From 8d9ff5908dc774918bbdc1c932b51f73c80d6bf7 Mon Sep 17 00:00:00 2001 From: Bruce Bujon Date: Thu, 5 Sep 2024 13:45:15 +0200 Subject: [PATCH] feat: Add initial deny list --- .gitlab/prepare-oci-package.sh | 1 + metadata/base-requirements.json | 82 +++++ metadata/build-requirements.sh | 84 +++++ metadata/denied-arguments.tsv | 33 ++ metadata/denied-environment-variables.tsv | 5 + metadata/requirements.json | 419 ++++++++++++++++++++++ 6 files changed, 624 insertions(+) create mode 100644 metadata/base-requirements.json create mode 100755 metadata/build-requirements.sh create mode 100644 metadata/denied-arguments.tsv create mode 100644 metadata/denied-environment-variables.tsv create mode 100644 metadata/requirements.json diff --git a/.gitlab/prepare-oci-package.sh b/.gitlab/prepare-oci-package.sh index 38ae97ea950..8a7caea76c2 100755 --- a/.gitlab/prepare-oci-package.sh +++ b/.gitlab/prepare-oci-package.sh @@ -10,3 +10,4 @@ fi mkdir -p sources cp ../workspace/dd-java-agent/build/libs/*.jar sources/dd-java-agent.jar echo -n "$VERSION" > sources/version +cp ../metadata/requirements.json sources/ diff --git a/metadata/base-requirements.json b/metadata/base-requirements.json new file mode 100644 index 00000000000..b79d3878416 --- /dev/null +++ b/metadata/base-requirements.json @@ -0,0 +1,82 @@ +{ + "version": 1, + "deny": [ + { + "id": "unsupported_jvm", + "description": "Skip older JVMs", + "os": null, + "cmds": [ + "**/java-1.5*/**/java", + "**/java-1.6*/**/java", + "**/java-6*/**/java", + "**/java-7/**/java" + ], + "args": [], + "envars": null + }, + { + "id": "java8_version", + "description": "Skip java -version command", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "-version" + ], + "position": 0 + } + ], + "envars": null + }, + { + "id": "java_version", + "description": "Skip java --version command", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "--version" + ], + "position": 0 + } + ], + "envars": null + } + ], + "native_deps": { + "glibc": [ + { + "arch": "x86", + "supported": true + }, + { + "arch": "x64", + "supported": true + }, + { + "arch": "arm64", + "supported": true + } + ], + "musl": [ + { + "arch": "x86", + "supported": true + }, + { + "arch": "x64", + "supported": true + }, + { + "arch": "arm64", + "supported": true + } + ] + } +} \ No newline at end of file diff --git a/metadata/build-requirements.sh b/metadata/build-requirements.sh new file mode 100755 index 00000000000..3422e8d2a69 --- /dev/null +++ b/metadata/build-requirements.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# +# This script builds the requirements.json file based on +# - the base-requirements.json as base file, +# - the denied-arguments.tsv as rules to exclude application from their arguments (main classes, System properties, application arguments), +# - the denied-environment-variables.tsv as rules to exclude applications from their exported environment variables. +# + +log-json() { + local JSON=$1 + echo "Logging JSON" + echo "$JSON" | jq +} + +# +# Initialize requirements from base file +# +JSON=$(cat base-requirements.json) + +# +# Append deny list entries based on arguments +# +while read -r ENTRY; do + # Skip comments or empty lines + if [[ -z $ENTRY || $ENTRY == \#* ]]; then + continue + fi + # Take first word + IDENTIFIER=$(echo "$ENTRY" | awk '{print $1}') + # Take second word + ARGUMENT=$(echo "$ENTRY" | awk '{print $2}') + # Take the rest as description + DESCRIPTION=$(echo "$ENTRY" | awk '{for(i=3;i<=NF;++i) printf "%s%s", $i, (i requirements.json diff --git a/metadata/denied-arguments.tsv b/metadata/denied-arguments.tsv new file mode 100644 index 00000000000..01614d77e2a --- /dev/null +++ b/metadata/denied-arguments.tsv @@ -0,0 +1,33 @@ +# Identifier Argument Description + +# Apache ActiveMQ Artemis +apache_activemq_artemis org.apache.activemq.artemis.boot.Artemis Skip Apache ActiveMQ Artemis + +# Apache Cassandra + +apache_cassandra org.apache.cassandra.service.CassandraDaemon Skip Apache Cassandra +apache_cassandra_debugcql org.apache.cassandra.transport.Client Skip Apache Cassandra debug-cql +apache_cassandra_nodetool org.apache.cassandra.tools.NodeTool Skip Apache Cassandra nodetool +apache_cassandra_sstableloader org.apache.cassandra.tools.BulkLoader Skip Apache Cassandra sstableloader +apache_cassandra_sstablescrub org.apache.cassandra.tools.StandaloneScrubber Skip Apache Cassandra stablescrub +apache_cassandra_sstableupgrade org.apache.cassandra.tools.StandaloneUpgrader Skip Apache Cassandra sstableupgrade +apache_cassandra_sstableutil org.apache.cassandra.tools.StandaloneSSTableUtil Skip Apache Cassandra sstableutil +apache_cassandra_sstableverify org.apache.cassandra.tools.StandaloneVerifier Skip Apache Cassandra sstableverify + +# Apache Lucene +apache_lucene8_luke org.apache.lucene.luke.app.desktop.LukeMain Skip Lucene 8 Luke +apache_lucene9_luke org.apache.lucene.luke Skip Apache Netbeans + +# Apache Netbeans +apache_netbeans org.netbeans.Main Skip Apache Netbeans + +# Apache Solr 8 +apache_solr8_start -Dsolr.solr.home=* Skip Apache Solr 8 start command using System Properties +apache_solr8_stop *solr/server/start.jar Skip Apache Solr 8 stop using path to jar +apache_solr8_tools org.apache.solr.util.SolrCLI Skip Apache Solr 8 CLI tools + +# Elastic Search 7+ +elasticsearch7 -Des.path.home=* Skip Elastic Search 7+ commands + +# Jetbrains IntelliJ IDEA +intellij_idea com.intellij.idea.Main Skip Jetbrains IntelliJ IDEA diff --git a/metadata/denied-environment-variables.tsv b/metadata/denied-environment-variables.tsv new file mode 100644 index 00000000000..556912ccf34 --- /dev/null +++ b/metadata/denied-environment-variables.tsv @@ -0,0 +1,5 @@ +# Identifier EnvironmentVariable Description +apache_hbase HBASE_HOME Skip Apache HBase +apache_hadoop3 HADOOP_HOME Skip Apache Hadoop 3 +apache_hive HIVE_HOME Skip Apache Hive +apache_solr9 SOLR_PORT Skip Apache Solr 9 diff --git a/metadata/requirements.json b/metadata/requirements.json new file mode 100644 index 00000000000..1e93dda429c --- /dev/null +++ b/metadata/requirements.json @@ -0,0 +1,419 @@ +{ + "version": 1, + "deny": [ + { + "id": "unsupported_jvm", + "description": "Skip older JVMs", + "os": null, + "cmds": [ + "**/java-1.5*/**/java", + "**/java-1.6*/**/java", + "**/java-6*/**/java", + "**/java-7/**/java" + ], + "args": [], + "envars": null + }, + { + "id": "java8_version", + "description": "Skip java -version command", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "-version" + ], + "position": 0 + } + ], + "envars": null + }, + { + "id": "java_version", + "description": "Skip java --version command", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "--version" + ], + "position": 0 + } + ], + "envars": null + }, + { + "id": "apache_activemq_artemis", + "description": "Skip Apache ActiveMQ Artemis", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.activemq.artemis.boot.Artemis" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra", + "description": "Skip Apache Cassandra", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.service.CassandraDaemon" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_debugcql", + "description": "Skip Apache Cassandra debug-cql", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.transport.Client" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_nodetool", + "description": "Skip Apache Cassandra nodetool", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.tools.NodeTool" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_sstableloader", + "description": "Skip Apache Cassandra sstableloader", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.tools.BulkLoader" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_sstablescrub", + "description": "Skip Apache Cassandra stablescrub", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.tools.StandaloneScrubber" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_sstableupgrade", + "description": "Skip Apache Cassandra sstableupgrade", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.tools.StandaloneUpgrader" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_sstableutil", + "description": "Skip Apache Cassandra sstableutil", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.tools.StandaloneSSTableUtil" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_cassandra_sstableverify", + "description": "Skip Apache Cassandra sstableverify", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.cassandra.tools.StandaloneVerifier" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_lucene8_luke", + "description": "Skip Lucene 8 Luke", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.lucene.luke.app.desktop.LukeMain" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_lucene9_luke", + "description": "Skip Apache Netbeans", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.lucene.luke" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_netbeans", + "description": "Skip Apache Netbeans", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.netbeans.Main" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_solr8_start", + "description": "Skip Apache Solr 8 start command using System Properties", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "-Dsolr.solr.home=*" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_solr8_stop", + "description": "Skip Apache Solr 8 stop using path to jar", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "*solr/server/start.jar" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_solr8_tools", + "description": "Skip Apache Solr 8 CLI tools", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "org.apache.solr.util.SolrCLI" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "elasticsearch7", + "description": "Skip Elastic Search 7+ commands", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "-Des.path.home=*" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "intellij_idea", + "description": "Skip Jetbrains IntelliJ IDEA", + "os": null, + "cmds": [ + "**/java" + ], + "args": [ + { + "args": [ + "com.intellij.idea.Main" + ], + "position": null + } + ], + "envars": null + }, + { + "id": "apache_hbase", + "description": "Skip Apache HBase", + "os": null, + "cmds": [ + "**/java" + ], + "args": [], + "envars": { + "HBASE_HOME": null + } + }, + { + "id": "apache_hadoop3", + "description": "Skip Apache Hadoop 3", + "os": null, + "cmds": [ + "**/java" + ], + "args": [], + "envars": { + "HADOOP_HOME": null + } + }, + { + "id": "apache_hive", + "description": "Skip Apache Hive", + "os": null, + "cmds": [ + "**/java" + ], + "args": [], + "envars": { + "HIVE_HOME": null + } + }, + { + "id": "apache_solr9", + "description": "Skip Apache Solr 9", + "os": null, + "cmds": [ + "**/java" + ], + "args": [], + "envars": { + "SOLR_PORT": null + } + } + ], + "native_deps": { + "glibc": [ + { + "arch": "x86", + "supported": true + }, + { + "arch": "x64", + "supported": true + }, + { + "arch": "arm64", + "supported": true + } + ], + "musl": [ + { + "arch": "x86", + "supported": true + }, + { + "arch": "x64", + "supported": true + }, + { + "arch": "arm64", + "supported": true + } + ] + } +}