Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Long command line is not reported correctly #131

Open
gentooise opened this issue Jun 11, 2024 · 0 comments
Open

Long command line is not reported correctly #131

gentooise opened this issue Jun 11, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@gentooise
Copy link

gentooise commented Jun 11, 2024

Indicate project
libsysflow

Describe the bug
Long command line is truncated and sometimes filled with garbage bytes at the end.

To reproduce
Steps to reproduce the behavior:

  1. Start the sf-collector callback example
  2. Run the following command (it is a typical command executed after upgrade of ubuntu 22):
    /usr/bin/grep -l reboot-required /var/lib/dpkg/info/adduser.postinst /var/lib/dpkg/info/ksh93u+m.postinst /var/lib/dpkg/info/perl-base.postinst /var/lib/dpkg/info/python3-service-identity.postinst /var/lib/dpkg/info/amd64-microcode.postinst /var/lib/dpkg/info/landscape-common.postinst /var/lib/dpkg/info/perl.postinst /var/lib/dpkg/info/python3-setuptools.postinst /var/lib/dpkg/info/apparmor.postinst /var/lib/dpkg/info/less.postinst /var/lib/dpkg/info/pinentry-curses.postinst /var/lib/dpkg/info/python3-six.postinst /var/lib/dpkg/info/apt.postinst /var/lib/dpkg/info/libc6:amd64.postinst /var/lib/dpkg/info/pkexec.postinst /var/lib/dpkg/info/python3-software-properties.postinst /var/lib/dpkg/info/autofs.postinst /var/lib/dpkg/info/libc-bin.postinst /var/lib/dpkg/info/plymouth.postinst /var/lib/dpkg/info/python3-systemd.postinst /var/lib/dpkg/info/base-files.postinst /var/lib/dpkg/info/libdebuginfod-common.postinst /var/lib/dpkg/info/plymouth-theme-ubuntu-text.postinst /var/lib/dpkg/info/python3-twisted.postinst /var/lib/dpkg/info/base-passwd.postinst /var/lib/dpkg/info/libglib2.0-0:amd64.postinst /var/lib/dpkg/info/policykit-1.postinst /var/lib/dpkg/info/python3-update-manager.postinst /var/lib/dpkg/info/bash-completion.postinst /var/lib/dpkg/info/libgssapi-krb5-2:amd64.postinst /var/lib/dpkg/info/polkitd.postinst /var/lib/dpkg/info/python3-wadllib.postinst /var/lib/dpkg/info/bash.postinst /var/lib/dpkg/info/libgstreamer1.0-0:amd64.postinst /var/lib/dpkg/info/pollinate.postinst /var/lib/dpkg/info/python3-xkit.postinst /var/lib/dpkg/info/bc.postinst /var/lib/dpkg/info/libnewt0.52:amd64.postinst /var/lib/dpkg/info/procps.postinst /var/lib/dpkg/info/python3-yaml.postinst /var/lib/dpkg/info/bolt.postinst /var/lib/dpkg/info/libnss-systemd:amd64.postinst /var/lib/dpkg/info/psmisc.postinst /var/lib/dpkg/info/python3-zipp.postinst /var/lib/dpkg/info/bsdextrautils.postinst /var/lib/dpkg/info/libpam0g:amd64.postinst /var/lib/dpkg/info/python3.10-minimal.postinst /var/lib/dpkg/info/python3-zope.interface.postinst /var/lib/dpkg/info/byobu.postinst /var/lib/dpkg/info/libpam-cap:amd64.postinst /var/lib/dpkg/info/python3.10.postinst /var/lib/dpkg/info/readline-common.postinst /var/lib/dpkg/info/ca-certificates.postinst /var/lib/dpkg/info/libpam-modules:amd64.postinst /var/lib/dpkg/info/python3-apport.postinst /var/lib/dpkg/info/rsync.postinst /var/lib/dpkg/info/cloud-initramfs-copymods.postinst /var/lib/dpkg/info/libpam-pwquality:amd64.postinst /var/lib/dpkg/info/python3-apt.postinst /var/lib/dpkg/info/rsyslog.postinst /var/lib/dpkg/info/cloud-initramfs-dyn-netconf.postinst /var/lib/dpkg/info/libpam-runtime.postinst /var/lib/dpkg/info/python3-attr.postinst /var/lib/dpkg/info/screen.postinst /var/lib/dpkg/info/console-setup-linux.postinst /var/lib/dpkg/info/libpam-systemd:amd64.postinst /var/lib/dpkg/info/python3-automat.postinst /var/lib/dpkg/info/secureboot-db.postinst /var/lib/dpkg/info/console-setup.postinst /var/lib/dpkg/info/libpython3.10-minimal:amd64.postinst /var/lib/dpkg/info/python3-bcrypt.postinst /var/lib/dpkg/info/sg3-utils-udev.postinst /var/lib/dpkg/info/coreutils.postinst /var/lib/dpkg/info/libsasl2-modules:amd64.postinst /var/lib/dpkg/info/python3-blinker.postinst /var/lib/dpkg/info/shared-mime-info.postinst /var/lib/dpkg/info/cpio.postinst /var/lib/dpkg/info/libssl3:amd64.postinst /var/lib/dpkg/info/python3-chardet.postinst /var/lib/dpkg/info/snapd.postinst /var/lib/dpkg/info/cracklib-runtime.postinst /var/lib/dpkg/info/libwrap0:amd64.postinst /var/lib/dpkg/info/python3-click.postinst /var/lib/dpkg/info/sntp.postinst /var/lib/dpkg/info/cron.postinst /var/lib/dpkg/info/linux-base.postinst /var/lib/dpkg/info/python3-colorama.postinst /var/lib/dpkg/info/software-properties-common.postinst /var/lib/dpkg/info/cryptsetup-bin.postinst /var/lib/dpkg/info/linux-firmware.postinst /var/lib/dpkg/info/python3-commandnotfound.postinst /var/lib/dpkg/info/sosreport.postinst /var/lib/dpkg/info/cryptsetup-initramfs.postinst /var/lib/dpkg/info/linux-headers-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-configobj.postinst /var/lib/dpkg/info/ssh-import-id.postinst /var/lib/dpkg/info/cryptsetup.postinst /var/lib/dpkg/info/linux-headers-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-constantly.postinst /var/lib/dpkg/info/sudo.postinst /var/lib/dpkg/info/dash.postinst /var/lib/dpkg/info/linux-image-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-cryptography.postinst /var/lib/dpkg/info/sysstat.postinst /var/lib/dpkg/info/dbus.postinst /var/lib/dpkg/info/linux-image-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-dbus.postinst /var/lib/dpkg/info/systemd-hwe-hwdb.postinst /var/lib/dpkg/info/debconf.postinst /var/lib/dpkg/info/linux-modules-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-debconf.postinst /var/lib/dpkg/info/systemd.postinst /var/lib/dpkg/info/debianutils.postinst /var/lib/dpkg/info/linux-modules-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-debian.postinst /var/lib/dpkg/info/systemd-sysv.postinst /var/lib/dpkg/info/dirmngr.postinst /var/lib/dpkg/info/linux-modules-extra-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-distro-info.postinst /var/lib/dpkg/info/tar.postinst /var/lib/dpkg/info/dmeventd.postinst /var/lib/dpkg/info/linux-modules-extra-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-distro.postinst /var/lib/dpkg/info/tcl8.6.postinst /var/lib/dpkg/info/dmsetup.postinst /var/lib/dpkg/info/locales.postinst /var/lib/dpkg/info/python3-distupgrade.postinst /var/lib/dpkg/info/tcpdump.postinst /var/lib/dpkg/info/dpkg.postinst /var/lib/dpkg/info/login.postinst /var/lib/dpkg/info/python3-distutils.postinst /var/lib/dpkg/info/thermald.postinst /var/lib/dpkg/info/e2fsprogs.postinst /var/lib/dpkg/info/logrotate.postinst /var/lib/dpkg/info/python3-gi.postinst /var/lib/dpkg/info/tmux.postinst /var/lib/dpkg/info/ed.postinst /var/lib/dpkg/info/lsb-base.postinst /var/lib/dpkg/info/python3-hamcrest.postinst /var/lib/dpkg/info/tnftp.postinst /var/lib/dpkg/info/falcon-sensor.postinst /var/lib/dpkg/info/lsb-release.postinst /var/lib/dpkg/info/python3-httplib2.postinst /var/lib/dpkg/info/tpm-udev.postinst /var/lib/dpkg/info/finalrd.postinst /var/lib/dpkg/info/lvm2.postinst /var/lib/dpkg/info/python3-hyperlink.postinst /var/lib/dpkg/info/tzdata.postinst /var/lib/dpkg/info/friendly-recovery.postinst /var/lib/dpkg/info/lxd-agent-loader.postinst /var/lib/dpkg/info/python3-idna.postinst /var/lib/dpkg/info/ubuntu-advantage-tools.postinst /var/lib/dpkg/info/fuse3.postinst /var/lib/dpkg/info/man-db.postinst /var/lib/dpkg/info/python3-importlib-metadata.postinst /var/lib/dpkg/info/ubuntu-drivers-common.postinst /var/lib/dpkg/info/fwupd.postinst /var/lib/dpkg/info/mawk.postinst /var/lib/dpkg/info/python3-incremental.postinst /var/lib/dpkg/info/ubuntu-keyring.postinst /var/lib/dpkg/info/gawk.postinst /var/lib/dpkg/info/mdadm.postinst /var/lib/dpkg/info/python3-jeepney.postinst /var/lib/dpkg/info/ubuntu-release-upgrader-core.postinst /var/lib/dpkg/info/git.postinst /var/lib/dpkg/info/modemmanager.postinst /var/lib/dpkg/info/python3-jwt.postinst /var/lib/dpkg/info/ucf.postinst /var/lib/dpkg/info/gpg-agent.postinst /var/lib/dpkg/info/motd-news-config.postinst /var/lib/dpkg/info/python3-keyring.postinst /var/lib/dpkg/info/udev.postinst /var/lib/dpkg/info/grub-common.postinst /var/lib/dpkg/info/mtr-tiny.postinst /var/lib/dpkg/info/python3-launchpadlib.postinst /var/lib/dpkg/info/udisks2.postinst /var/lib/dpkg/info/grub-gfxpayload-lists.postinst /var/lib/dpkg/info/multipath-tools.postinst /var/lib/dpkg/info/python3-lazr.restfulclient.postinst /var/lib/dpkg/info/ufw.postinst /var/lib/dpkg/info/grub-pc.postinst /var/lib/dpkg/info/nano.postinst /var/lib/dpkg/info/python3-lazr.uri.postinst /var/lib/dpkg/info/unattended-upgrades.postinst /var/lib/dpkg/info/hdparm.postinst /var/lib/dpkg/info/needrestart.postinst /var/lib/dpkg/info/python3-lib2to3.postinst /var/lib/dpkg/info/update-notifier-common.postinst /var/lib/dpkg/info/ifupdown.postinst /var/lib/dpkg/info/netbase.postinst /var/lib/dpkg/info/python3-magic.postinst /var/lib/dpkg/info/upower.postinst /var/lib/dpkg/info/info.postinst /var/lib/dpkg/info/netcat-openbsd.postinst /var/lib/dpkg/info/python3-minimal.postinst /var/lib/dpkg/info/usb-modeswitch.postinst /var/lib/dpkg/info/initramfs-tools-core.postinst /var/lib/dpkg/info/networkd-dispatcher.postinst /var/lib/dpkg/info/python3-more-itertools.postinst /var/lib/dpkg/info/usbmuxd.postinst /var/lib/dpkg/info/initramfs-tools.postinst /var/lib/dpkg/info/nftables.postinst /var/lib/dpkg/info/python3-newt:amd64.postinst /var/lib/dpkg/info/usrmerge.postinst /var/lib/dpkg/info/install-info.postinst /var/lib/dpkg/info/ntfs-3g.postinst /var/lib/dpkg/info/python3-oauthlib.postinst /var/lib/dpkg/info/util-linux.postinst /var/lib/dpkg/info/intel-microcode.postinst /var/lib/dpkg/info/ntpdate.postinst /var/lib/dpkg/info/python3-openssl.postinst /var/lib/dpkg/info/uuid-runtime.postinst /var/lib/dpkg/info/iproute2.postinst /var/lib/dpkg/info/ntp.postinst /var/lib/dpkg/info/python3-pexpect.postinst /var/lib/dpkg/info/vim-common.postinst /var/lib/dpkg/info/iptables.postinst /var/lib/dpkg/info/open-iscsi.postinst /var/lib/dpkg/info/python3-pkg-resources.postinst /var/lib/dpkg/info/vim.postinst /var/lib/dpkg/info/iputils-ping.postinst /var/lib/dpkg/info/openssh-client.postinst /var/lib/dpkg/info/python3.postinst /var/lib/dpkg/info/vim-runtime.postinst /var/lib/dpkg/info/irqbalance.postinst /var/lib/dpkg/info/openssh-server.postinst /var/lib/dpkg/info/python3-problem-report.postinst /var/lib/dpkg/info/vim-tiny.postinst /var/lib/dpkg/info/isc-dhcp-client.postinst /var/lib/dpkg/info/openssl.postinst /var/lib/dpkg/info/python3-ptyprocess.postinst /var/lib/dpkg/info/wamerican.postinst /var/lib/dpkg/info/kbd.postinst /var/lib/dpkg/info/open-vm-tools.postinst /var/lib/dpkg/info/python3-pyasn1-modules.postinst /var/lib/dpkg/info/xdg-user-dirs.postinst /var/lib/dpkg/info/keeperx.postinst /var/lib/dpkg/info/overlayroot.postinst /var/lib/dpkg/info/python3-pyasn1.postinst /var/lib/dpkg/info/xfsprogs.postinst /var/lib/dpkg/info/keyboard-configuration.postinst /var/lib/dpkg/info/packagekit.postinst /var/lib/dpkg/info/python3-pyparsing.postinst /var/lib/dpkg/info/xz-utils.postinst /var/lib/dpkg/info/klibc-utils.postinst /var/lib/dpkg/info/passwd.postinst /var/lib/dpkg/info/python3-secretstorage.postinst /var/lib/dpkg/info/kmod.postinst /var/lib/dpkg/info/pciutils.postinst /var/lib/dpkg/info/python3-serial.postinst
    
  3. Observe the log

The callback example seems to truncate the command line, but seems not affected by the garbage ending bytes.
Example of random bytes found in the exeArgs string from sysflow callback when integrating libsysflow (observe the end):

-l reboot-required /var/lib/dpkg/info/adduser.postinst /var/lib/dpkg/info/ksh93u+m.postinst /var/lib/dpkg/info/perl-base.postinst /var/lib/dpkg/info/python3-service-identity.postinst /var/lib/dpkg/info/amd64-microcode.postinst /var/lib/dpkg/info/landscape-common.postinst /var/lib/dpkg/info/perl.postinst /var/lib/dpkg/info/python3-setuptools.postinst /var/lib/dpkg/info/apparmor.postinst /var/lib/dpkg/info/less.postinst /var/lib/dpkg/info/pinentry-curses.postinst /var/lib/dpkg/info/python3-six.postinst /var/lib/dpkg/info/apt.postinst /var/lib/dpkg/info/libc6:amd64.postinst /var/lib/dpkg/info/pkexec.postinst /var/lib/dpkg/info/python3-software-properties.postinst /var/lib/dpkg/info/autofs.postinst /var/lib/dpkg/info/libc-bin.postinst /var/lib/dpkg/info/plymouth.postinst /var/lib/dpkg/info/python3-systemd.postinst /var/lib/dpkg/info/base-files.postinst /var/lib/dpkg/info/libdebuginfod-common.postinst /var/lib/dpkg/info/plymouth-theme-ubuntu-text.postinst /var/lib/dpkg/info/python3-twisted.postinst /var/lib/dpkg/info/base-passwd.postinst /var/lib/dpkg/info/libglib2.0-0:amd64.postinst /var/lib/dpkg/info/policykit-1.postinst /var/lib/dpkg/info/python3-update-manager.postinst /var/lib/dpkg/info/bash-completion.postinst /var/lib/dpkg/info/libgssapi-krb5-2:amd64.postinst /var/lib/dpkg/info/polkitd.postinst /var/lib/dpkg/info/python3-wadllib.postinst /var/lib/dpkg/info/bash.postinst /var/lib/dpkg/info/libgstreamer1.0-0:amd64.postinst /var/lib/dpkg/info/pollinate.postinst /var/lib/dpkg/info/python3-xkit.postinst /var/lib/dpkg/info/bc.postinst /var/lib/dpkg/info/libnewt0.52:amd64.postinst /var/lib/dpkg/info/procps.postinst /var/lib/dpkg/info/python3-yaml.postinst /var/lib/dpkg/info/bolt.postinst /var/lib/dpkg/info/libnss-systemd:amd64.postinst /var/lib/dpkg/info/psmisc.postinst /var/lib/dpkg/info/python3-zipp.postinst /var/lib/dpkg/info/bsdextrautils.postinst /var/lib/dpkg/info/libpam0g:amd64.postinst /var/lib/dpkg/info/python3.10-minimal.postinst /var/lib/dpkg/info/python3-zope.interface.postinst /var/lib/dpkg/info/byobu.postinst /var/lib/dpkg/info/libpam-cap:amd64.postinst /var/lib/dpkg/info/python3.10.postinst /var/lib/dpkg/info/readline-common.postinst /var/lib/dpkg/info/ca-certificates.postinst /var/lib/dpkg/info/libpam-modules:amd64.postinst /var/lib/d4-

Expected behavior
The command line is reported correctly, even truncated but without garbage bytes at the end.

Environment (please complete the following information):

  • OS: ubuntu 22.04, Linux ubuntu2204.localdomain 5.15.0-69-generic #76-Ubuntu SMP Fri Mar 17 17:19:29 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
  • SysFlow version: libsysflow 0.6.3 (/root/.falco/6.0.1+driver/x86_64/falco_ubuntu-generic_5.15.0-69-generic_76.o)

Additional context
The problem causes sporadic program crashes when the string is decoded since sometimes the garbage bytes are not valid UTF-8 codes.

Jun 10 16:15:53 ubuntu2204.localdomain test[12486]: terminate called after throwing an instance of 'nlohmann::json_abi_v3_11_2::detail::type_error'
Jun 10 16:15:53 ubuntu2204.localdomain test[12486]:   what():  [json.exception.type_error.316] invalid UTF-8 byte at index 2300: 0x30
@gentooise gentooise added the bug Something isn't working label Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant