Skip to content

Commit 9cfd2e5

Browse files
NDStrahilevitzNDStrahilevitz
committed
fix(engine):disable feedback
Feedback from findings back into the engines could cause a deadlock. This is because the engine would eventually block on trying to to send a new event to the feedbacking signature. This would cause a deadlock there - propagating back to the engine and pipeline in general. Commenting out the feedback for now.
1 parent 7cd3c47 commit 9cfd2e5

File tree

1 file changed

+17
-12
lines changed

1 file changed

+17
-12
lines changed

pkg/signatures/engine/engine.go

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
"fmt"
77
"sync"
88

9-
"github.com/aquasecurity/tracee/pkg/events/findings"
109
"github.com/aquasecurity/tracee/pkg/logger"
1110
"github.com/aquasecurity/tracee/pkg/signatures/metrics"
1211
"github.com/aquasecurity/tracee/types/detect"
@@ -148,17 +147,23 @@ func (engine *Engine) unloadAllSignatures() {
148147
func (engine *Engine) matchHandler(res *detect.Finding) {
149148
_ = engine.stats.Detections.Increment()
150149
engine.output <- res
151-
if !engine.config.Enabled {
152-
return
153-
// next section is relevant only for engine-in-pipeline and analyze
154-
}
155-
e, err := findings.FindingToEvent(res)
156-
if err != nil {
157-
logger.Errorw("Failed to convert finding to event, will not feedback", "err", err)
158-
return
159-
}
160-
prot := e.ToProtocol()
161-
engine.inputs.Tracee <- prot
150+
// TODO: the feedback is disabled for now, as it was causing a deadlock
151+
// when the engine was blocked on sending a new event to the feedbacking signature.
152+
// This is because the engine would eventually block on trying to to send
153+
// a new event to the feedbacking signature. This would cause a deadlock
154+
// there - propagating back to the engine and pipeline in general.
155+
// We should keep it here for reference until we find a better solution.
156+
// if !engine.config.Enabled {
157+
// return
158+
// // next section is relevant only for engine-in-pipeline and analyze
159+
// }
160+
// e, err := findings.FindingToEvent(res)
161+
// if err != nil {
162+
// logger.Errorw("Failed to convert finding to event, will not feedback", "err", err)
163+
// return
164+
// }
165+
// prot := e.ToProtocol()
166+
// engine.inputs.Tracee <- prot
162167
}
163168

164169
// checkCompletion is a function that runs at the end of each input source

0 commit comments

Comments
 (0)