Add option to exclude commands and add default commands to be excluded

devzero-inc · Nov 11, 2024 · 1a3cfa5 · 1a3cfa5
1 parent 76de4cd
commit 1a3cfa5
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 7 deletions.
diff --git a/cmd/collect.go b/cmd/collect.go
@@ -119,6 +119,7 @@ func collect(cmd *cobra.Command, _ []string) error {
 		intervalConfig,
 		auth,
 		config.AppConfig.ExcludeRegex,
+		config.AppConfig.ExcludeCommands,
 		procCol,
 	)
 

diff --git a/collector/collector.go b/collector/collector.go
@@ -28,6 +28,7 @@ type Collector struct {
 	client           *client.Client
 	logger           zerolog.Logger
 	excludeRegex     string
+	excludeCommands  []string
 	collectionConfig collectionConfig
 	authConfig       AuthConfig
 	protoAuthConfig  *gen.Auth
@@ -70,7 +71,7 @@ type collectionConfig struct {
 }
 
 // NewCollector creates a new collector instance
-func NewCollector(socketPath string, client *client.Client, logger zerolog.Logger, config IntervalConfig, auth AuthConfig, excludeRegex string, process process.SystemProcess) *Collector {
+func NewCollector(socketPath string, client *client.Client, logger zerolog.Logger, config IntervalConfig, auth AuthConfig, excludeRegex string, excludeCommands []string, process process.SystemProcess) *Collector {
 
 	collector := &Collector{
 		socketPath: socketPath,
@@ -80,9 +81,10 @@ func NewCollector(socketPath string, client *client.Client, logger zerolog.Logge
 			ongoingCommands: make(map[string]Command),
 			process:         process,
 		},
-		intervalConfig: config,
-		authConfig:     auth,
-		excludeRegex:   excludeRegex,
+		intervalConfig:  config,
+		authConfig:      auth,
+		excludeRegex:    excludeRegex,
+		excludeCommands: excludeCommands,
 	}
 
 	if auth.TeamID != "" && auth.UserEmail != "" {
@@ -310,7 +312,7 @@ func (c *Collector) handleSocketCollection(con net.Conn) error {
 }
 
 func (c *Collector) handleStartCommand(parts []string) error {
-	if !IsCommandAcceptable(parts[1], c.excludeRegex) {
+	if !IsCommandAcceptable(parts[1], c.excludeRegex, c.excludeCommands) {
 		c.logger.Debug().Msg("Command is not acceptable")
 		return fmt.Errorf("command is not acceptable")
 	}
@@ -343,7 +345,7 @@ func (c *Collector) handleStartCommand(parts []string) error {
 
 func (c *Collector) handleEndCommand(parts []string) error {
 
-	if !IsCommandAcceptable(parts[1], c.excludeRegex) {
+	if !IsCommandAcceptable(parts[1], c.excludeRegex, c.excludeCommands) {
 		c.logger.Debug().Msg("Command is not acceptable")
 		return fmt.Errorf("command is not acceptable")
 	}

diff --git a/collector/command.go b/collector/command.go
@@ -117,13 +117,27 @@ func ParseCommand(command string) string {
 // IsCommandAcceptable checks if a command string matches a configured regex pattern.
 // Commands that match the regex are considered unacceptable, and it returns false.
 // If the regex is empty or the command does not match, it returns true.
-func IsCommandAcceptable(command string, excludeRegex string) bool {
+func IsCommandAcceptable(command string, excludeRegex string, excludeCommands []string) bool {
 	if excludeRegex != "" {
 		logging.Log.Debug().Msgf("Checking if command %s is acceptable for regex: %s", command, config.AppConfig.ExcludeRegex)
 		var pattern = regexp.MustCompile(excludeRegex)
 		return !pattern.MatchString(command)
 	}
 
+	if len(excludeCommands) > 0 {
+		logging.Log.Debug().Msgf("Checking if command %s is acceptable for commands: %v", command, excludeCommands)
+		acceptable := true
+		for _, excludeCommand := range excludeCommands {
+			var pattern = regexp.MustCompile(excludeCommand)
+			acceptable = !pattern.MatchString(command)
+			if !acceptable {
+				break
+			}
+		}
+
+		return acceptable
+	}
+
 	return true
 }
 

diff --git a/config/config.example.toml b/config/config.example.toml
@@ -57,6 +57,10 @@ server_host = "pulse.devzero.dev:443"
 # Default: (empty, meaning no processes are excluded)
 # exclude_regex = ""
 
+# Regular expression pattern to exclude certain commands from being collected.
+# This can be used to omit sensitive or irrelevant processes from the data collection.
+exclude_commands = ["^vim", "^nano", "^less", "^top", "^htop", "^ssh", "^scp", "^rsync", "^screen", "^tmux", "^dz", "^oda"]
+
 # Whether to establish a secure connection for remote data collection.
 # When enabled, data transmitted to and from the remote server will be encrypted.
 # Requires 'cert_file' to be specified if true.

diff --git a/config/config.go b/config/config.go
@@ -39,6 +39,8 @@ type Config struct {
 	CertFile string `mapstructure:"cert_file"`
 	// ExcludeRegex regular expression to exclude processes from collection
 	ExcludeRegex string `mapstructure:"exclude_regex"`
+	// ExcludeCommands regular expression to exclude commands from collection
+	ExcludeCommands []string `mapstructure:"exclude_commands"`
 	// ProcessCollectionType type of process collection to use, ps or psutil
 	ProcessCollectionType string `mapstructure:"process_collection_type"`
 	// TeamID is the team identifier for the workspace