refactoring, ebpf / containers

Author: vsilent

src/collectors/ebpf/container.rs

@@ -196,16 +196,16 @@ mod tests {
 
     #[test]
     fn test_parse_docker_cgroup() {
-        let cgroup = "12:memory:/docker/abc123def456789012345678901234567890";
+        let cgroup = "12:memory:/docker/abc123def456abc123def456abc123def456abc123def456abc123def456abcd";
         let result = ContainerDetector::parse_container_from_cgroup(cgroup);
-        assert_eq!(result, Some("abc123def456789012345678901234567890".to_string()));
+        assert_eq!(result, Some("abc123def456abc123def456abc123def456abc123def456abc123def456abcd".to_string()));
     }
-    
+
     #[test]
     fn test_parse_kubernetes_cgroup() {
-        let cgroup = "11:cpu:/kubepods/pod123/def456abc789012345678901234567890";
+        let cgroup = "11:cpu:/kubepods/pod123/def456abc123def456abc123def456abc123def456abc123def456abc123def4";
         let result = ContainerDetector::parse_container_from_cgroup(cgroup);
-        assert_eq!(result, Some("def456abc789012345678901234567890".to_string()));
+        assert_eq!(result, Some("def456abc123def456abc123def456abc123def456abc123def456abc123def4".to_string()));
     }
 
     #[test]
@@ -215,6 +215,7 @@ mod tests {
         assert_eq!(result, None);
     }
 
+    #[cfg(target_os = "linux")]
     #[test]
     fn test_validate_valid_container_id() {
         let detector = ContainerDetector::new().unwrap();
@@ -226,6 +227,7 @@ mod tests {
         assert!(detector.validate_container_id("abc123def456"));
     }
 
+    #[cfg(target_os = "linux")]
     #[test]
     fn test_validate_invalid_container_id() {
         let detector = ContainerDetector::new().unwrap();

src/collectors/ebpf/programs/mod.rs

@@ -27,7 +27,7 @@ pub struct EbpfSyscallEvent {
 
 /// Event data union
 #[repr(C)]
-#[derive(Debug, Clone, Copy)]
+#[derive(Clone, Copy)]
 pub union EbpfEventData {
     /// execve data
     pub execve: ExecveData,
@@ -41,6 +41,14 @@ pub union EbpfEventData {
     pub raw: [u8; 128],
 }
 
+impl std::fmt::Debug for EbpfEventData {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        // SAFETY: raw is always a valid field in any union variant
+        let raw = unsafe { self.raw };
+        write!(f, "EbpfEventData {{ raw: {:?} }}", &raw[..])
+    }
+}
+
 impl Default for EbpfEventData {
     fn default() -> Self {
         Self {
@@ -51,7 +59,7 @@ impl Default for EbpfEventData {
 
 /// execve-specific data
 #[repr(C)]
-#[derive(Debug, Clone, Copy, Default)]
+#[derive(Debug, Clone, Copy)]
 pub struct ExecveData {
     /// Filename length
     pub filename_len: u32,
@@ -61,6 +69,12 @@ pub struct ExecveData {
     pub argc: u32,
 }
 
+impl Default for ExecveData {
+    fn default() -> Self {
+        Self { filename_len: 0, filename: [0u8; 128], argc: 0 }
+    }
+}
+
 /// connect-specific data
 #[repr(C)]
 #[derive(Debug, Clone, Copy, Default)]
@@ -75,7 +89,7 @@ pub struct ConnectData {
 
 /// openat-specific data
 #[repr(C)]
-#[derive(Debug, Clone, Copy, Default)]
+#[derive(Debug, Clone, Copy)]
 pub struct OpenatData {
     /// File path length
     pub path_len: u32,
@@ -85,6 +99,12 @@ pub struct OpenatData {
     pub flags: u32,
 }
 
+impl Default for OpenatData {
+    fn default() -> Self {
+        Self { path_len: 0, path: [0u8; 256], flags: 0 }
+    }
+}
+
 /// ptrace-specific data
 #[repr(C)]
 #[derive(Debug, Clone, Copy, Default)]

src/collectors/ebpf/types.rs

@@ -7,3 +7,6 @@ pub mod repositories;
 pub use connection::{create_pool, init_database, DbPool};
 pub use models::*;
 pub use repositories::alerts::*;
+
+/// Marker struct for module tests
+pub struct DatabaseMarker;

src/database/mod.rs

@@ -29,7 +29,7 @@ impl DockerClient {
 
     /// List all containers
     pub async fn list_containers(&self, all: bool) -> Result<Vec<ContainerInfo>> {
-        let options = Some(ListContainersOptions {
+        let options: Option<ListContainersOptions<String>> = Some(ListContainersOptions {
             all,
             size: false,
             ..Default::default()
@@ -85,7 +85,7 @@ impl DockerClient {
     /// Quarantine a container (disconnect from all networks)
     pub async fn quarantine_container(&self, container_id: &str) -> Result<()> {
         // List all networks
-        let networks: Vec<bollard::models::NetworkResource> = self.client
+        let networks: Vec<bollard::models::Network> = self.client
             .list_networks(None::<ListNetworksOptions<String>>)
             .await
             .context("Failed to list networks")?;
@@ -104,7 +104,7 @@ impl DockerClient {
                 };
 
                 let _ = self.client
-                    .disconnect_network(&name, Some(options))
+                    .disconnect_network(&name, options)
                     .await;
             }
         }

src/docker/client.rs

@@ -46,8 +46,7 @@ pub mod models;
 #[cfg(target_os = "linux")]
 pub mod firewall;
 
-// Security modules - Collectors
-#[cfg(target_os = "linux")]
+// Security modules - Collectors (cross-platform; Linux-specific internals are gated within)
 pub mod collectors;
 
 // Optional modules
@@ -74,7 +73,6 @@ pub use alerting::{NotificationChannel, NotificationConfig};
 pub use firewall::{QuarantineManager, QuarantineState};
 #[cfg(target_os = "linux")]
 pub use firewall::{ResponseAction, ResponseChain, ResponseExecutor, ResponseType};
-#[cfg(target_os = "linux")]
 pub use collectors::{EbpfLoader, SyscallMonitor};
 
 // Rules

src/lib.rs

@@ -5,64 +5,61 @@
 
 #[test]
 fn test_collectors_module_imports() {
-    // Verify collectors module exists and can be imported
-    // This test will compile only if the module structure is correct
-    use crate::collectors;
-    
-    // Suppress unused import warning
+    use stackdog::collectors;
     let _ = std::marker::PhantomData::<collectors::CollectorsMarker>;
 }
 
 #[test]
 fn test_events_module_imports() {
-    use crate::events;
+    use stackdog::events;
     let _ = std::marker::PhantomData::<events::EventsMarker>;
 }
 
 #[test]
 fn test_rules_module_imports() {
-    use crate::rules;
+    use stackdog::rules;
     let _ = std::marker::PhantomData::<rules::RulesMarker>;
 }
 
 #[test]
 fn test_ml_module_imports() {
-    use crate::ml;
+    use stackdog::ml;
     let _ = std::marker::PhantomData::<ml::MlMarker>;
 }
 
+#[cfg(target_os = "linux")]
 #[test]
 fn test_firewall_module_imports() {
-    use crate::firewall;
+    use stackdog::firewall;
     let _ = std::marker::PhantomData::<firewall::FirewallMarker>;
 }
 
 #[test]
 fn test_response_module_imports() {
-    use crate::response;
+    use stackdog::response;
     let _ = std::marker::PhantomData::<response::ResponseMarker>;
 }
 
 #[test]
 fn test_correlator_module_imports() {
-    use crate::correlator;
+    use stackdog::correlator;
     let _ = std::marker::PhantomData::<correlator::CorrelatorMarker>;
 }
 
 #[test]
 fn test_alerting_module_imports() {
-    use crate::alerting;
+    use stackdog::alerting;
     let _ = std::marker::PhantomData::<alerting::AlertingMarker>;
 }
 
 #[test]
 fn test_baselines_module_imports() {
-    use crate::baselines;
+    use stackdog::baselines;
     let _ = std::marker::PhantomData::<baselines::BaselinesMarker>;
 }
 
 #[test]
 fn test_database_module_imports() {
-    use crate::database;
+    use stackdog::database;
     let _ = std::marker::PhantomData::<database::DatabaseMarker>;
 }