```/**
* Copyright (c) 2014-present, The osquery ...
# ebpfa
alessandrogario
08/17/2022, 10:51 AM
Copy code
/**
* Copyright (c) 2014-present, The osquery authors
*
* This source code is licensed as defined by the LICENSE file found in the
* root directory of this source tree.
*
* SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
*/
#include <string_view>
#include <vector>
#include <osquery/logger/logger.h>
#include <sqlite3.h>
namespace osquery {
namespace {
const std::vector<std::string> kPrefixList{
"libpod-conmon-",
"libpod-",
"docker-",
};
const std::string kSeparatorList{"./"};
void cgroupContainerName(sqlite3_context* context,
int argc,
sqlite3_value** argv) {
auto buffer_ptr = reinterpret_cast<const char*>(sqlite3_value_text(argv[0]));
if (buffer_ptr == nullptr) {
sqlite3_result_null(context);
return;
}
auto buffer_size = std::strlen(buffer_ptr);
std::string_view cgroup_path(buffer_ptr, buffer_size);
for (const auto& prefix : kPrefixList) {
auto start_index = cgroup_path.find(prefix);
if (start_index == std::string::npos) {
continue;
}
start_index += prefix.size();
auto end_index = cgroup_path.find_first_of(kSeparatorList, start_index);
auto substr_size = (end_index != std::string::npos)
? end_index - start_index
: std::string::npos;
auto container_name = cgroup_path.substr(start_index, substr_size);
sqlite3_result_text(context,
container_name.data(),
container_name.size(),
SQLITE_TRANSIENT);
return;
}
sqlite3_result_null(context);
}
} // namespace
void registerCgroupUtilsExtensions(sqlite3* db) {
sqlite3_create_function(db,
"cgroup_container_name",
-1,
SQLITE_UTF8 | SQLITE_DETERMINISTIC,
nullptr,
cgroupContainerName,
nullptr,
nullptr);
}
} // namespace osquery