fix(scan): yum ps warning for Red Hat family (#1174)

* fix(yumps): no debug message for known patterns * refactor(scan): yum-ps * refacotr(scan): pkgPs
2021-02-12 13:03:06 +09:00
parent 847c6438e7
commit abd8041772
4 changed files with 223 additions and 219 deletions
--- a/scan/base.go
+++ b/scan/base.go
@@ -920,3 +920,85 @@ func (l *base) parseLsOf(stdout string) map[string][]string {
 	}
 	return portPids
 }
+
+func (l *base) pkgPs(getOwnerPkgs func([]string) ([]string, error)) error {
+	stdout, err := l.ps()
+	if err != nil {
+		return xerrors.Errorf("Failed to pkgPs: %w", err)
+	}
+	pidNames := l.parsePs(stdout)
+	pidLoadedFiles := map[string][]string{}
+	for pid := range pidNames {
+		stdout := ""
+		stdout, err = l.lsProcExe(pid)
+		if err != nil {
+			l.log.Debugf("Failed to exec ls -l /proc/%s/exe err: %s", pid, err)
+			continue
+		}
+		s, err := l.parseLsProcExe(stdout)
+		if err != nil {
+			l.log.Debugf("Failed to parse /proc/%s/exe: %s", pid, err)
+			continue
+		}
+		pidLoadedFiles[pid] = append(pidLoadedFiles[pid], s)
+
+		stdout, err = l.grepProcMap(pid)
+		if err != nil {
+			l.log.Debugf("Failed to exec /proc/%s/maps: %s", pid, err)
+			continue
+		}
+		ss := l.parseGrepProcMap(stdout)
+		pidLoadedFiles[pid] = append(pidLoadedFiles[pid], ss...)
+	}
+
+	pidListenPorts := map[string][]models.PortStat{}
+	stdout, err = l.lsOfListen()
+	if err != nil {
+		// warning only, continue scanning
+		l.log.Warnf("Failed to lsof: %+v", err)
+	}
+	portPids := l.parseLsOf(stdout)
+	for ipPort, pids := range portPids {
+		for _, pid := range pids {
+			portStat, err := models.NewPortStat(ipPort)
+			if err != nil {
+				l.log.Warnf("Failed to parse ip:port: %s, err: %+v", ipPort, err)
+				continue
+			}
+			pidListenPorts[pid] = append(pidListenPorts[pid], *portStat)
+		}
+	}
+
+	for pid, loadedFiles := range pidLoadedFiles {
+		pkgNames, err := getOwnerPkgs(loadedFiles)
+		if err != nil {
+			l.log.Warnf("Failed to get owner pkgs of: %s", loadedFiles)
+			continue
+		}
+		uniq := map[string]struct{}{}
+		for _, name := range pkgNames {
+			uniq[name] = struct{}{}
+		}
+
+		procName := ""
+		if _, ok := pidNames[pid]; ok {
+			procName = pidNames[pid]
+		}
+		proc := models.AffectedProcess{
+			PID:             pid,
+			Name:            procName,
+			ListenPortStats: pidListenPorts[pid],
+		}
+
+		for name := range uniq {
+			p, ok := l.Packages[name]
+			if !ok {
+				l.log.Warnf("Failed to find a running pkg: %s", name)
+				continue
+			}
+			p.AffectedProcs = append(p.AffectedProcs, proc)
+			l.Packages[p.Name] = p
+		}
+	}
+	return nil
+}