Skip to content

Commit

Permalink
Add new environment to commandrun
Browse files Browse the repository at this point in the history
Signed-off-by: Matthias Glastra <[email protected]>
  • Loading branch information
matglas committed Oct 14, 2024
1 parent d714a76 commit bcb32c1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 14 deletions.
8 changes: 0 additions & 8 deletions attestation/commandrun/commandrun.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,15 +80,8 @@ func WithSilent(silent bool) Option {
}
}

func WithEnvironmentBlockList(blockList map[string]struct{}) Option {
return func(cr *CommandRun) {
cr.sensitiveEnvList = blockList
}
}

func New(opts ...Option) *CommandRun {
cr := &CommandRun{
sensitiveEnvList: environment.DefaultSensitiveEnvList(),
}

for _, opt := range opts {
Expand Down Expand Up @@ -121,7 +114,6 @@ type CommandRun struct {
silent bool
materials map[string]cryptoutil.DigestSet
enableTracing bool
sensitiveEnvList map[string]struct{}
}

func (a *CommandRun) Schema() *jsonschema.Schema {
Expand Down
9 changes: 3 additions & 6 deletions attestation/commandrun/tracing_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ type ptraceContext struct {
processes map[int]*ProcessInfo
exitCode int
hash []cryptoutil.DigestValue
sensitiveEnvList map[string]struct{}
environmentCapturer *environment.Capture

Check failure on line 45 in attestation/commandrun/tracing_linux.go

View workflow job for this annotation

GitHub Actions / sast / witness

undefined: environment.Capture

Check failure on line 45 in attestation/commandrun/tracing_linux.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

undefined: environment.Capture
}

func enableTracing(c *exec.Cmd) {
Expand All @@ -57,7 +57,7 @@ func (r *CommandRun) trace(c *exec.Cmd, actx *attestation.AttestationContext) ([
mainProgram: c.Path,
processes: make(map[int]*ProcessInfo),
hash: actx.Hashes(),
sensitiveEnvList: r.sensitiveEnvList,
environmentCapturer: actx.EnvironmentCapturer(),
}

if err := pctx.runTrace(); err != nil {
Expand Down Expand Up @@ -200,10 +200,7 @@ func (p *ptraceContext) handleSyscall(pid int, regs unix.PtraceRegs) error {
environ, err := os.ReadFile(envinLocation)
if err == nil {
allVars := strings.Split(string(environ), "\x00")
filteredEnviron := make([]string, 0)
environment.FilterEnvironmentArray(allVars, p.sensitiveEnvList, map[string]struct{}{}, func(_, _, varStr string) {
filteredEnviron = append(filteredEnviron, varStr)
})
filteredEnviron := p.environmentCapturer.Capture(allVars)

procInfo.Environ = strings.Join(filteredEnviron, " ")
}
Expand Down

0 comments on commit bcb32c1

Please sign in to comment.