From f5371e8da48f7ce9117fbce284da86d8daeaf051 Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Thu, 5 Oct 2023 18:50:46 -0700 Subject: [PATCH 1/4] Update eventhandler.go --- eventhandler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eventhandler.go b/eventhandler.go index 85bb864..23e6eb6 100644 --- a/eventhandler.go +++ b/eventhandler.go @@ -40,7 +40,7 @@ func (eventHandler *EventHandler) handleFileEvent(event *Event) { if !strings.HasPrefix(event.FileName, "/") { event.FileName = path.Join(event.Path, event.FileName) } - + WriteLog(fmt.Sprintf("[FileWrite] file: %s syscall: %s by exe: %s", event.FileName, event.Syscall, event.Exe)) if strings.Contains(event.FileName, "post_event.json") { WriteLog("\n") WriteLog("post_event called") From 7eb4a36407878be216957bc741672cf8e0a1d79c Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Thu, 5 Oct 2023 19:10:35 -0700 Subject: [PATCH 2/4] Update procmon_linux.go --- procmon_linux.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/procmon_linux.go b/procmon_linux.go index 297782b..d0e1774 100644 --- a/procmon_linux.go +++ b/procmon_linux.go @@ -55,7 +55,8 @@ func (p *ProcessMonitor) MonitorProcesses(errc chan error) { if len(workingDirectory) == 0 { workingDirectory = "/home/runner" } - r, _ := flags.Parse(fmt.Sprintf("-a exit,always -F dir=%s -F perm=wa -S open -S openat -S rename -S renameat -k %s", workingDirectory, fileMonitorTag)) + //r, _ := flags.Parse(fmt.Sprintf("-a exit,always -F dir=%s -F perm=wa -S open -S openat -S rename -S renameat -k %s", workingDirectory, fileMonitorTag)) + r, _ := flags.Parse(fmt.Sprintf("-w %s -p w -k %s", workingDirectory, fileMonitorTag)) actualBytes, _ := rule.Build(r) From 2894e2e83d102935741acaec5fb7009a96e23a8e Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Sun, 31 Mar 2024 21:46:48 -0700 Subject: [PATCH 3/4] Treat all files as source --- eventhandler.go | 2 +- procmon_linux.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eventhandler.go b/eventhandler.go index 23e6eb6..5bed034 100644 --- a/eventhandler.go +++ b/eventhandler.go @@ -98,7 +98,7 @@ func isSourceCodeFile(fileName string) bool { return true } - return false + return true } func (eventHandler *EventHandler) handleProcessEvent(event *Event) { diff --git a/procmon_linux.go b/procmon_linux.go index d0e1774..8e1507d 100644 --- a/procmon_linux.go +++ b/procmon_linux.go @@ -55,8 +55,8 @@ func (p *ProcessMonitor) MonitorProcesses(errc chan error) { if len(workingDirectory) == 0 { workingDirectory = "/home/runner" } - //r, _ := flags.Parse(fmt.Sprintf("-a exit,always -F dir=%s -F perm=wa -S open -S openat -S rename -S renameat -k %s", workingDirectory, fileMonitorTag)) - r, _ := flags.Parse(fmt.Sprintf("-w %s -p w -k %s", workingDirectory, fileMonitorTag)) + r, _ := flags.Parse(fmt.Sprintf("-a exit,always -F dir=%s -F perm=wa -S open -S openat -S rename -S renameat -k %s", workingDirectory, fileMonitorTag)) + //r, _ := flags.Parse(fmt.Sprintf("-w %s -p w -k %s", workingDirectory, fileMonitorTag)) actualBytes, _ := rule.Build(r) From cb4eb3a1f73421ef251435c340c9f32c0f9f7d41 Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Mon, 1 Apr 2024 06:57:58 -0700 Subject: [PATCH 4/4] Update eventhandler.go --- eventhandler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eventhandler.go b/eventhandler.go index 5bed034..1463e22 100644 --- a/eventhandler.go +++ b/eventhandler.go @@ -40,7 +40,7 @@ func (eventHandler *EventHandler) handleFileEvent(event *Event) { if !strings.HasPrefix(event.FileName, "/") { event.FileName = path.Join(event.Path, event.FileName) } - WriteLog(fmt.Sprintf("[FileWrite] file: %s syscall: %s by exe: %s", event.FileName, event.Syscall, event.Exe)) + //WriteLog(fmt.Sprintf("[FileWrite] file: %s syscall: %s by exe: %s", event.FileName, event.Syscall, event.Exe)) if strings.Contains(event.FileName, "post_event.json") { WriteLog("\n") WriteLog("post_event called")