bool
+    def severity: () -> String
     def self.from_binary: (String raw) -> Event
   end
@@ -41,6 +42,8 @@ module Vivarium
   EVENT_NAME_SIZE: Integer
   EVENT_PAYLOAD_SIZE: Integer
   EVENT_TS_SIZE: Integer
+  PROC_EXEC_SLOT_SIZE: Integer
+  PROC_EXEC_SLOT_COUNT: Integer
   EVENT_STRUCT_SIZE: Integer
   EVENT_TS_OFFSET: Integer
   EVENT_PID_OFFSET: Integer
@@ -50,10 +53,24 @@ module Vivarium
   def self.bpf_pin_dir: () -> String
   def self.bpf_pin_dir=: (String dir) -> String
+  def self.event_severity: (String event_name) -> String
   def self.decode_dns_qname: (String raw_payload) -> String
   def self.decode_sock_connect_payload: (String raw_payload) -> String
   def self.decode_odd_socket_payload: (String raw_payload) -> String
   def self.decode_bad_socket_payload: (String raw_payload) -> String
+  def self.decode_proc_exec_payload: (String raw_payload) -> String
+  def self.decode_ptrace_check_payload: (String raw_payload) -> String
+  def self.decode_sb_mount_payload: (String raw_payload) -> String
+  def self.decode_kernel_read_file_payload: (String raw_payload) -> String
+  def self.decode_task_kill_payload: (String raw_payload) -> String
+  def self.decode_setid_change_payload: (String raw_payload) -> String
+  def self.decode_capable_check_payload: (String raw_payload) -> String
+  def self.decode_bprm_creds_payload: (String raw_payload) -> String
+  def self.decode_file_symlink_payload: (String raw_payload) -> String
+  def self.decode_file_hardlink_payload: (String raw_payload) -> String
+  def self.decode_file_rename_payload: (String raw_payload) -> String
+  def self.decode_file_chmod_payload: (String raw_payload) -> String
+  def self.decode_file_getdents_payload: (String raw_payload) -> String
   def self.render_event_payload: (Event event) -> String
   def self.observe: (?pin_dir: String pin_dir, ?logger: untyped logger, ?dest: untyped dest, ?format: Symbol format) { () -> untyped } -> untyped
   def self.top_observe: (?pin_dir: String pin_dir, ?logger: untyped logger, ?dest: untyped dest, ?format: Symbol format) -> ObservationSession

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vivarium
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Uchio Kondo
@@ -15,30 +15,71 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.11.4
+        version: 0.11.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.11.4
+        version: 0.11.8
+- !ruby/object:Gem::Dependency
+  name: vivarium_usdt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Vivarium visualizes low-level events such as file open paths and relates
   them to Ruby method boundaries by combining RbBCC (eBPF LSM) and TracePoint.
 email:
 - udzura@udzura.jp
 executables:
+- vivarium
 - vivariumd
 extensions: []
 extra_rdoc_files: []
 files:
+- CONTEXT.md
 - README.md
 - Rakefile
+- examples/execve_demo.rb
+- examples/file_operation_demo.rb
 - examples/network_client_demo.rb
+- examples/privilege_event_demo.rb
+- examples/raise_demo.rb
+- examples/signal_kill_demo.rb
+- examples/sudo_attempt_demo.rb
+- exe/vivarium
 - exe/vivariumd
+- image.png
 - lib/vivarium.rb
-- lib/vivarium/logger.rb
+- lib/vivarium/cli.rb
+- lib/vivarium/correlator.rb
+- lib/vivarium/tree_renderer.rb
 - lib/vivarium/version.rb
+- logo-simple.png
 - sig/vivarium.rbs
 homepage: https://github.com/udzura/vivarium
 licenses: []
@@ -61,7 +102,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.6
+rubygems_version: 4.0.10
 specification_version: 4
 summary: Ruby observation and sandbox helper with RbBCC + TracePoint
 test_files: []

data/lib/vivarium/logger.rb DELETED Viewed

@@ -1,68 +0,0 @@
-# frozen_string_literal: true
-require "json"
-module Vivarium
-  class Logger
-    FORMATS = %i[human json].freeze
-    # dest: IO object or file path string
-    # format: :human or :json
-    # TODO: support flushing in bulk for performance
-    def initialize(dest: $stdout, format: :human)
-      @format = format.to_sym
-      raise ArgumentError, "unknown format: #{@format}; choose from #{FORMATS.join(', ')}" unless FORMATS.include?(@format)
-      if dest.is_a?(String)
-        @io = File.open(dest, "a")
-        @owned = true
-      else
-        @io = dest
-        @owned = false
-      end
-    end
-    def log(events, tp, stack)
-      case @format
-      when :human then log_human(events, tp, stack)
-      when :json  then log_json(events, tp, stack)
-      end
-      @io.flush
-    end
-    def info(message)
-      @io.puts("[vivarium] #{message}")
-      @io.flush
-    end
-    def close
-      @io.close if @owned
-    end
-    private
-    def log_human(events, tp, stack)
-      @io.puts "[vivarium] #{events.size} event(s) at #{tp.defined_class}##{tp.method_id} (#{tp.event})"
-      @io.puts "  location: #{tp.path}:#{tp.lineno}"
-      events.each do |event|
-        @io.puts "  ktime_ns=#{event.ktime_ns} pid=#{event.pid} #{event.event_name} payload=#{Vivarium.render_event_payload(event)}"
-      end
-      @io.puts "  stack:"
-      stack.each do |loc|
-        @io.puts "    #{loc.path}:#{loc.lineno}:in #{loc.base_label}"
-      end
-    end
-    def log_json(events, tp, stack)
-      entry = {
-        at:     "#{tp.defined_class}##{tp.method_id}",
-        event:  tp.event.to_s,
-        path:   tp.path,
-        lineno: tp.lineno,
-        events: events.map { |e| { ktime_ns: e.ktime_ns, pid: e.pid, event_name: e.event_name, payload: Vivarium.render_event_payload(e) } },
-        stack:  stack.map { |loc| "#{loc.path}:#{loc.lineno}:in #{loc.base_label}" }
-      }
-      @io.puts JSON.generate(entry)
-    end
-  end
-end