From 72dc71dd1448de5f6e69a648bb5f13fa8995be52 Mon Sep 17 00:00:00 2001 From: Alex Ilgayev Date: Tue, 18 Mar 2025 12:34:19 +0200 Subject: [PATCH] feat: memory protection --- action.yml | 4 ++++ dist/main/index.js | 7 +++++++ src/main/index.js | 7 +++++++ 3 files changed, 18 insertions(+) diff --git a/action.yml b/action.yml index fed0cea..8b15f62 100644 --- a/action.yml +++ b/action.yml @@ -28,6 +28,10 @@ inputs: description: Enable file integrity module in prevent mode required: false default: 'false' + memory-protection: + description: Enable memory protection module in prevent mode + required: false + default: 'false' ignored-ip-nets: description: | A comma or white space separated list of ignored IP networks in CIDR diff --git a/dist/main/index.js b/dist/main/index.js index ce44a0a..59008e1 100644 --- a/dist/main/index.js +++ b/dist/main/index.js @@ -3552,6 +3552,7 @@ function getActionConfig() { allowedIPs: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('allowed-ips'), allowedHosts: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('allowed-hosts'), fileIntegrity: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getBooleanInput('file-integrity'), + memoryProtection: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getBooleanInput('memory-protection'), ignoredIPNets: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('ignored-ip-nets'), applyFsEvents: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getBooleanInput('apply-fs-events'), clientId: _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('client-id'), @@ -3623,6 +3624,7 @@ async function run(config) { CIMON_ALLOWED_IPS: config.cimon.allowedIPs, CIMON_ALLOWED_HOSTS: config.cimon.allowedHosts, CIMON_FILE_INTEGRITY: config.cimon.fileIntegrity, + CIMON_MEM_PROT: config.cimon.memoryProtection, CIMON_IGNORED_IP_NETS: config.cimon.ignoredIPNets, CIMON_REPORT_GITHUB_JOB_SUMMARY: config.github.jobSummary, CIMON_REPORT_PR_SUMMARY: config.github.prSummary, @@ -3646,6 +3648,11 @@ async function run(config) { env.CIMON_FS_SENSOR_PERF_MODE = false; } + if (config.cimon.memoryProtection) { + // Feature flags that required for the memory protection module. + env.CIMON_FEATURE_GATES = 'FSSensor=1'; + } + var retval; const sudo = await sudoExists(); const options = { diff --git a/src/main/index.js b/src/main/index.js index 35bd6ec..609543c 100644 --- a/src/main/index.js +++ b/src/main/index.js @@ -30,6 +30,7 @@ function getActionConfig() { allowedIPs: core.getInput('allowed-ips'), allowedHosts: core.getInput('allowed-hosts'), fileIntegrity: core.getBooleanInput('file-integrity'), + memoryProtection: core.getBooleanInput('memory-protection'), ignoredIPNets: core.getInput('ignored-ip-nets'), applyFsEvents: core.getBooleanInput('apply-fs-events'), clientId: core.getInput('client-id'), @@ -101,6 +102,7 @@ async function run(config) { CIMON_ALLOWED_IPS: config.cimon.allowedIPs, CIMON_ALLOWED_HOSTS: config.cimon.allowedHosts, CIMON_FILE_INTEGRITY: config.cimon.fileIntegrity, + CIMON_MEM_PROT: config.cimon.memoryProtection, CIMON_IGNORED_IP_NETS: config.cimon.ignoredIPNets, CIMON_REPORT_GITHUB_JOB_SUMMARY: config.github.jobSummary, CIMON_REPORT_PR_SUMMARY: config.github.prSummary, @@ -124,6 +126,11 @@ async function run(config) { env.CIMON_FS_SENSOR_PERF_MODE = false; } + if (config.cimon.memoryProtection) { + // Feature flags that required for the memory protection module. + env.CIMON_FEATURE_GATES = 'FSSensor=1'; + } + var retval; const sudo = await sudoExists(); const options = {