WIP Linux tracing fix

Signed-off-by: Matthias Glastra <matglas.git@gmail.com>
in-toto · Oct 14, 2024 · 8a69303 · 8a69303
1 parent 1c720f2
commit 8a69303
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 72 deletions.
diff --git a/attestation/commandrun/commandrun.go b/attestation/commandrun/commandrun.go
@@ -80,8 +80,7 @@ func WithSilent(silent bool) Option {
 }
 
 func New(opts ...Option) *CommandRun {
-	cr := &CommandRun{
-	}
+	cr := &CommandRun{}
 
 	for _, opt := range opts {
 		opt(cr)
@@ -110,9 +109,9 @@ type CommandRun struct {
 	ExitCode  int           `json:"exitcode"`
 	Processes []ProcessInfo `json:"processes,omitempty"`
 
-	silent           bool
-	materials        map[string]cryptoutil.DigestSet
-	enableTracing    bool
+	silent        bool
+	materials     map[string]cryptoutil.DigestSet
+	enableTracing bool
 }
 
 func (a *CommandRun) Schema() *jsonschema.Schema {

diff --git a/attestation/commandrun/tracing_linux.go b/attestation/commandrun/tracing_linux.go
@@ -26,8 +26,8 @@ import (
 	"strings"
 
 	"github.com/in-toto/go-witness/attestation"
-	"github.com/in-toto/go-witness/environment"
 	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/environment"
 	"github.com/in-toto/go-witness/log"
 	"golang.org/x/sys/unix"
 )
@@ -200,9 +200,14 @@ func (p *ptraceContext) handleSyscall(pid int, regs unix.PtraceRegs) error {
 		environ, err := os.ReadFile(envinLocation)
 		if err == nil {
 			allVars := strings.Split(string(environ), "\x00")
-			filteredEnviron := p.environmentCapturer.Capture(allVars)
 
-			procInfo.Environ = strings.Join(filteredEnviron, " ")
+			env := make([]string, 0)
+			var capturedEnv map[string]string = p.environmentCapturer.Capture(allVars)
+			for k, v := range capturedEnv {
+				env = append(env, fmt.Sprintf("%s=%s", k, v))
+			}
+
+			procInfo.Environ = strings.Join(env, " ")
 		}
 
 		cmdline, err := os.ReadFile(cmdlineLocation)

diff --git a/attestation/context.go b/attestation/context.go
@@ -231,8 +231,6 @@ func (ctx *AttestationContext) DirHashGlob() []glob.Glob {
 	return ctx.dirHashGlobCompiled
 }
 
-
-
 func (ctx *AttestationContext) CompletedAttestors() []CompletedAttestor {
 	ctx.mutex.RLock()
 	out := make([]CompletedAttestor, len(ctx.completedAttestors))

diff --git a/attestation/environment/environment.go b/attestation/environment/environment.go
@@ -32,10 +32,10 @@ const (
 // This is a hacky way to create a compile time error in case the attestor
 // doesn't implement the expected interfaces.
 var (
-	_                                  attestation.Attestor = &Attestor{}
-	_                                  EnvironmentAttestor  = &Attestor{}
-	defaultFilterSensitiveVarsEnabled                       = false
-	defaultDisableSensitiveVarsDefault                      = false
+	_ attestation.Attestor = &Attestor{}
+	_ EnvironmentAttestor  = &Attestor{}
+	// defaultFilterSensitiveVarsEnabled                       = false
+	// defaultDisableSensitiveVarsDefault                      = false
 )
 
 type EnvironmentAttestor interface {
@@ -48,64 +48,65 @@ type EnvironmentAttestor interface {
 }
 
 func init() {
-	// attestation.RegisterAttestation(Name, Type, RunType, func() attestation.Attestor { return New() },
-	// 	registry.BoolConfigOption(
-	// 		"filter-sensitive-vars",
-	// 		"Switch from obfuscate to filtering variables which removes them from the output completely.",
-	// 		defaultFilterSensitiveVarsEnabled,
-	// 		func(a attestation.Attestor, filterSensitiveVarsEnabled bool) (attestation.Attestor, error) {
-	// 			envAttestor, ok := a.(*Attestor)
-	// 			if !ok {
-	// 				return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
-	// 			}
-
-	// 			envCapture.WithFilterVarsEnabled()(envAttestor.capture)
-	// 			return envAttestor, nil
-	// 		},
-	// 	),
-	// 	registry.BoolConfigOption(
-	// 		"disable-default-sensitive-vars",
-	// 		"Disable the default list of sensitive vars and only use the items mentioned by --attestor-environment-sensitive-key.",
-	// 		defaultDisableSensitiveVarsDefault,
-	// 		func(a attestation.Attestor, disableSensitiveVarsDefault bool) (attestation.Attestor, error) {
-	// 			envAttestor, ok := a.(*Attestor)
-	// 			if !ok {
-	// 				return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
-	// 			}
-
-	// 			envCapture.WithDisableDefaultSensitiveList()(envAttestor.capture)
-	// 			return envAttestor, nil
-	// 		},
-	// 	),
-	// 	registry.StringSliceConfigOption(
-	// 		"add-sensitive-key",
-	// 		"Add keys or globs (e.g. '*TEXT') to the list of sensitive environment keys.",
-	// 		[]string{},
-	// 		func(a attestation.Attestor, additionalKeys []string) (attestation.Attestor, error) {
-	// 			envAttestor, ok := a.(*Attestor)
-	// 			if !ok {
-	// 				return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
-	// 			}
-
-	// 			envCapture.WithAdditionalKeys(additionalKeys)(envAttestor.capture)
-	// 			return envAttestor, nil
-	// 		},
-	// 	),
-	// 	registry.StringSliceConfigOption(
-	// 		"exclude-sensitive-key",
-	// 		"Exclude specific keys from the list of sensitive environment keys. Note: This does not support globs.",
-	// 		[]string{},
-	// 		func(a attestation.Attestor, excludeKeys []string) (attestation.Attestor, error) {
-	// 			envAttestor, ok := a.(*Attestor)
-	// 			if !ok {
-	// 				return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
-	// 			}
-
-	// 			envCapture.WithExcludeKeys(excludeKeys)(envAttestor.capture)
-	// 			return envAttestor, nil
-	// 		},
-	// 	),
-	// )
+	attestation.RegisterAttestation(Name, Type, RunType, func() attestation.Attestor { return New() })
+
+	// registry.BoolConfigOption(
+	// 	"filter-sensitive-vars",
+	// 	"Switch from obfuscate to filtering variables which removes them from the output completely.",
+	// 	defaultFilterSensitiveVarsEnabled,
+	// 	func(a attestation.Attestor, filterSensitiveVarsEnabled bool) (attestation.Attestor, error) {
+	// 		envAttestor, ok := a.(*Attestor)
+	// 		if !ok {
+	// 			return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
+	// 		}
+
+	// 		envCapture.WithFilterVarsEnabled()(envAttestor.capture)
+	// 		return envAttestor, nil
+	// 	},
+	// ),
+	// registry.BoolConfigOption(
+	// 	"disable-default-sensitive-vars",
+	// 	"Disable the default list of sensitive vars and only use the items mentioned by --attestor-environment-sensitive-key.",
+	// 	defaultDisableSensitiveVarsDefault,
+	// 	func(a attestation.Attestor, disableSensitiveVarsDefault bool) (attestation.Attestor, error) {
+	// 		envAttestor, ok := a.(*Attestor)
+	// 		if !ok {
+	// 			return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
+	// 		}
+
+	// 		envCapture.WithDisableDefaultSensitiveList()(envAttestor.capture)
+	// 		return envAttestor, nil
+	// 	},
+	// ),
+	// registry.StringSliceConfigOption(
+	// 	"add-sensitive-key",
+	// 	"Add keys or globs (e.g. '*TEXT') to the list of sensitive environment keys.",
+	// 	[]string{},
+	// 	func(a attestation.Attestor, additionalKeys []string) (attestation.Attestor, error) {
+	// 		envAttestor, ok := a.(*Attestor)
+	// 		if !ok {
+	// 			return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
+	// 		}
+
+	// 		envCapture.WithAdditionalKeys(additionalKeys)(envAttestor.capture)
+	// 		return envAttestor, nil
+	// 	},
+	// ),
+	// registry.StringSliceConfigOption(
+	// 	"exclude-sensitive-key",
+	// 	"Exclude specific keys from the list of sensitive environment keys. Note: This does not support globs.",
+	// 	[]string{},
+	// 	func(a attestation.Attestor, excludeKeys []string) (attestation.Attestor, error) {
+	// 		envAttestor, ok := a.(*Attestor)
+	// 		if !ok {
+	// 			return a, fmt.Errorf("unexpected attestor type: %T is not a environment attestor", a)
+	// 		}
+
+	// 		envCapture.WithExcludeKeys(excludeKeys)(envAttestor.capture)
+	// 		return envAttestor, nil
+	// 	},
+	// ),
+
 }
 
 type Attestor struct {