157-Make-module-apis-more-ergonomic

Author: azenna

Cargo.lock

@@ -38,6 +38,7 @@ semver = { version = "1.0.4", features = ["serde"] }
 rust-ini = "0.17.0"
 comfy-table = "5.0.1"
 futures-util = "0.3.25"
+async-trait = "0.1.73"
 
 [features]
 default = ["full"]

Cargo.toml

@@ -12,3 +12,4 @@ bpf-common = { path = "../../bpf-common" }
 tokio = { version = "1", features = ["full"] }
 log = "0.4"
 anyhow = "1.0.68"
+async-trait = "0.1.73"

crates/modules/desktop-notifier/Cargo.toml

@@ -1,52 +1,70 @@
 use std::{
     os::unix::process::CommandExt,
     process::{Command, Stdio},
-    sync::Arc,
 };
 
 use anyhow::{Context, Result};
+use async_trait::async_trait;
 use pulsar_core::{
     event::Threat,
     pdk::{
-        CleanExit, ConfigError, Event, ModuleConfig, ModuleContext, ModuleError, PulsarModule,
-        ShutdownSignal, Version,
+        ConfigError, Event, Module, ModuleConfig, ModuleContext, ModuleError, PulsarModule, Version,
     },
 };
 
 const MODULE_NAME: &str = "desktop-notifier";
 
-pub fn module() -> PulsarModule {
-    PulsarModule::new(
-        MODULE_NAME,
-        Version::parse(env!("CARGO_PKG_VERSION")).unwrap(),
-        desktop_nitifier_task,
-    )
+#[derive(Clone)]
+pub struct DesktopNotifier {
+    user_id: u32,
+    display: String,
+    notify_send_executable: String,
+    bus_address: String,
 }
 
-async fn desktop_nitifier_task(
-    ctx: ModuleContext,
-    mut shutdown: ShutdownSignal,
-) -> Result<CleanExit, ModuleError> {
-    let mut receiver = ctx.get_receiver();
-    let mut rx_config = ctx.get_config();
-    let mut config = rx_config.read()?;
+impl TryFrom<&ModuleConfig> for DesktopNotifier {
+    type Error = ConfigError;
 
-    loop {
-        tokio::select! {
-            r = shutdown.recv() => return r,
-            _ = rx_config.changed() => {
-                config = rx_config.read()?;
-                continue;
-            }
-            msg = receiver.recv() => {
-                handle_event(&config, msg?).await;
-            }
-        }
+    fn try_from(config: &ModuleConfig) -> Result<Self, Self::Error> {
+        let user_id = config.with_default("user_id", 1000)?;
+        Ok(Self {
+            user_id,
+            display: config.with_default("display", ":0".to_string())?,
+            notify_send_executable: config
+                .with_default("notify_send_executable", "notify-send".to_string())?,
+            bus_address: config
+                .with_default("bus_address", format!("unix:path=/run/user/{user_id}/bus"))?,
+        })
+    }
+}
+
+#[async_trait]
+impl Module for DesktopNotifier {
+    fn start() -> PulsarModule {
+        PulsarModule::new(
+            MODULE_NAME,
+            Version::parse(env!("CARGO_PKG_VERSION")).unwrap(),
+            |ctx: &ModuleContext| {
+                let desktop_notifier: DesktopNotifier = ctx.get_config().read()?;
+                Ok(desktop_notifier)
+            },
+        )
+    }
+
+    async fn on_event(&mut self, event: &Event, _ctx: &ModuleContext) -> Result<(), ModuleError> {
+        handle_event(self, event).await;
+        Ok(())
+    }
+
+    fn on_change(&mut self, ctx: &ModuleContext) -> Result<(), ModuleError> {
+        let desktop_notifier: DesktopNotifier = ctx.get_config().read()?;
+        *self = desktop_notifier;
+        Ok(())
     }
 }
 
 /// Check if the given event is a threat which should be notified to the user
-async fn handle_event(config: &Config, event: Arc<Event>) {
+async fn handle_event(config: &DesktopNotifier, event: &Event) {
     if let Some(Threat {
         source,
         description,
@@ -61,7 +79,7 @@ async fn handle_event(config: &Config, event: Arc<Event>) {
 }
 
 /// Send a desktop notification spawning `notify-send` with the provided arguments
-async fn notify_send(config: &Config, args: Vec<String>) {
+async fn notify_send(config: &DesktopNotifier, args: Vec<String>) {
     let mut command = Command::new(&config.notify_send_executable);
     command
         .args(args)
@@ -96,27 +114,3 @@ async fn notify_send(config: &Config, args: Vec<String>) {
         }
     });
 }
-
-#[derive(Clone)]
-struct Config {
-    user_id: u32,
-    display: String,
-    notify_send_executable: String,
-    bus_address: String,
-}
-
-impl TryFrom<&ModuleConfig> for Config {
-    type Error = ConfigError;
-
-    fn try_from(config: &ModuleConfig) -> Result<Self, Self::Error> {
-        let user_id = config.with_default("user_id", 1000)?;
-        Ok(Self {
-            user_id,
-            display: config.with_default("display", ":0".to_string())?,
-            notify_send_executable: config
-                .with_default("notify_send_executable", "notify-send".to_string())?,
-            bus_address: config
-                .with_default("bus_address", format!("unix:path=/run/user/{user_id}/bus"))?,
-        })
-    }
-}

crates/modules/desktop-notifier/src/lib.rs

@@ -15,6 +15,7 @@ pulsar-core = { path = "../../pulsar-core" }
 nix = "0.26.2"
 tokio = { version = "1", features = ["full"] }
 log = "0.4"
+async-trait = "0.1.73"
 
 [build-dependencies]
 bpf-builder = { path = "../../bpf-builder" }

crates/modules/file-system-monitor/Cargo.toml

@@ -1,8 +1,11 @@
+use async_trait::async_trait;
 use bpf_common::{
     ebpf_program, parsing::BufferIndex, program::BpfContext, BpfSender, Program, ProgramBuilder,
     ProgramError,
 };
 
+use pulsar_core::pdk::{Module, ModuleError};
+
 const MODULE_NAME: &str = "file-system-monitor";
 
 pub async fn program(
@@ -83,50 +86,54 @@ pub mod pulsar {
     use pulsar_core::{
         event::FileFlags,
         pdk::{
-            CleanExit, ConfigError, Event, IntoPayload, ModuleConfig, ModuleContext, ModuleError,
-            ModuleSender, Payload, PulsarModule, ShutdownSignal, Version,
+            ConfigError, Event, IntoPayload, ModuleConfig, ModuleContext, ModuleSender, Payload,
+            PulsarModule, Version,
         },
     };
     use tokio::{fs::File, io::AsyncReadExt};
 
-    pub fn module() -> PulsarModule {
-        PulsarModule::new(
-            MODULE_NAME,
-            Version::parse(env!("CARGO_PKG_VERSION")).unwrap(),
-            fs_monitor_task,
-        )
+    pub struct FileSystemMonitor {
+        sender: ModuleSender,
+        config: Config,
     }
 
-    async fn fs_monitor_task(
-        ctx: ModuleContext,
-        mut shutdown: ShutdownSignal,
-    ) -> Result<CleanExit, ModuleError> {
-        let _program = program(ctx.get_bpf_context(), ctx.get_sender()).await?;
-        let mut receiver = ctx.get_receiver();
-        let mut rx_config = ctx.get_config();
-        let mut config: Config = rx_config.read()?;
-        let sender = ctx.get_sender();
-        loop {
-            // enable receiver only if the elf checker is enabled
-            let receiver_recv = async {
-                if config.elf_check_enabled {
-                    receiver.recv().await
-                } else {
-                    std::future::pending().await
-                }
-            };
-            tokio::select! {
-                Ok(msg) = receiver_recv => {
-                    check_elf(&sender, &config, msg.as_ref()).await;
-                }
-                _ = rx_config.changed() => {
-                    config = rx_config.read()?;
-                }
-                r = shutdown.recv() => return r,
-            }
+    impl FileSystemMonitor {
+        pub fn new(config: Config, sender: ModuleSender) -> Self {
+            Self { config, sender }
         }
     }
 
+    #[async_trait]
+    impl Module for FileSystemMonitor {
+        fn start() -> PulsarModule {
+            PulsarModule::new(
+                MODULE_NAME,
+                Version::parse(env!("CARGO_PKG_VERSION")).unwrap(),
+                |ctx: &ModuleContext| {
+                    let config: Config = ctx.get_config().read()?;
+                    Ok(FileSystemMonitor::new(config, ctx.get_sender()))
+                },
+            )
+        }
+
+        async fn ebpf_probe(&self, ctx: &ModuleContext) -> Result<Option<Program>, ProgramError> {
+            let program = program(ctx.get_bpf_context(), ctx.get_sender()).await?;
+            Ok(Some(program))
+        }
+
+        async fn on_event(
+            &mut self,
+            event: &Event,
+            _ctx: &ModuleContext,
+        ) -> Result<(), ModuleError> {
+            if self.config.elf_check_enabled {
+                check_elf(&self.sender, &self.config, event).await;
+                Ok(())
+            } else {
+                Ok(())
+            }
+        }
+    }
     impl IntoPayload for FsEvent {
         type Error = IndexError;
 
@@ -181,7 +188,7 @@ pub mod pulsar {
         type Error = ConfigError;
 
         fn try_from(config: &ModuleConfig) -> Result<Self, Self::Error> {
-            Ok(Config {
+            Ok(Self {
                 elf_check_enabled: config.with_default("elf_check_enabled", true)?,
                 elf_check_whitelist: config.get_list_with_default(
                     "elf_check_whitelist",

crates/modules/file-system-monitor/src/lib.rs

@@ -12,3 +12,4 @@ bpf-common = { path = "../../bpf-common" }
 tokio = { version = "1", features = ["full"] }
 log = "0.4"
 chrono = { version = "0.4.23", features = ["std"], default-features = false }
+async-trait = "0.1.73"

crates/modules/logger/Cargo.toml

@@ -1,48 +1,17 @@
+use async_trait::async_trait;
 use pulsar_core::pdk::{
-    CleanExit, ConfigError, Event, ModuleConfig, ModuleContext, ModuleError, PulsarModule,
-    ShutdownSignal, Version,
+    ConfigError, Event, Module, ModuleConfig, ModuleContext, ModuleError, PulsarModule, Version,
 };
 
 const MODULE_NAME: &str = "logger";
 
-pub fn module() -> PulsarModule {
-    PulsarModule::new(
-        MODULE_NAME,
-        Version::parse(env!("CARGO_PKG_VERSION")).unwrap(),
-        logger_task,
-    )
-}
-
-async fn logger_task(
-    ctx: ModuleContext,
-    mut shutdown: ShutdownSignal,
-) -> Result<CleanExit, ModuleError> {
-    let mut receiver = ctx.get_receiver();
-    let mut rx_config = ctx.get_config();
-    let mut logger = Logger::from_config(rx_config.read()?);
-
-    loop {
-        tokio::select! {
-            r = shutdown.recv() => return r,
-            _ = rx_config.changed() => {
-                logger = Logger::from_config(rx_config.read()?);
-            }
-            msg = receiver.recv() => {
-                let msg = msg?;
-                logger.process(&msg)
-            },
-        }
-    }
-}
-
-#[derive(Clone)]
-struct Config {
+pub struct Logger {
     console: bool,
     // file: bool, //TODO:
     // syslog: bool, //TODO:
 }
 
-impl TryFrom<&ModuleConfig> for Config {
+impl TryFrom<&ModuleConfig> for Logger {
     type Error = ConfigError;
 
     fn try_from(config: &ModuleConfig) -> Result<Self, Self::Error> {
@@ -54,23 +23,39 @@ impl TryFrom<&ModuleConfig> for Config {
     }
 }
 
-struct Logger {
-    console: bool,
-}
-
 impl Logger {
-    fn from_config(rx_config: Config) -> Self {
-        let Config { console } = rx_config;
-        Self { console }
-    }
-
     fn process(&self, event: &Event) {
         if event.header().threat.is_some() && self.console {
             terminal::print_event(event);
         }
     }
 }
 
+#[async_trait]
+impl Module for Logger {
+    fn start() -> PulsarModule {
+        PulsarModule::new(
+            MODULE_NAME,
+            Version::parse(env!("CARGO_PKG_VERSION")).unwrap(),
+            |ctx: &ModuleContext| {
+                let logger: Logger = ctx.get_config().read()?;
+                Ok(logger)
+            },
+        )
+    }
+
+    async fn on_event(&mut self, event: &Event, _ctx: &ModuleContext) -> Result<(), ModuleError> {
+        self.process(event);
+        Ok(())
+    }
+
+    fn on_change(&mut self, ctx: &ModuleContext) -> Result<(), ModuleError> {
+        let logger: Logger = ctx.get_config().read()?;
+        *self = logger;
+        Ok(())
+    }
+}
+
 pub mod terminal {
     use chrono::{DateTime, Utc};
     use pulsar_core::{event::Threat, pdk::Event};

crates/modules/logger/src/lib.rs

@@ -16,6 +16,7 @@ tokio = { version = "1", features = ["full"] }
 log = "0.4"
 nix = "0.26.2"
 dns-parser = "0.8.0"
+async-trait = "0.1.73"
 
 [build-dependencies]
 bpf-builder = { path = "../../bpf-builder" }