Skip to content

Commit

Permalink
libbeat/processors/add_process_metadata: fix environment collection (#…
Browse files Browse the repository at this point in the history 
…36471) (#36503)

Previously, the go-sysinfo types.Process was not being queried for its
environment value if it existed. This is conditionally available
depending on platform, so check and add it if it is.

(cherry picked from commit 1209bca)

Co-authored-by: Dan Kortschak <[email protected]>
  • Loading branch information
@mergify @efd6
mergify[bot] and efd6 authored Sep 5, 2023
1 parent b6853e5 commit 685c7f0
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 6 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Eliminate cloning of event in deepUpdate {pull}35945[35945]
- Fix ndjson parser to store JSON fields correctly under `target` {issue}29395[29395]
- Support build of projects outside of beats directory {pull}36126[36126]

- Fix environment capture by `add_process_metadata` processor. {issue}36469[36469] {pull}36471[36471]


*Auditbeat*
Expand Down
27 changes: 24 additions & 3 deletions libbeat/processors/add_process_metadata/add_process_metadata_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import (
"errors"
"math"
"os"
"runtime"
"strings"
"testing"
"time"
"unsafe"
Expand Down Expand Up @@ -819,9 +821,10 @@ func TestUsingCache(t *testing.T) {
}

config, err := conf.NewConfigFrom(mapstr.M{
"match_pids": []string{"system.process.ppid"},
"include_fields": []string{"container.id"},
"target": "meta",
"match_pids": []string{"system.process.ppid"},
"include_fields": []string{"container.id", "process.env"},
"target": "meta",
"restricted_fields": true,
})
if err != nil {
t.Fatal(err)
Expand Down Expand Up @@ -853,6 +856,24 @@ func TestUsingCache(t *testing.T) {
}
assert.Equal(t, "b5285682fba7449c86452b89a800609440ecc88a7ba5f2d38bedfb85409b30b1", containerID)

// check environment for GOOSes that support it.
switch runtime.GOOS {
case "darwin", "linux":
env, err := result.Fields.GetValue("meta.process.env")
if err != nil {
t.Fatal(err)
}
// The event is for this process, so we can just grab our env to compare.
want := make(map[string]string)
for _, kv := range os.Environ() {
k, v, ok := strings.Cut(kv, "=")
if ok {
want[k] = v
}
}
assert.Equal(t, want, env)
}

ev = beat.Event{
Fields: mapstr.M{
"system": mapstr.M{
Expand Down
9 changes: 7 additions & 2 deletions libbeat/processors/add_process_metadata/gosysinfo_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ import (
type gosysinfoProvider struct{}

func (p gosysinfoProvider) GetProcessMetadata(pid int) (result *processMetadata, err error) {
var proc types.Process
proc, err = sysinfo.Process(pid)
proc, err := sysinfo.Process(pid)
if err != nil {
return nil, err
}
Expand All @@ -40,6 +39,11 @@ func (p gosysinfoProvider) GetProcessMetadata(pid int) (result *processMetadata,
return nil, err
}

var env map[string]string
if e, ok := proc.(types.Environment); ok {
env, _ = e.Environment()
}

username, userid := "", ""
if userInfo, err := proc.User(); err == nil {
userid = userInfo.UID
Expand All @@ -51,6 +55,7 @@ func (p gosysinfoProvider) GetProcessMetadata(pid int) (result *processMetadata,
r := processMetadata{
name: info.Name,
args: info.Args,
env: env,
title: strings.Join(info.Args, " "),
exe: info.Exe,
pid: info.PID,
Expand Down

0 comments on commit 685c7f0

Please sign in to comment.