Skip to content

Commit

Permalink
libbeat/processors/add_process_metadata: fix environment collection (#…
Browse files Browse the repository at this point in the history
…36471)

Previously, the go-sysinfo types.Process was not being queried for its
environment value if it existed. This is conditionally available
depending on platform, so check and add it if it is.
  • Loading branch information
efd6 authored Sep 5, 2023
1 parent 98b9f2c commit 1209bca
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 6 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Eliminate cloning of event in deepUpdate {pull}35945[35945]
- Fix ndjson parser to store JSON fields correctly under `target` {issue}29395[29395]
- Support build of projects outside of beats directory {pull}36126[36126]

- Fix environment capture by `add_process_metadata` processor. {issue}36469[36469] {pull}36471[36471]


*Auditbeat*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import (
"errors"
"math"
"os"
"runtime"
"strings"
"testing"
"time"
"unsafe"
Expand Down Expand Up @@ -819,9 +821,10 @@ func TestUsingCache(t *testing.T) {
}

config, err := conf.NewConfigFrom(mapstr.M{
"match_pids": []string{"system.process.ppid"},
"include_fields": []string{"container.id"},
"target": "meta",
"match_pids": []string{"system.process.ppid"},
"include_fields": []string{"container.id", "process.env"},
"target": "meta",
"restricted_fields": true,
})
if err != nil {
t.Fatal(err)
Expand Down Expand Up @@ -853,6 +856,24 @@ func TestUsingCache(t *testing.T) {
}
assert.Equal(t, "b5285682fba7449c86452b89a800609440ecc88a7ba5f2d38bedfb85409b30b1", containerID)

// check environment for GOOSes that support it.
switch runtime.GOOS {
case "darwin", "linux":
env, err := result.Fields.GetValue("meta.process.env")
if err != nil {
t.Fatal(err)
}
// The event is for this process, so we can just grab our env to compare.
want := make(map[string]string)
for _, kv := range os.Environ() {
k, v, ok := strings.Cut(kv, "=")
if ok {
want[k] = v
}
}
assert.Equal(t, want, env)
}

ev = beat.Event{
Fields: mapstr.M{
"system": mapstr.M{
Expand Down
9 changes: 7 additions & 2 deletions libbeat/processors/add_process_metadata/gosysinfo_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ import (
type gosysinfoProvider struct{}

func (p gosysinfoProvider) GetProcessMetadata(pid int) (result *processMetadata, err error) {
var proc types.Process
proc, err = sysinfo.Process(pid)
proc, err := sysinfo.Process(pid)
if err != nil {
return nil, err
}
Expand All @@ -40,6 +39,11 @@ func (p gosysinfoProvider) GetProcessMetadata(pid int) (result *processMetadata,
return nil, err
}

var env map[string]string
if e, ok := proc.(types.Environment); ok {
env, _ = e.Environment()
}

username, userid := "", ""
if userInfo, err := proc.User(); err == nil {
userid = userInfo.UID
Expand All @@ -51,6 +55,7 @@ func (p gosysinfoProvider) GetProcessMetadata(pid int) (result *processMetadata,
r := processMetadata{
name: info.Name,
args: info.Args,
env: env,
title: strings.Join(info.Args, " "),
exe: info.Exe,
pid: info.PID,
Expand Down

0 comments on commit 1209bca

Please sign in to comment.