权限被拒绝：Go中monkey.PatchInstanceMethod返回的错误

学习知识要善于思考，思考，再思考！今天golang学习网小编就给大家带来《权限被拒绝：Go中monkey.PatchInstanceMethod返回的错误》，以下内容主要包含等知识点，如果你正在学习或准备学习Golang，就都不要错过本文啦~让我们一起来看看吧，能帮助到你就更好了！

我试图提出一个简单、最小的示例来重现此错误，但无法做到（它只发生在一个私人存储库中），但我将首先展示我的尝试。假设我们有一个具有以下结构的 go 模块：

.
├── command
│   ├── command.go
│   └── command_test.go
├── go.mod
└── go.sum

go.mod 读取的位置

module github.com/kurtpeek/monkeypatching

go 1.12

require (
    bou.ke/monkey v1.0.2
    github.com/google/go-cmp v0.3.1 // indirect
    github.com/pkg/errors v0.8.1 // indirect
    github.com/stretchr/testify v1.4.0
    gotest.tools v2.2.0+incompatible
)

和 command.go 读取

package command

import "os/exec"

// runcommand runs a command
func runcommand() ([]byte, error) {
    return exec.command("profiles", "list", "-all").output()
}

和command_test.go

package command

import (
    "os/exec"
    "reflect"
    "testing"

    "bou.ke/monkey"
    "github.com/stretchr/testify/assert"
    "github.com/stretchr/testify/require"
)

func testruncommand(t *testing.t) {
    var cmd *exec.cmd
    patchguard := monkey.patchinstancemethod(reflect.typeof(cmd), "output", func(_ *exec.cmd) ([]byte, error) {
        return []byte("foobar"), nil
    })
    defer patchguard.unpatch()

    output, err := runcommand()
    require.noerror(t, err)
    assert.equal(t, []byte("foobar"), output)
}

此测试通过。

现在，在我的“真实”存储库中，我有一个类似的单元测试

func testfindidentity(t *testing.t) {
    certpem, err := ioutil.readfile("testdata/6dc9bf91-37c6-4882-bfaf-301f118f7fac.pem")
    require.noerror(t, err)

    var cmd *exec.cmd
    patchguard := monkey.patchinstancemethod(reflect.typeof(cmd), "output", func(_ *exec.cmd) ([]byte, error) {
        output, err := ioutil.readfile("testdata/find_identity_match.txt")
        require.noerror(t, err)
        return output, nil
    })
    defer patchguard.unpatch()

    found, err := findidentity(certpem)

    assert.true(t, found)
}

findidentity() 读取的位置

// findidentity checks whether there is an identity (certificate + private key) for the given certificate in the system keychain
func findidentity(certpem []byte) (bool, error) {
    ctx, cancel := context.withtimeout(context.todo(), time.second*5)
    defer cancel()

    fingerprint, err := getfingerprint(certpem)
    if err != nil {
        return false, fmt.errorf("get cert fingerprint: %v", err)
    }

    output, err := exec.commandcontext(ctx, cmdsecurity, "find-identity", systemkeychain).output()
    if err != nil {
        return false, fmt.errorf("find identity: %v", err)
    }

    return strings.contains(string(output), fingerprint), nil
}

// getfingerprint generates a sha-1 fingerprint of a certificate, which is how it can be identified from the `security` command
func getfingerprint(certpem []byte) (string, error) {
    block, _ := pem.decode(certpem)
    if block == nil {
        return "", errors.new("failed to decode cert pem")
    }

    cert, err := x509.parsecertificate(block.bytes)
    if err != nil {
        return "", fmt.errorf("parse certificate: %v", err)
    }

    fingerprint := fmt.sprintf("%x", sha1.sum(cert.raw))
    fingerprint = strings.replace(fingerprint, " ", "", -1)
    return strings.toupper(fingerprint), nil
}

同样，它使用在单元测试中修补的 command 。但是，如果我尝试运行单元测试，则会收到此错误：

running tool: /usr/local/opt/[email protected]/bin/go test -timeout 30s github.com/fleetsmith/agent/agent/auth/defaultauth -run ^(testfindidentity)$

--- fail: testfindidentity (0.00s)
panic: permission denied [recovered]
    panic: permission denied

goroutine 25 [running]:
testing.trunner.func1(0xc000494100)
    /usr/local/cellar/[email protected]/1.12.12/libexec/src/testing/testing.go:830 +0x392
panic(0x48fede0, 0xc000554730)
    /usr/local/cellar/[email protected]/1.12.12/libexec/src/runtime/panic.go:522 +0x1b5
bou.ke/monkey.mprotectcrosspage(0x41c20e0, 0xc, 0x7)
    /users/kurt/go/pkg/mod/bou.ke/[email protected]/replace_unix.go:15 +0xe6
bou.ke/monkey.copytolocation(0x41c20e0, 0xc0000ebd2c, 0xc, 0xc)
    /users/kurt/go/pkg/mod/bou.ke/[email protected]/replace_unix.go:26 +0x6d
bou.ke/monkey.replacefunction(0x41c20e0, 0xc0001a2510, 0x13, 0x41c20e0, 0x48c3b00)
    /users/kurt/go/pkg/mod/bou.ke/[email protected]/replace.go:29 +0xe6
bou.ke/monkey.patchvalue(0x48c3b60, 0xc0000bc078, 0x13, 0x48c3b60, 0xc0001a2510, 0x13)
    /users/kurt/go/pkg/mod/bou.ke/[email protected]/monkey.go:87 +0x22f
bou.ke/monkey.patchinstancemethod(0x4b359a0, 0x4996280, 0x49d0699, 0x6, 0x48c3b60, 0xc0001a2510, 0x0)
    /users/kurt/go/pkg/mod/bou.ke/[email protected]/monkey.go:62 +0x160
github.com/fleetsmith/agent/agent/auth/defaultauth.testfindidentity(0xc000494100)
    /users/kurt/go/src/github.com/fleetsmith/agent/agent/auth/defaultauth/keychain_test.go:46 +0x146
testing.trunner(0xc000494100, 0x4a30260)
    /usr/local/cellar/[email protected]/1.12.12/libexec/src/testing/testing.go:865 +0xc0
created by testing.(*t).run
    /usr/local/cellar/[email protected]/1.12.12/libexec/src/testing/testing.go:916 +0x35a
fail    github.com/fleetsmith/agent/agent/auth/defaultauth  0.390s
error: tests failed.

具体来说，在这一行调用 monkey.patchinstancemethod 时，我收到 permission returned 恐慌：

patchGuard := monkey.PatchInstanceMethod(reflect.TypeOf(cmd), "Output", func(_ *exec.Cmd) ([]byte, error) {

})

知道什么可能导致这种情况吗？我的“真实”存储库和我的临时存储库之间肯定存在一些差异。

解决方案

您可以尝试这个：https://github.com/eisenxp/macos-golink-wrapper

这是在 macos catalina 10.15.x 上使用 gomonkey 或 gohook 时 golang 中“syscall.mprotect panic: permission denied”的解决方案。

1. 下载该工具。

cd `go env gopath`
git clone https://github.com/eisenxp/macos-golink-wrapper.git

1. 将文件 link 重命名为 original_link

mv `go env gotooldir`/link `go env gotooldir`/original_link

1. 将工具复制到 gotooldir

cp `go env gopath`/macos-golink-wrapper/link  `go env gotooldir`/link

1. 给link添加执行权限

chmod +x `go env GOTOOLDIR`/link

这解决了我的问题，希望对你有帮助。

好了，本文到此结束，带大家了解了《权限被拒绝：Go中monkey.PatchInstanceMethod返回的错误》，希望本文对你有所帮助！关注golang学习网公众号，给大家分享更多Golang知识！