Skip to content

Commit

Permalink
docs(commands): add documentation about build command (#23)
Browse files Browse the repository at this point in the history
* docs(commands): add documentation about build command

Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>

* Update docs/commands.md

Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>

* Update docs/commands.md

Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>

* Update docs/commands.md

Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>

* Update docs/commands.md

Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>

---------

Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>
  • Loading branch information
alegrey91 and ccoVeille authored Aug 3, 2024
1 parent bc4103d commit 5cfcbda
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 5 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ getrlimit

These are the syscalls that have been executed by the traced function!

**N.B.** For a complete list of available command, take a look [here](docs/commands.md).
**N.B.** For a complete list of available commands, take a look [here](docs/commands.md).

## Installation

Expand Down
24 changes: 20 additions & 4 deletions docs/commands.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

Harpoon has several commands that you can use.

The common way of using `harpoon` is to execute the available commands as follow:

* [`harpoon analyze`](#analyze-) to analyze the project to infer symbols to be traced. This will create a `.harpoon.yml` file.

* [`harpoon hunt`](#hunt-) by passing the `.harpoon.yml` file to trace the functions and get their system calls. This will generate the `./harpoon/` directory with the metadata that contain the system calls traced.

* [`harpoon build`](#build-️) to read the metadata files and provide the **seccomp** profile.

## Analyze

The `analyze` command is used to analyze the project's folder and get the list of function symbols you want to trace.
Expand All @@ -16,12 +24,20 @@ Run it on your project folder:
sudo harpoon analyze --exclude .git/ .
```

## Build

The `build` command collects the metadata files (created by the `hunt` command under the `harpoon/` directory) and use them to create a **seccomp** profile based on their content.

```sh
sudo harpoon build -D ./harpoon/
```

## Capture

The `capture` command is the "core" of `harpoon`. This trace the function symbols passed as argument for the give binary.
The `capture` command is the "core" of `harpoon`. This traces the function symbols passed as argument for the give binary.

```sh
sudo harpoon capture -f github.com/alegrey91/fwdctl/pkg/iptables.interfaceExists .harpoon/interface.test
sudo harpoon capture -f github.com/user/repo/pkg/pkgname.functionName .harpoon/packagebin.test
```

The result, is a list of system call executed by the function during the run of the binary.
Expand All @@ -35,7 +51,7 @@ The command needs a file as input paramenter that is the result of the `analyze`
This will loop over the entries of the file, capturing the system calls of each entry.

```sh
harpoon hunt --file .harpoon.yml -S -D seccomp
harpoon hunt --file .harpoon.yml -S
```

This will create a directory `seccomp/` with the list of system calls traced from the execution of the different test binaries present in the `.harpoon.yml` file.
This will create the directory `harpoon/` with the list of system calls traced from the execution of the different test binaries present in the `.harpoon.yml` file.

0 comments on commit 5cfcbda

Please sign in to comment.