admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix all CI/CD errors: clippy warnings and compilation errors

Browse Source 
- Remove unused import std::path::Path from hooks.rs
- Add #[derive(Debug)] to EbpfDetector
- Add missing mitre_analysis field to DetectionResult
- Change GhostError::Process to GhostError::Detection (variant doesn't exist)
- Prefix all unused event parameters with underscore in ebpf.rs
- Fix formatting in hooks.rs

All tests passing (24 total). Clippy clean with -D warnings.
This commit is contained in:
pandaadir05
2025-11-20 15:18:57 +02:00
parent 655585d9ef
commit efdd086c4e
3 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ghost-core/src/detection.rs
View File

@@ -400,6 +400,7 @@ impl DetectionEngine {
confidence: ebpf_event.confidence, confidence: ebpf_event.confidence,
threat_context: None, threat_context: None,
evasion_analysis: None, evasion_analysis: None,
mitre_analysis: None,
}; };
detection_results.push(detection_result); detection_results.push(detection_result);

13
ghost-core/src/ebpf.rs
View File

@@ -13,6 +13,7 @@ use std::time::{Duration, SystemTime};
/// Linux eBPF-based Process Injection Detection /// Linux eBPF-based Process Injection Detection
/// Provides kernel-level tracing and detection capabilities on Linux systems /// Provides kernel-level tracing and detection capabilities on Linux systems
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
#[derive(Debug)]
pub struct EbpfDetector { pub struct EbpfDetector {
program_manager: EbpfProgramManager, program_manager: EbpfProgramManager,
event_processor: EbpfEventProcessor, event_processor: EbpfEventProcessor,
@@ -800,7 +801,7 @@ impl ProcessCreateHandler {
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
impl EventHandler for ProcessCreateHandler { impl EventHandler for ProcessCreateHandler {
fn handle_event(&mut self, event: &EbpfEvent) -> Option<DetectionEvent> { fn handle_event(&mut self, _event: &EbpfEvent) -> Option<DetectionEvent> {
// Process creation event handling logic // Process creation event handling logic
None None
} }
@@ -822,7 +823,7 @@ impl MemoryMapHandler {
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
impl EventHandler for MemoryMapHandler { impl EventHandler for MemoryMapHandler {
fn handle_event(&mut self, event: &EbpfEvent) -> Option<DetectionEvent> { fn handle_event(&mut self, _event: &EbpfEvent) -> Option<DetectionEvent> {
// Memory mapping event handling logic // Memory mapping event handling logic
None None
} }
@@ -844,7 +845,7 @@ impl MemoryProtectHandler {
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
impl EventHandler for MemoryProtectHandler { impl EventHandler for MemoryProtectHandler {
fn handle_event(&mut self, event: &EbpfEvent) -> Option<DetectionEvent> { fn handle_event(&mut self, _event: &EbpfEvent) -> Option<DetectionEvent> {
// Memory protection change event handling logic // Memory protection change event handling logic
None None
} }
@@ -866,7 +867,7 @@ impl InjectionHandler {
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
impl EventHandler for InjectionHandler { impl EventHandler for InjectionHandler {
fn handle_event(&mut self, event: &EbpfEvent) -> Option<DetectionEvent> { fn handle_event(&mut self, _event: &EbpfEvent) -> Option<DetectionEvent> {
// Process injection event handling logic // Process injection event handling logic
None None
} }
@@ -907,7 +908,7 @@ impl EbpfEventProcessor {
self.event_handlers.insert(event_type, handler); self.event_handlers.insert(event_type, handler);
} }
pub fn process_event(&mut self, event: EbpfEvent) -> Option<DetectionEvent> { pub fn process_event(&mut self, _event: EbpfEvent) -> Option<DetectionEvent> {
// Event processing logic // Event processing logic
None None
} }
@@ -937,7 +938,7 @@ impl EbpfFilterManager {
self.active_filters.insert(filter.filter_id.clone(), filter); self.active_filters.insert(filter.filter_id.clone(), filter);
} }
pub fn should_process(&self, event: &EbpfEvent) -> bool { pub fn should_process(&self, _event: &EbpfEvent) -> bool {
// Filter evaluation logic // Filter evaluation logic
true true
} }

18
ghost-core/src/hooks.rs
View File

@@ -154,7 +154,7 @@ mod platform {
false, false,
target_pid, target_pid,
) )
.map_err(|e| GhostError::Process { .map_err(|e| GhostError::Detection {
message: format!("Failed to open process: {}", e), message: format!("Failed to open process: {}", e),
})?; })?;
@@ -172,7 +172,7 @@ mod platform {
if result.is_err() { if result.is_err() {
let _ = CloseHandle(handle); let _ = CloseHandle(handle);
return Err(GhostError::Process { return Err(GhostError::Detection {
message: "Failed to enumerate process modules".to_string(), message: "Failed to enumerate process modules".to_string(),
}); });
} }
@@ -359,7 +359,6 @@ mod platform {
use super::{HookDetectionResult, HookInfo, HookType}; use super::{HookDetectionResult, HookInfo, HookType};
use crate::{GhostError, Result}; use crate::{GhostError, Result};
use std::fs; use std::fs;
use std::path::Path;
/// Detect hook injection on Linux (LD_PRELOAD, LD_LIBRARY_PATH, ptrace). /// Detect hook injection on Linux (LD_PRELOAD, LD_LIBRARY_PATH, ptrace).
pub fn detect_hook_injection(target_pid: u32) -> Result<HookDetectionResult> { pub fn detect_hook_injection(target_pid: u32) -> Result<HookDetectionResult> {
@@ -410,7 +409,7 @@ mod platform {
fn detect_ld_preload(pid: u32) -> Result<Vec<HookInfo>> { fn detect_ld_preload(pid: u32) -> Result<Vec<HookInfo>> {
let environ_path = format!("/proc/{}/environ", pid); let environ_path = format!("/proc/{}/environ", pid);
let environ_content = let environ_content =
fs::read_to_string(&environ_path).map_err(|e| GhostError::Process { fs::read_to_string(&environ_path).map_err(|e| GhostError::Detection {
message: format!("Failed to read process environment: {}", e), message: format!("Failed to read process environment: {}", e),
})?; })?;
@@ -444,7 +443,7 @@ mod platform {
fn detect_ld_library_path(pid: u32) -> Result<Vec<HookInfo>> { fn detect_ld_library_path(pid: u32) -> Result<Vec<HookInfo>> {
let environ_path = format!("/proc/{}/environ", pid); let environ_path = format!("/proc/{}/environ", pid);
let environ_content = let environ_content =
fs::read_to_string(&environ_path).map_err(|e| GhostError::Process { fs::read_to_string(&environ_path).map_err(|e| GhostError::Detection {
message: format!("Failed to read process environment: {}", e), message: format!("Failed to read process environment: {}", e),
})?; })?;
@@ -486,9 +485,10 @@ mod platform {
/// Detect ptrace attachment (debugging/injection). /// Detect ptrace attachment (debugging/injection).
fn detect_ptrace_attachment(pid: u32) -> Result<bool> { fn detect_ptrace_attachment(pid: u32) -> Result<bool> {
let status_path = format!("/proc/{}/status", pid); let status_path = format!("/proc/{}/status", pid);
let status_content = fs::read_to_string(&status_path).map_err(|e| GhostError::Process { let status_content =
message: format!("Failed to read process status: {}", e), fs::read_to_string(&status_path).map_err(|e| GhostError::Detection {
})?; message: format!("Failed to read process status: {}", e),
})?;
// Look for TracerPid field // Look for TracerPid field
for line in status_content.lines() { for line in status_content.lines() {
@@ -512,7 +512,7 @@ mod platform {
/// Detect suspicious loaded libraries. /// Detect suspicious loaded libraries.
fn detect_suspicious_libraries(pid: u32) -> Result<Vec<HookInfo>> { fn detect_suspicious_libraries(pid: u32) -> Result<Vec<HookInfo>> {
let maps_path = format!("/proc/{}/maps", pid); let maps_path = format!("/proc/{}/maps", pid);
let maps_content = fs::read_to_string(&maps_path).map_err(|e| GhostError::Process { let maps_content = fs::read_to_string(&maps_path).map_err(|e| GhostError::Detection {
message: format!("Failed to read process maps: {}", e), message: format!("Failed to read process maps: {}", e),
})?; })?;