fd-listener v0.1.1: add release files

Signed-off-by: LEI WANG <[email protected]>
ssst0n3 · Feb 4, 2024 · bca4d35 · bca4d35
1 parent 8a59176
commit bca4d35
Show file tree

Hide file tree

Showing 10 changed files with 227 additions and 17 deletions.
diff --git a/Dockerfile_dev b/Dockerfile_dev
@@ -0,0 +1,53 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_VERSION=1.21.6
+ARG BASE_DEBIAN_DISTRO="bullseye"
+ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
+
+FROM ${GOLANG_IMAGE} AS base
+ARG APT_MIRROR
+WORKDIR /root/app
+RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
+ && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list \
+ && sed -ri "s/(snapshot).debian.org/${APT_MIRROR:-snapshot.debian.org}/g" /etc/apt/sources.list \
+ && cat /etc/apt/sources.list
+RUN git config --global --add safe.directory /root/app
+
+FROM base AS gox
+ARG GOPROXY
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+        GOBIN=/build/ GO111MODULE=on GOPROXY=${GOPROXY} go install github.com/mitchellh/gox@latest \
+     && /build/gox --help
+
+FROM base AS build-env
+ARG GOPROXY
+WORKDIR /root/app
+COPY --from=gox /build/ /usr/local/bin/
+RUN --mount=type=cache,sharing=locked,id=app_template-build-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=app_template-build-aptcache,target=/var/cache/apt \
+        apt update && apt install -y \
+            upx jq
+RUN --mount=type=bind,target=.,rw \
+    --mount=type=cache,target=/root/.cache/go-build,id=app_template-build \
+    --mount=type=cache,target=/go/pkg/mod,id=app_template-mod \
+    --mount=type=tmpfs,target=/go/src/ \
+    GOPROXY=${GOPROXY} go mod download
+
+FROM build-env AS build
+RUN --mount=type=bind,target=.,rw \
+    --mount=type=cache,target=/root/.cache/go-build,id=app_template-build \
+    --mount=type=cache,target=/go/pkg/mod,id=app_template-mod \
+    --mount=type=tmpfs,target=/go/src/ \
+    make build && mv bin/release /build
+
+# usage:
+# > docker buildx bake binary
+# or
+# > make binary
+FROM scratch AS binary
+COPY --from=build /build /
+
+FROM build-env AS shell
+ARG GOPROXY
+ENV GOPROXY=${GOPROXY}
diff --git a/Makefile b/Makefile
@@ -0,0 +1,54 @@
+.PHONY: all shell local build
+
+APP_NAME := fd-listener
+
+# mirror
+DEFAULT_CN_APT_MIRROR := "mirrors.tuna.tsinghua.edu.cn"
+DEFAULT_CN_GOPROXY := "https://goproxy.cn,https://goproxy.io,direct"
+APT_MIRROR ?= $(if $(CN),$(DEFAULT_CN_APT_MIRROR),)
+GOPROXY ?= $(if $(CN),$(DEFAULT_CN_GOPROXY),)
+
+PROGRESS_PLAIN := --progress plain
+DEBUG_FLGAS ?= $(if $(DEBUG),$(PROGRESS_PLAIN),)
+
+GITCOMMIT := $(shell git rev-parse --short HEAD || echo unsupported)
+VERSION := $(shell cat ./VERSION)
+BUILDTIME := $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
+LDFLAGS := "${LDFALGS} \
+	-X github.com/ctrsploit/sploit-spec/pkg/version.Version=${VERSION} \
+	-X github.com/ctrsploit/sploit-spec/pkg/version.GitCommit=${GITCOMMIT} \
+	-X github.com/ctrsploit/sploit-spec/pkg/version.BuildTime=${BUILDTIME}"
+
+DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
+DEV_IMAGE := ${APP_NAME}-dev
+DOCKER_FLAGS := docker run --rm -ti $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT)
+
+DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DEV_IMAGE)"
+DOCKERFILE := Dockerfile_dev
+
+BUILD_APT_MIRROR := $(if $(APT_MIRROR),--build-arg APT_MIRROR=$(APT_MIRROR))
+BUILD_GO_PROXY := $(if $(GOPROXY),--build-arg GOPROXY=$(GOPROXY))
+BUILD_OPTS := ${BUILD_APT_MIRROR} ${BUILD_GO_PROXY} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"
+
+binary: bundle
+	APT_MIRROR=$(APT_MIRROR) GOPROXY=$(GOPROXY) docker buildx bake binary ${DEBUG_FLGAS}
+
+bundle:
+	mkdir -p bin/release
+
+build:
+	LDFLAGS=${LDFLAGS} ./release.sh
+
+install: build
+	ln -s $(CURDIR)/bin/release/${APP_NAME}_linux_amd64 /usr/local/bin/${APP_NAME}
+
+image: bundle
+	docker buildx build $(BUILD_OPTS) --load -t "$(DEV_IMAGE)" ${DEBUG_FLGAS} .
+
+shell: image
+	docker run --rm -ti -v $(CURDIR):/root/app $(DEV_IMAGE) bash
+
+# usage:
+# make binary CN=1 DEBUG=1
+# make shell CN=1 DEBUG=1
+# make install
diff --git a/README.md b/README.md
@@ -1,19 +1,31 @@
 
+## pre-built
+
+see https://github.com/ssst0n3/fd-listener/releases
+
+## usage
+
 ```
 ./listen -a allow_cmd1 [-a allow_cmd2] -d deny_cmd1 [-d deny_cmd2]
 ```
 
+e.g. 
+
 ```
 ./listen -a runc -a init -d root
 ```
 
+## detect CVE-2024-21626
+
 can be used to detect CVE-2024-21626 
 
 terminal1
 ```
 $ ./listen -a runc -a init -d bundle
 ```
 
+> for older versions runc, use `./listen -a /proc/self/exe -a init -d bundle`
+
 terminal2
 ```
 $ docker run hello-world

diff --git a/VERSION b/VERSION
@@ -0,0 +1 @@
+v0.1.1
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -0,0 +1,27 @@
+variable "APT_MIRROR" {
+  default = "cdn-fastly.deb.debian.org"
+#  default = "repo.huaweicloud.com"
+}
+
+variable "GOPROXY" {
+  default = "https://goproxy.io,https://goproxy.cn,direct"
+  #  default = "repo.huaweicloud.com"
+}
+
+group "default" {
+  targets = ["binary"]
+}
+
+target "_common" {
+  args = {
+    APT_MIRROR = APT_MIRROR
+    GOPROXY = GOPROXY
+  }
+}
+
+target "binary" {
+  dockerfile = "Dockerfile_dev"
+  inherits = ["_common"]
+  target = "binary"
+  output = ["bin/release"]
+}
diff --git a/go.mod b/go.mod
@@ -1,11 +1,21 @@
-module scope
+module github.com/ssst0n3/fd-listener
 
 go 1.21.6
 
-require github.com/urfave/cli/v2 v2.27.1
+require (
+	github.com/ctrsploit/sploit-spec v0.4.3
+	github.com/urfave/cli/v2 v2.27.1
+)
 
 require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sirupsen/logrus v1.7.0 // indirect
+	github.com/ssst0n3/awesome_libs v0.6.7 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	golang.org/x/sys v0.6.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,8 +1,60 @@
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/ctrsploit/sploit-spec v0.4.3 h1:TVsv9T+HPlExH7PsjSpS1f1UHGljIiaiXGwnA3uqcpI=
+github.com/ctrsploit/sploit-spec v0.4.3/go.mod h1:nvxWXMd2JeEQeByGziwm5obbRLJ66CJbqr9/2oo8VEg=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
+github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/ssst0n3/awesome_libs v0.6.7 h1:CxhRcWy/v1THpy4Jk8AJh4jMnfYE+5iyrkfV5HL5nYQ=
+github.com/ssst0n3/awesome_libs v0.6.7/go.mod h1:+JQKcgjs0TWWFszGXRzIs+8pZaL0qRf6HEhPY5n8cEk=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
 github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/listen.go b/listen.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"github.com/ctrsploit/sploit-spec/pkg/version"
 	"github.com/urfave/cli/v2"
 	"os"
 	"sort"
@@ -123,8 +124,11 @@ func (l *Listener) listFd(pid int) {
 }
 
 func main() {
-	app := &cli.App{
+	listener := &cli.App{
 		Name: "fd-listener",
+		Commands: []*cli.Command{
+			version.Command,
+		},
 		Flags: []cli.Flag{
 			&cli.StringSliceFlag{
 				Name:    "allows",
@@ -144,7 +148,7 @@ func main() {
 			}
 		},
 	}
-	err := app.Run(os.Args)
+	err := listener.Run(os.Args)
 	if err != nil {
 		panic(err)
 	}

diff --git a/listen_test.go b/listen_test.go
@@ -1,14 +1 @@
 package main
-
-import (
-	"fmt"
-	"os"
-	"testing"
-)
-
-func Test_listFd(t *testing.T) {
-	listFd(2244038)
-
-	link, err := os.Readlink("/proc/2244038/fd/1")
-	fmt.Printf("%+v, %+v", link, err)
-}
diff --git a/release.sh b/release.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+# go get github.com/mitchellh/gox
+cd "$(dirname "$(readlink -m "$0")")"
+rm -rf bin/release/*
+mkdir -p bin/release
+cd bin/release
+CGO_ENABLED=0 gox -cgo=0 -osarch="linux/amd64" -osarch="linux/arm64" -ldflags "${LDFLAGS}" github.com/ssst0n3/fd-listener
+cd -
+upx bin/release/*