santactl/metrics: Allow filtering metrics (#763)

google · Mar 22, 2022 · 676c026 · 676c026
1 parent 64950d0
commit 676c026
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 20 deletions.
diff --git a/Source/common/SNTMetricSet.m b/Source/common/SNTMetricSet.m
@@ -27,9 +27,9 @@
     case SNTMetricTypeGaugeInt64: typeStr = @"SNTMetricTypeGaugeInt64"; break;
     case SNTMetricTypeGaugeDouble: typeStr = @"SNTMetricTypeGaugeDouble"; break;
     case SNTMetricTypeCounter: typeStr = @"SNTMetricTypeCounter"; break;
-    default: typeStr = @"SNTMetricTypeUnknown"; break;
+    default: typeStr = [NSString stringWithFormat:@"SNTMetricTypeUnknown %ld", metricType]; break;
   }
-  return [NSString stringWithFormat:@"%@ %ld", typeStr, metricType];
+  return typeStr;
 }
 
 /**

diff --git a/Source/common/SNTMetricSetTest.m b/Source/common/SNTMetricSetTest.m
@@ -45,10 +45,10 @@ - (void)testSimpleCounter {
   XCTAssertNotNil(c, @"Expected returned SNTMetricCounter to not be nil");
   [c incrementForFieldValues:@[ @"certificate" ]];
   XCTAssertEqual(1, [c getCountForFieldValues:@[ @"certificate" ]],
-                 @"Counter not incremendted by 1");
+                 @"Counter not incremented by 1");
   [c incrementBy:3 forFieldValues:@[ @"certificate" ]];
   XCTAssertEqual(4, [c getCountForFieldValues:@[ @"certificate" ]],
-                 @"Counter not incremendted by 3");
+                 @"Counter not incremented by 3");
 }
 
 - (void)testExportNSDictionary {
@@ -630,39 +630,39 @@ - (void)testMakeMetricString {
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeConstantBool],
-      @"expected" : @"SNTMetricTypeConstantBool 1"
+      @"expected" : @"SNTMetricTypeConstantBool"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeConstantString],
-      @"expected" : @"SNTMetricTypeConstantString 2"
+      @"expected" : @"SNTMetricTypeConstantString"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeConstantInt64],
-      @"expected" : @"SNTMetricTypeConstantInt64 3"
+      @"expected" : @"SNTMetricTypeConstantInt64"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeConstantDouble],
-      @"expected" : @"SNTMetricTypeConstantDouble 4"
+      @"expected" : @"SNTMetricTypeConstantDouble"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeGaugeBool],
-      @"expected" : @"SNTMetricTypeGaugeBool 5"
+      @"expected" : @"SNTMetricTypeGaugeBool"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeGaugeString],
-      @"expected" : @"SNTMetricTypeGaugeString 6"
+      @"expected" : @"SNTMetricTypeGaugeString"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeGaugeInt64],
-      @"expected" : @"SNTMetricTypeGaugeInt64 7"
+      @"expected" : @"SNTMetricTypeGaugeInt64"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeGaugeDouble],
-      @"expected" : @"SNTMetricTypeGaugeDouble 8"
+      @"expected" : @"SNTMetricTypeGaugeDouble"
     },
     @{
       @"input" : [NSNumber numberWithInt:SNTMetricTypeCounter],
-      @"expected" : @"SNTMetricTypeCounter 9"
+      @"expected" : @"SNTMetricTypeCounter"
     }
   ];
 

diff --git a/Source/santactl/Commands/SNTCommandMetrics.h b/Source/santactl/Commands/SNTCommandMetrics.h
@@ -19,4 +19,5 @@
 
 @interface SNTCommandMetrics : SNTCommand <SNTCommandProtocol>
 - (void)prettyPrintMetrics:(NSDictionary *)metircs asJSON:(BOOL)exportJSON;
+- (NSDictionary *)filterMetrics:(NSDictionary *)metrics withArguments:(NSArray *)args;
 @end
diff --git a/Source/santactl/Commands/SNTCommandMetrics.m b/Source/santactl/Commands/SNTCommandMetrics.m
@@ -41,6 +41,7 @@ + (NSString *)shortHelpText {
 
 + (NSString *)longHelpText {
   return (@"Provides metrics about Santa's operation while it's running.\n"
+          @"Pass prefixes to filter list of metrics, if desired.\n"
           @"  Use --json to output in JSON format");
 }
 
@@ -122,6 +123,26 @@ - (void)prettyPrintMetrics:(NSDictionary *)metrics asJSON:(BOOL)exportJSON {
   [self prettyPrintMetricValues:normalizedMetrics[@"metrics"]];
 }
 
+- (NSDictionary *)filterMetrics:(NSDictionary *)metrics withArguments:(NSArray *)args {
+  NSMutableDictionary *outer = [metrics mutableCopy];
+  NSMutableDictionary *inner = [NSMutableDictionary dictionary];
+  __block BOOL hadFilter = NO;
+
+  [metrics[@"metrics"] enumerateKeysAndObjectsUsingBlock:^(NSString *key, id value, BOOL *stop) {
+    for (NSString *arg in args) {
+      if ([arg hasPrefix:@"-"]) continue;
+
+      hadFilter = YES;
+      if ([key hasPrefix:arg]) {
+        inner[key] = value;
+      }
+    }
+  }];
+
+  outer[@"metrics"] = inner;
+  return hadFilter ? outer : metrics;
+}
+
 - (void)runWithArguments:(NSArray *)arguments {
   __block NSDictionary *metrics;
 
@@ -138,6 +159,8 @@ - (void)runWithArguments:(NSArray *)arguments {
     fprintf(stderr, "Failed to retrieve metrics from daemon\n\n");
   }
 
+  metrics = [self filterMetrics:metrics withArguments:arguments];
+
   [self prettyPrintMetrics:metrics asJSON:[arguments containsObject:@"--json"]];
   exit(0);
 }

diff --git a/Source/santactl/Commands/SNTCommandMetricsTest.m b/Source/santactl/Commands/SNTCommandMetricsTest.m
@@ -131,4 +131,26 @@ - (void)testPrettyPrinting {
                         @"Metrics command command did not produce expected output");
 }
 
+- (void)testFiltering {
+  SNTCommandMetrics *metricsCmd = [[SNTCommandMetrics alloc] init];
+
+  NSDictionary *metricDict = [SNTMetricFormatTestHelper createValidMetricsDictionary];
+  NSDictionary *filtered;
+
+  filtered = [metricsCmd filterMetrics:metricDict withArguments:@[]];
+  XCTAssertEqualObjects(metricDict[@"metrics"], filtered[@"metrics"], @"No filtering with no args");
+
+  filtered = [metricsCmd filterMetrics:metricDict withArguments:@[ @"--json" ]];
+  XCTAssertEqualObjects(metricDict[@"metrics"], filtered[@"metrics"],
+                        @"No filtering with no metric args");
+
+  filtered = [metricsCmd filterMetrics:metricDict withArguments:@[ @"--json", @"/santa" ]];
+  XCTAssertEqual(((NSDictionary *)filtered[@"metrics"]).count, 3,
+                 @"Expected filter of metrics with /santa to return 3 metrics");
+
+  filtered = [metricsCmd filterMetrics:metricDict withArguments:@[ @"/build", @"/santa" ]];
+  XCTAssertEqual(((NSDictionary *)filtered[@"metrics"]).count, 4,
+                 @"Expected filter of metrics with /build and /santa to return 4 metrics");
+}
+
 @end
diff --git a/Source/santactl/Commands/testdata/metrics-prettyprint.txt b/Source/santactl/Commands/testdata/metrics-prettyprint.txt
@@ -10,7 +10,7 @@
 >>> Metrics 
   Metric Name               | /santa/rules
   Description               | Number of rules
-  Type                      | SNTMetricTypeGaugeInt64 7
+  Type                      | SNTMetricTypeGaugeInt64
   Field                     | rule_type=binary
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
@@ -22,14 +22,14 @@
 
   Metric Name               | /proc/memory/resident_size
   Description               | The resident set size of this process
-  Type                      | SNTMetricTypeGaugeInt64 7
+  Type                      | SNTMetricTypeGaugeInt64
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
   Data                      | 123456789
 
   Metric Name               | /santa/events
   Description               | Count of process exec events on the host
-  Type                      | SNTMetricTypeCounter 9
+  Type                      | SNTMetricTypeCounter
   Field                     | rule_type=binary
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
@@ -41,28 +41,28 @@
 
   Metric Name               | /santa/using_endpoint_security_framework
   Description               | Is santad using the endpoint security framework
-  Type                      | SNTMetricTypeConstantBool 1
+  Type                      | SNTMetricTypeConstantBool
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
   Data                      | 1
 
   Metric Name               | /proc/birth_timestamp
   Description               | Start time of this santad instance, in microseconds since epoch
-  Type                      | SNTMetricTypeConstantInt64 3
+  Type                      | SNTMetricTypeConstantInt64
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
   Data                      | 1250999830800
 
   Metric Name               | /proc/memory/virtual_size
   Description               | The virtual memory size of this process
-  Type                      | SNTMetricTypeGaugeInt64 7
+  Type                      | SNTMetricTypeGaugeInt64
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
   Data                      | 987654321
 
   Metric Name               | /build/label
   Description               | Software version running
-  Type                      | SNTMetricTypeConstantString 2
+  Type                      | SNTMetricTypeConstantString
   Created                   | 2021-09-16T21:07:34.826Z
   Last Updated              | 2021-09-16T21:07:34.826Z
   Data                      | 20210809.0.1