This commit is contained in:
Tad Glines 2022-07-20 12:42:18 -07:00 коммит произвёл GitHub
Родитель a6b35d06e5
Коммит efe4fab8fb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
10 изменённых файлов: 73 добавлений и 79 удалений

Просмотреть файл

@ -17,7 +17,7 @@
cmake_minimum_required(VERSION 2.8.12)
project(auoms)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17 -Werror=return-type")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -ggdb")
set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO} -ggdb -Wl,-z,relro -Wl,-z,now -fstack-protector-strong -D_FORTIFY_SOURCE=2")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb")
@ -100,10 +100,7 @@ add_executable(auomscollect
SchedPriority.cpp
)
# See https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html
# and https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html
# for why it is safe to use -static-libgcc -static-libstdc++
#set_target_properties(auomscollect PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
target_compile_options(auomscollect PRIVATE "-Werror")
target_link_libraries(auomscollect
dl
@ -188,11 +185,7 @@ add_executable(auoms
CmdlineRedactor.cpp
)
# See https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html
# and https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html
# for why it is safe to use -static-libgcc -static-libstdc++
#set_target_properties(auoms PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -Wl,--wrap=memcpy -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
#set_target_properties(auoms PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
target_compile_options(auoms PRIVATE "-Werror")
target_link_libraries(auoms
libre2.a
@ -247,11 +240,7 @@ add_executable(auomsctl
CmdlineRedactor.cpp
)
# See https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html
# and https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html
# for why it is safe to use -static-libgcc -static-libstdc++
#set_target_properties(auoms PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -Wl,--wrap=memcpy -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
#set_target_properties(auomsctl PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
target_compile_options(auomsctl PRIVATE "-Werror")
target_link_libraries(auomsctl
libre2.a
@ -280,8 +269,6 @@ add_executable(testreceiver
UnixDomainListener.cpp
)
#set_target_properties(testreceiver PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
install(TARGETS
testreceiver
RUNTIME DESTINATION ${CMAKE_BINARY_DIR}/release/bin
@ -291,8 +278,6 @@ add_executable(fakeaudispd
fakeaudispd.cpp
)
#set_target_properties(fakeaudispd PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
install(TARGETS
fakeaudispd
RUNTIME DESTINATION ${CMAKE_BINARY_DIR}/release/bin
@ -306,8 +291,6 @@ add_executable(file2sock
Event.cpp
)
#set_target_properties(file2sock PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
install(TARGETS
file2sock
RUNTIME DESTINATION ${CMAKE_BINARY_DIR}/release/bin

Просмотреть файл

@ -200,6 +200,8 @@ bool CollectionMonitor::is_collector_alive() {
}
void CollectionMonitor::send_audit_pid_report(int pid) {
static std::string_view SV_EMPTY;
auto pinfo = ProcessInfo::OpenPid(pid, 0);
std::string exe;
int ppid = -1;
@ -220,13 +222,13 @@ void CollectionMonitor::send_audit_pid_report(int pid) {
if (!_builder.BeginRecord(static_cast<uint32_t>(RecordType::AUOMS_COLLECTOR_REPORT), RecordTypeToName(RecordType::AUOMS_COLLECTOR_REPORT), "", 3)) {
return;
}
if (!_builder.AddField("pid", std::to_string(pid), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder.AddField("pid", std::to_string(pid), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return;
}
if(!_builder.AddField("ppid", std::to_string(ppid), nullptr, field_type_t::UNCLASSIFIED)) {
if(!_builder.AddField("ppid", std::to_string(ppid), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return;
}
if(!_builder.AddField("exe", exe, nullptr, field_type_t::UNCLASSIFIED)) {
if(!_builder.AddField("exe", exe, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return;
}
if(!_builder.EndRecord()) {

Просмотреть файл

@ -34,7 +34,7 @@
void write_error(int reason, int err, int fd) {
uint32_t code = (static_cast<uint32_t>(reason) << 16) | static_cast<uint32_t>(err);
write(fd, &code, sizeof(code));
auto ignored = write(fd, &code, sizeof(code));
}
void Cmd::cleanup() {

Просмотреть файл

@ -71,7 +71,7 @@ int LockFile::Lock() {
} else {
ret = PREVIOUSLY_ABANDONED;
}
ftruncate(fd, 0);
auto ignored = ftruncate(fd, 0);
}
std::string pid = std::to_string(getpid());
@ -93,6 +93,6 @@ int LockFile::Lock() {
}
void LockFile::Unlock() {
ftruncate(_fd, 0);
auto ignored = ftruncate(_fd, 0);
close(_fd);
}

Просмотреть файл

@ -92,7 +92,7 @@ void Logger::_log_write(int level, const char* fmt, va_list ap)
if (_enable_syslog) {
syslog(level, "%s", buffer);
} else {
(void)write(2, buffer, nr);
auto ignored = write(2, buffer, nr);
}
if (_log_fn) {
_log_fn(buffer, nr);

Просмотреть файл

@ -82,6 +82,8 @@ std::string system_time_to_iso3339(const std::chrono::system_clock::time_point s
}
bool Metrics::send_metrics() {
static std::string_view SV_EMPTY;
MetricAggregateSnapshot snap;
auto rec_type = RecordType::AUOMS_METRIC;
@ -103,38 +105,38 @@ bool Metrics::send_metrics() {
if (!_builder->BeginRecord(static_cast<uint32_t>(rec_type), rec_type_name, "", num_fields)) {
return false;
}
if (!_builder->AddField("version", AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("version", AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("StartTime", system_time_to_iso3339(snap.start_time), nullptr,
if (!_builder->AddField("StartTime", system_time_to_iso3339(snap.start_time), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("EndTime", system_time_to_iso3339(snap.end_time), nullptr,
if (!_builder->AddField("EndTime", system_time_to_iso3339(snap.end_time), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Namespace", snap.namespace_name, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Namespace", snap.namespace_name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Name", snap.name, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Name", snap.name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("SamplePeriod", std::to_string(snap.sample_period), nullptr,
if (!_builder->AddField("SamplePeriod", std::to_string(snap.sample_period), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("NumSamples", std::to_string(snap.num_samples), nullptr,
if (!_builder->AddField("NumSamples", std::to_string(snap.num_samples), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Min", std::to_string(snap.min), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Min", std::to_string(snap.min), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Max", std::to_string(snap.max), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Max", std::to_string(snap.max), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Avg", std::to_string(snap.avg), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Avg", std::to_string(snap.avg), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->EndRecord()) {
@ -150,6 +152,8 @@ bool Metrics::send_metrics() {
}
bool Metrics::send_log_metrics(bool flush_all) {
static std::string_view SV_EMPTY;
auto rec_type = RecordType::AUOMS_METRIC;
auto rec_type_name = RecordTypeToName(RecordType::AUOMS_METRIC);
@ -174,46 +178,46 @@ bool Metrics::send_log_metrics(bool flush_all) {
if (!_builder->BeginRecord(static_cast<uint32_t>(rec_type), rec_type_name, "", num_fields)) {
return false;
}
if (!_builder->AddField("version", AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("version", AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("StartTime", system_time_to_iso3339(lm->_start_time), nullptr,
if (!_builder->AddField("StartTime", system_time_to_iso3339(lm->_start_time), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("EndTime", system_time_to_iso3339(lm->_end_time), nullptr,
if (!_builder->AddField("EndTime", system_time_to_iso3339(lm->_end_time), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Namespace", _proc_name, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Namespace", _proc_name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Name", "log", nullptr, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("SamplePeriod", std::to_string(static_cast<uint64_t>(MetricPeriod::MINUTE)), nullptr,
if (!_builder->AddField("SamplePeriod", std::to_string(static_cast<uint64_t>(MetricPeriod::MINUTE)), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("NumSamples", std::to_string(1), nullptr,
if (!_builder->AddField("NumSamples", std::to_string(1), SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Min", std::to_string(static_cast<double>(lm->_count)), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Min", std::to_string(static_cast<double>(lm->_count)), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Max", std::to_string(static_cast<double>(lm->_count)), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Max", std::to_string(static_cast<double>(lm->_count)), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Avg", std::to_string(static_cast<double>(lm->_count)), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField("Avg", std::to_string(static_cast<double>(lm->_count)), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder->AddField("Message", lm->_fmt, nullptr,
if (!_builder->AddField("Message", lm->_fmt, SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}
if (include_fist_msg) {
if (!_builder->AddField("Data", lm->_first_msg, nullptr,
if (!_builder->AddField("Data", lm->_first_msg, SV_EMPTY,
field_type_t::UNCLASSIFIED)) {
return false;
}

Просмотреть файл

@ -250,6 +250,8 @@ std::string OperationalStatus::get_json_status() {
}
bool OperationalStatus::send_status() {
static std::string_view SV_EMPTY;
struct timeval tv;
gettimeofday(&tv, nullptr);
@ -274,20 +276,20 @@ bool OperationalStatus::send_status() {
return false;
}
if (!_builder.AddField("desired_audit_rules", _desired_audit_rules, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder.AddField("desired_audit_rules", _desired_audit_rules, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder.AddField("loaded_audit_rules", _loaded_audit_rules, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder.AddField("loaded_audit_rules", _loaded_audit_rules, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!_builder.AddField("redaction_rules", _redaction_rules, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder.AddField("redaction_rules", _redaction_rules, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
if (!errors.empty()) {
if (!_builder.AddField("errors", errors, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder.AddField("errors", errors, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
}

Просмотреть файл

@ -66,6 +66,7 @@ void RawEventProcessor::process_event(const Event& event) {
using namespace std::string_view_literals;
static auto SV_EMPTY = ""sv;
static auto SV_PID = "pid"sv;
static auto SV_PPID = "ppid"sv;
static auto SV_CONTAINERID = "containerid"sv;
@ -95,7 +96,7 @@ void RawEventProcessor::process_event(const Event& event) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
@ -122,7 +123,7 @@ void RawEventProcessor::process_event(const Event& event) {
}
}
if (pid_field) {
if (!_builder->AddField(SV_CONTAINERID, containerId, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_CONTAINERID, containerId, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
}
@ -418,7 +419,7 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
@ -590,23 +591,23 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
_path_ouid.append(SV_JSON_ARRAY_END);
_path_ogid.append(SV_JSON_ARRAY_END);
if (!_builder->AddField(SV_PATH_NAME, _path_name, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_PATH_NAME, _path_name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_PATH_NAMETYPE, _path_nametype, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_PATH_NAMETYPE, _path_nametype, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_PATH_MODE, _path_mode, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_PATH_MODE, _path_mode, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_PATH_OUID, _path_ouid, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_PATH_OUID, _path_ouid, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_PATH_OGID, _path_ogid, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_PATH_OGID, _path_ogid, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
}
@ -626,11 +627,11 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
_execve_converter.Convert(execve_recs, _cmdline);
_cmdline_redactor->ApplyRules(_cmdline, _tmp_val);
if (!_builder->AddField(SV_CMDLINE, _cmdline, nullptr, field_type_t::UNESCAPED)) {
if (!_builder->AddField(SV_CMDLINE, _cmdline, SV_EMPTY, field_type_t::UNESCAPED)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_REDACTORS, _tmp_val, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_REDACTORS, _tmp_val, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
} else {
@ -656,11 +657,11 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
ExecveConverter::ConvertRawCmdline(_unescaped_val, _cmdline);
_cmdline_redactor->ApplyRules(_cmdline, _tmp_val);
if (!_builder->AddField(SV_PROCTITLE, _cmdline, nullptr, field_type_t::PROCTITLE)) {
if (!_builder->AddField(SV_PROCTITLE, _cmdline, SV_EMPTY, field_type_t::PROCTITLE)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_REDACTORS, _tmp_val, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_REDACTORS, _tmp_val, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
}
@ -689,7 +690,7 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
for (auto& field: dropped_rec) {
_field_name.assign(SV_DROPPED);
_field_name.append(field.FieldName());
if (!_builder->AddField(_field_name, field.RawValue(), nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(_field_name, field.RawValue(), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
}
@ -715,7 +716,7 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
}
}
if (!_builder->AddField(SV_CONTAINERID, containerid, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_CONTAINERID, containerid, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
@ -761,6 +762,7 @@ void RawEventProcessor::process_user_cmd_record(const Event& event, const EventR
static auto S_PID = "pid"s;
static auto S_PPID = "ppid"s;
static auto SV_EMPTY = ""sv;
static auto SV_CMD = "cmd"sv;
static auto SV_REDACTORS = "redactors"sv;
static auto SV_AUOMSVERSION_NAME = "auoms_version"sv;
@ -775,11 +777,11 @@ void RawEventProcessor::process_user_cmd_record(const Event& event, const EventR
num_fields += 1; // for auoms_version
if (!_builder->BeginRecord(rec.RecordType(), rec.RecordTypeName(), nullptr, num_fields)) {
if (!_builder->BeginRecord(rec.RecordType(), rec.RecordTypeName(), SV_EMPTY, num_fields)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
@ -800,11 +802,11 @@ void RawEventProcessor::process_user_cmd_record(const Event& event, const EventR
_cmdline_redactor->ApplyRules(_unescaped_val, _tmp_val);
if (!_builder->AddField(SV_CMD, _unescaped_val, nullptr, field_type_t::UNESCAPED)) {
if (!_builder->AddField(SV_CMD, _unescaped_val, SV_EMPTY, field_type_t::UNESCAPED)) {
throw std::runtime_error("Queue closed");
}
if (!_builder->AddField(SV_REDACTORS, _tmp_val, nullptr, field_type_t::UNCLASSIFIED)) {
if (!_builder->AddField(SV_REDACTORS, _tmp_val, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
throw std::runtime_error("Queue closed");
}
@ -852,7 +854,7 @@ bool RawEventProcessor::process_field(const EventRecord& record, const EventReco
switch (field_type) {
case field_type_t::UID: {
int uid = static_cast<int>(strtoul(val_ptr, NULL, 10));
int uid = static_cast<int>(strtoul(val_ptr, nullptr, 10));
if (uid < 0) {
_tmp_val = S_UNSET;
} else {
@ -864,7 +866,7 @@ bool RawEventProcessor::process_field(const EventRecord& record, const EventReco
break;
}
case field_type_t::GID: {
int gid = static_cast<int>(strtoul(val_ptr, NULL, 10));
int gid = static_cast<int>(strtoul(val_ptr, nullptr, 10));
if (gid < 0) {
_tmp_val = S_UNSET;
} else {
@ -905,7 +907,7 @@ bool RawEventProcessor::add_int_field(const std::string_view& name, int val, fie
}
bool RawEventProcessor::add_str_field(const std::string_view& name, const std::string_view& val, field_type_t ft) {
if (!_builder->AddField(name, val, nullptr, ft)) {
if (!_builder->AddField(name, val, std::string_view(), ft)) {
throw std::runtime_error("Queue closed");
}
return true;

Просмотреть файл

@ -214,6 +214,7 @@ bool RawEventRecord::Parse(RecordType record_type, size_t size) {
bool RawEventRecord::AddRecord(EventBuilder& builder) {
static auto SV_NODE = "node"sv;
static auto SV_UNPARSED_TEXT = "unparsed_text"sv;
static auto SV_EMPTY = ""sv;
uint16_t num_fields = static_cast<uint16_t>(_record_fields.size());
if (!_node.empty()) {
@ -225,7 +226,7 @@ bool RawEventRecord::AddRecord(EventBuilder& builder) {
}
if (!_node.empty()) {
if (!builder.AddField(SV_NODE, _node, nullptr, field_type_t::UNCLASSIFIED)) {
if (!builder.AddField(SV_NODE, _node, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
return false;
}
}
@ -233,7 +234,7 @@ bool RawEventRecord::AddRecord(EventBuilder& builder) {
// If record is marked as unparsable, then the text (after the 'audit():' section is included as the only value in
// _record_fields
if (_unparsable) {
if (!builder.AddField(SV_UNPARSED_TEXT, _record_fields[0].second, nullptr, field_type_t::UNESCAPED)) {
if (!builder.AddField(SV_UNPARSED_TEXT, _record_fields[0].second, SV_EMPTY, field_type_t::UNESCAPED)) {
return false;
}
return builder.EndRecord();
@ -243,10 +244,10 @@ bool RawEventRecord::AddRecord(EventBuilder& builder) {
for (auto& f: _record_fields) {
int ret;
if (!f.first.empty()) {
ret = builder.AddField(f.first, f.second, nullptr, field_type_t::UNCLASSIFIED);
ret = builder.AddField(f.first, f.second, SV_EMPTY, field_type_t::UNCLASSIFIED);
} else {
std::string key = "unknown" + std::to_string(unknown_key);
ret = builder.AddField(key, f.second, nullptr, field_type_t::UNCLASSIFIED);
ret = builder.AddField(key, f.second, SV_EMPTY, field_type_t::UNCLASSIFIED);
unknown_key += 1;
}
if (!ret) {

Просмотреть файл

@ -7,5 +7,5 @@
AUOMS_BUILDVERSION_MAJOR=2
AUOMS_BUILDVERSION_MINOR=6
AUOMS_BUILDVERSION_PATCH=0
AUOMS_BUILDVERSION_PATCH=1
AUOMS_BUILDVERSION_BUILDNR=0