(_ *cobra.Command, args []string)
| 167 | } |
| 168 | |
| 169 | func runBpftrace(_ *cobra.Command, args []string) error { |
| 170 | // Validate image version |
| 171 | if traceRetinaShellImageVersion == "" { |
| 172 | return errMissingRequiredRetinaShellImageVersionArg |
| 173 | } |
| 174 | |
| 175 | // === SECURITY: Validate all user inputs BEFORE any use === |
| 176 | |
| 177 | // Validate IP filter (strict parsing) |
| 178 | filterIP, err := ValidateFilterIP(traceFilterIP) |
| 179 | if err != nil { |
| 180 | return fmt.Errorf("invalid --ip: %w", err) |
| 181 | } |
| 182 | |
| 183 | // Validate CIDR filter (strict parsing) |
| 184 | filterCIDR, err := ValidateFilterCIDR(traceFilterCIDR) |
| 185 | if err != nil { |
| 186 | return fmt.Errorf("invalid --cidr: %w", err) |
| 187 | } |
| 188 | |
| 189 | // Validate output format (whitelist) |
| 190 | outputFormat, err := ValidateOutputFormat(traceOutputFormat) |
| 191 | if err != nil { |
| 192 | return err |
| 193 | } |
| 194 | |
| 195 | // Get namespace |
| 196 | namespace, explicitNamespace, err := traceMatchVersionFlags.ToRawKubeConfigLoader().Namespace() |
| 197 | if err != nil { |
| 198 | return fmt.Errorf("error retrieving namespace arg: %w", err) |
| 199 | } |
| 200 | |
| 201 | // Parse node argument (only nodes supported, not pods) |
| 202 | r := resource.NewBuilder(traceConfigFlags). |
| 203 | WithScheme(scheme.Scheme, scheme.Scheme.PrioritizedVersionsAllGroups()...). |
| 204 | FilenameParam(explicitNamespace, &resource.FilenameOptions{}). |
| 205 | NamespaceParam(namespace).DefaultNamespace().ResourceNames("nodes", args[0]). |
| 206 | Do() |
| 207 | if rerr := r.Err(); rerr != nil { |
| 208 | return fmt.Errorf("error constructing resource builder: %w", rerr) |
| 209 | } |
| 210 | |
| 211 | // Get REST config |
| 212 | restConfig, err := traceMatchVersionFlags.ToRESTConfig() |
| 213 | if err != nil { |
| 214 | return fmt.Errorf("error constructing REST config: %w", err) |
| 215 | } |
| 216 | |
| 217 | // Visit the resource (should be a node) |
| 218 | return r.Visit(func(info *resource.Info, err error) error { //nolint:wrapcheck // visitor pattern returns errors as-is |
| 219 | if err != nil { |
| 220 | return err |
| 221 | } |
| 222 | |
| 223 | switch obj := info.Object.(type) { |
| 224 | case *v1.Node: |
| 225 | nodeName := obj.Name |
| 226 | podNamespace := namespace |
nothing calls this directly
no test coverage detected