Cleanup compile warnings (#97)
This commit is contained in:
Родитель
a6b35d06e5
Коммит
efe4fab8fb
|
@ -17,7 +17,7 @@
|
|||
cmake_minimum_required(VERSION 2.8.12)
|
||||
project(auoms)
|
||||
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17 -Werror=return-type")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
|
||||
set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -ggdb")
|
||||
set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO} -ggdb -Wl,-z,relro -Wl,-z,now -fstack-protector-strong -D_FORTIFY_SOURCE=2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb")
|
||||
|
@ -100,10 +100,7 @@ add_executable(auomscollect
|
|||
SchedPriority.cpp
|
||||
)
|
||||
|
||||
# See https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html
|
||||
# and https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html
|
||||
# for why it is safe to use -static-libgcc -static-libstdc++
|
||||
#set_target_properties(auomscollect PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
target_compile_options(auomscollect PRIVATE "-Werror")
|
||||
|
||||
target_link_libraries(auomscollect
|
||||
dl
|
||||
|
@ -188,11 +185,7 @@ add_executable(auoms
|
|||
CmdlineRedactor.cpp
|
||||
)
|
||||
|
||||
# See https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html
|
||||
# and https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html
|
||||
# for why it is safe to use -static-libgcc -static-libstdc++
|
||||
#set_target_properties(auoms PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -Wl,--wrap=memcpy -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
#set_target_properties(auoms PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
target_compile_options(auoms PRIVATE "-Werror")
|
||||
|
||||
target_link_libraries(auoms
|
||||
libre2.a
|
||||
|
@ -247,11 +240,7 @@ add_executable(auomsctl
|
|||
CmdlineRedactor.cpp
|
||||
)
|
||||
|
||||
# See https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html
|
||||
# and https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html
|
||||
# for why it is safe to use -static-libgcc -static-libstdc++
|
||||
#set_target_properties(auoms PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -Wl,--wrap=memcpy -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
#set_target_properties(auomsctl PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
target_compile_options(auomsctl PRIVATE "-Werror")
|
||||
|
||||
target_link_libraries(auomsctl
|
||||
libre2.a
|
||||
|
@ -280,8 +269,6 @@ add_executable(testreceiver
|
|||
UnixDomainListener.cpp
|
||||
)
|
||||
|
||||
#set_target_properties(testreceiver PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
|
||||
install(TARGETS
|
||||
testreceiver
|
||||
RUNTIME DESTINATION ${CMAKE_BINARY_DIR}/release/bin
|
||||
|
@ -291,8 +278,6 @@ add_executable(fakeaudispd
|
|||
fakeaudispd.cpp
|
||||
)
|
||||
|
||||
#set_target_properties(fakeaudispd PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
|
||||
install(TARGETS
|
||||
fakeaudispd
|
||||
RUNTIME DESTINATION ${CMAKE_BINARY_DIR}/release/bin
|
||||
|
@ -306,8 +291,6 @@ add_executable(file2sock
|
|||
Event.cpp
|
||||
)
|
||||
|
||||
#set_target_properties(file2sock PROPERTIES LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -static-libgcc -static-libstdc++ -Wl,--no-as-needed -lrt -Wl,--as-needed")
|
||||
|
||||
install(TARGETS
|
||||
file2sock
|
||||
RUNTIME DESTINATION ${CMAKE_BINARY_DIR}/release/bin
|
||||
|
|
|
@ -200,6 +200,8 @@ bool CollectionMonitor::is_collector_alive() {
|
|||
}
|
||||
|
||||
void CollectionMonitor::send_audit_pid_report(int pid) {
|
||||
static std::string_view SV_EMPTY;
|
||||
|
||||
auto pinfo = ProcessInfo::OpenPid(pid, 0);
|
||||
std::string exe;
|
||||
int ppid = -1;
|
||||
|
@ -220,13 +222,13 @@ void CollectionMonitor::send_audit_pid_report(int pid) {
|
|||
if (!_builder.BeginRecord(static_cast<uint32_t>(RecordType::AUOMS_COLLECTOR_REPORT), RecordTypeToName(RecordType::AUOMS_COLLECTOR_REPORT), "", 3)) {
|
||||
return;
|
||||
}
|
||||
if (!_builder.AddField("pid", std::to_string(pid), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder.AddField("pid", std::to_string(pid), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return;
|
||||
}
|
||||
if(!_builder.AddField("ppid", std::to_string(ppid), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if(!_builder.AddField("ppid", std::to_string(ppid), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return;
|
||||
}
|
||||
if(!_builder.AddField("exe", exe, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if(!_builder.AddField("exe", exe, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return;
|
||||
}
|
||||
if(!_builder.EndRecord()) {
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
void write_error(int reason, int err, int fd) {
|
||||
uint32_t code = (static_cast<uint32_t>(reason) << 16) | static_cast<uint32_t>(err);
|
||||
write(fd, &code, sizeof(code));
|
||||
auto ignored = write(fd, &code, sizeof(code));
|
||||
}
|
||||
|
||||
void Cmd::cleanup() {
|
||||
|
|
|
@ -71,7 +71,7 @@ int LockFile::Lock() {
|
|||
} else {
|
||||
ret = PREVIOUSLY_ABANDONED;
|
||||
}
|
||||
ftruncate(fd, 0);
|
||||
auto ignored = ftruncate(fd, 0);
|
||||
}
|
||||
|
||||
std::string pid = std::to_string(getpid());
|
||||
|
@ -93,6 +93,6 @@ int LockFile::Lock() {
|
|||
}
|
||||
|
||||
void LockFile::Unlock() {
|
||||
ftruncate(_fd, 0);
|
||||
auto ignored = ftruncate(_fd, 0);
|
||||
close(_fd);
|
||||
}
|
||||
|
|
|
@ -92,7 +92,7 @@ void Logger::_log_write(int level, const char* fmt, va_list ap)
|
|||
if (_enable_syslog) {
|
||||
syslog(level, "%s", buffer);
|
||||
} else {
|
||||
(void)write(2, buffer, nr);
|
||||
auto ignored = write(2, buffer, nr);
|
||||
}
|
||||
if (_log_fn) {
|
||||
_log_fn(buffer, nr);
|
||||
|
|
46
Metrics.cpp
46
Metrics.cpp
|
@ -82,6 +82,8 @@ std::string system_time_to_iso3339(const std::chrono::system_clock::time_point s
|
|||
}
|
||||
|
||||
bool Metrics::send_metrics() {
|
||||
static std::string_view SV_EMPTY;
|
||||
|
||||
MetricAggregateSnapshot snap;
|
||||
|
||||
auto rec_type = RecordType::AUOMS_METRIC;
|
||||
|
@ -103,38 +105,38 @@ bool Metrics::send_metrics() {
|
|||
if (!_builder->BeginRecord(static_cast<uint32_t>(rec_type), rec_type_name, "", num_fields)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("version", AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("version", AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("StartTime", system_time_to_iso3339(snap.start_time), nullptr,
|
||||
if (!_builder->AddField("StartTime", system_time_to_iso3339(snap.start_time), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("EndTime", system_time_to_iso3339(snap.end_time), nullptr,
|
||||
if (!_builder->AddField("EndTime", system_time_to_iso3339(snap.end_time), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Namespace", snap.namespace_name, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Namespace", snap.namespace_name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Name", snap.name, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Name", snap.name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("SamplePeriod", std::to_string(snap.sample_period), nullptr,
|
||||
if (!_builder->AddField("SamplePeriod", std::to_string(snap.sample_period), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("NumSamples", std::to_string(snap.num_samples), nullptr,
|
||||
if (!_builder->AddField("NumSamples", std::to_string(snap.num_samples), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Min", std::to_string(snap.min), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Min", std::to_string(snap.min), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Max", std::to_string(snap.max), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Max", std::to_string(snap.max), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Avg", std::to_string(snap.avg), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Avg", std::to_string(snap.avg), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->EndRecord()) {
|
||||
|
@ -150,6 +152,8 @@ bool Metrics::send_metrics() {
|
|||
}
|
||||
|
||||
bool Metrics::send_log_metrics(bool flush_all) {
|
||||
static std::string_view SV_EMPTY;
|
||||
|
||||
auto rec_type = RecordType::AUOMS_METRIC;
|
||||
auto rec_type_name = RecordTypeToName(RecordType::AUOMS_METRIC);
|
||||
|
||||
|
@ -174,46 +178,46 @@ bool Metrics::send_log_metrics(bool flush_all) {
|
|||
if (!_builder->BeginRecord(static_cast<uint32_t>(rec_type), rec_type_name, "", num_fields)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("version", AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("version", AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("StartTime", system_time_to_iso3339(lm->_start_time), nullptr,
|
||||
if (!_builder->AddField("StartTime", system_time_to_iso3339(lm->_start_time), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("EndTime", system_time_to_iso3339(lm->_end_time), nullptr,
|
||||
if (!_builder->AddField("EndTime", system_time_to_iso3339(lm->_end_time), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Namespace", _proc_name, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Namespace", _proc_name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Name", "log", nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("SamplePeriod", std::to_string(static_cast<uint64_t>(MetricPeriod::MINUTE)), nullptr,
|
||||
if (!_builder->AddField("SamplePeriod", std::to_string(static_cast<uint64_t>(MetricPeriod::MINUTE)), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("NumSamples", std::to_string(1), nullptr,
|
||||
if (!_builder->AddField("NumSamples", std::to_string(1), SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Min", std::to_string(static_cast<double>(lm->_count)), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Min", std::to_string(static_cast<double>(lm->_count)), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Max", std::to_string(static_cast<double>(lm->_count)), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Max", std::to_string(static_cast<double>(lm->_count)), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Avg", std::to_string(static_cast<double>(lm->_count)), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField("Avg", std::to_string(static_cast<double>(lm->_count)), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (!_builder->AddField("Message", lm->_fmt, nullptr,
|
||||
if (!_builder->AddField("Message", lm->_fmt, SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
if (include_fist_msg) {
|
||||
if (!_builder->AddField("Data", lm->_first_msg, nullptr,
|
||||
if (!_builder->AddField("Data", lm->_first_msg, SV_EMPTY,
|
||||
field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -250,6 +250,8 @@ std::string OperationalStatus::get_json_status() {
|
|||
}
|
||||
|
||||
bool OperationalStatus::send_status() {
|
||||
static std::string_view SV_EMPTY;
|
||||
|
||||
struct timeval tv;
|
||||
gettimeofday(&tv, nullptr);
|
||||
|
||||
|
@ -274,20 +276,20 @@ bool OperationalStatus::send_status() {
|
|||
return false;
|
||||
}
|
||||
|
||||
if (!_builder.AddField("desired_audit_rules", _desired_audit_rules, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder.AddField("desired_audit_rules", _desired_audit_rules, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!_builder.AddField("loaded_audit_rules", _loaded_audit_rules, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder.AddField("loaded_audit_rules", _loaded_audit_rules, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!_builder.AddField("redaction_rules", _redaction_rules, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder.AddField("redaction_rules", _redaction_rules, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!errors.empty()) {
|
||||
if (!_builder.AddField("errors", errors, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder.AddField("errors", errors, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -66,6 +66,7 @@ void RawEventProcessor::process_event(const Event& event) {
|
|||
|
||||
using namespace std::string_view_literals;
|
||||
|
||||
static auto SV_EMPTY = ""sv;
|
||||
static auto SV_PID = "pid"sv;
|
||||
static auto SV_PPID = "ppid"sv;
|
||||
static auto SV_CONTAINERID = "containerid"sv;
|
||||
|
@ -95,7 +96,7 @@ void RawEventProcessor::process_event(const Event& event) {
|
|||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
|
@ -122,7 +123,7 @@ void RawEventProcessor::process_event(const Event& event) {
|
|||
}
|
||||
}
|
||||
if (pid_field) {
|
||||
if (!_builder->AddField(SV_CONTAINERID, containerId, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_CONTAINERID, containerId, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
}
|
||||
|
@ -418,7 +419,7 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
|
|||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
|
@ -590,23 +591,23 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
|
|||
_path_ouid.append(SV_JSON_ARRAY_END);
|
||||
_path_ogid.append(SV_JSON_ARRAY_END);
|
||||
|
||||
if (!_builder->AddField(SV_PATH_NAME, _path_name, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_PATH_NAME, _path_name, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_PATH_NAMETYPE, _path_nametype, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_PATH_NAMETYPE, _path_nametype, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_PATH_MODE, _path_mode, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_PATH_MODE, _path_mode, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_PATH_OUID, _path_ouid, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_PATH_OUID, _path_ouid, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_PATH_OGID, _path_ogid, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_PATH_OGID, _path_ogid, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
}
|
||||
|
@ -626,11 +627,11 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
|
|||
_execve_converter.Convert(execve_recs, _cmdline);
|
||||
_cmdline_redactor->ApplyRules(_cmdline, _tmp_val);
|
||||
|
||||
if (!_builder->AddField(SV_CMDLINE, _cmdline, nullptr, field_type_t::UNESCAPED)) {
|
||||
if (!_builder->AddField(SV_CMDLINE, _cmdline, SV_EMPTY, field_type_t::UNESCAPED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_REDACTORS, _tmp_val, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_REDACTORS, _tmp_val, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
} else {
|
||||
|
@ -656,11 +657,11 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
|
|||
ExecveConverter::ConvertRawCmdline(_unescaped_val, _cmdline);
|
||||
_cmdline_redactor->ApplyRules(_cmdline, _tmp_val);
|
||||
|
||||
if (!_builder->AddField(SV_PROCTITLE, _cmdline, nullptr, field_type_t::PROCTITLE)) {
|
||||
if (!_builder->AddField(SV_PROCTITLE, _cmdline, SV_EMPTY, field_type_t::PROCTITLE)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_REDACTORS, _tmp_val, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_REDACTORS, _tmp_val, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
}
|
||||
|
@ -689,7 +690,7 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
|
|||
for (auto& field: dropped_rec) {
|
||||
_field_name.assign(SV_DROPPED);
|
||||
_field_name.append(field.FieldName());
|
||||
if (!_builder->AddField(_field_name, field.RawValue(), nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(_field_name, field.RawValue(), SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
}
|
||||
|
@ -715,7 +716,7 @@ bool RawEventProcessor::process_syscall_event(const Event& event) {
|
|||
}
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_CONTAINERID, containerid, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_CONTAINERID, containerid, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
|
@ -761,6 +762,7 @@ void RawEventProcessor::process_user_cmd_record(const Event& event, const EventR
|
|||
|
||||
static auto S_PID = "pid"s;
|
||||
static auto S_PPID = "ppid"s;
|
||||
static auto SV_EMPTY = ""sv;
|
||||
static auto SV_CMD = "cmd"sv;
|
||||
static auto SV_REDACTORS = "redactors"sv;
|
||||
static auto SV_AUOMSVERSION_NAME = "auoms_version"sv;
|
||||
|
@ -775,11 +777,11 @@ void RawEventProcessor::process_user_cmd_record(const Event& event, const EventR
|
|||
|
||||
num_fields += 1; // for auoms_version
|
||||
|
||||
if (!_builder->BeginRecord(rec.RecordType(), rec.RecordTypeName(), nullptr, num_fields)) {
|
||||
if (!_builder->BeginRecord(rec.RecordType(), rec.RecordTypeName(), SV_EMPTY, num_fields)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_AUOMSVERSION_NAME, SV_AUOMS_VERSION, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
|
@ -800,11 +802,11 @@ void RawEventProcessor::process_user_cmd_record(const Event& event, const EventR
|
|||
|
||||
_cmdline_redactor->ApplyRules(_unescaped_val, _tmp_val);
|
||||
|
||||
if (!_builder->AddField(SV_CMD, _unescaped_val, nullptr, field_type_t::UNESCAPED)) {
|
||||
if (!_builder->AddField(SV_CMD, _unescaped_val, SV_EMPTY, field_type_t::UNESCAPED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
if (!_builder->AddField(SV_REDACTORS, _tmp_val, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!_builder->AddField(SV_REDACTORS, _tmp_val, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
|
||||
|
@ -852,7 +854,7 @@ bool RawEventProcessor::process_field(const EventRecord& record, const EventReco
|
|||
|
||||
switch (field_type) {
|
||||
case field_type_t::UID: {
|
||||
int uid = static_cast<int>(strtoul(val_ptr, NULL, 10));
|
||||
int uid = static_cast<int>(strtoul(val_ptr, nullptr, 10));
|
||||
if (uid < 0) {
|
||||
_tmp_val = S_UNSET;
|
||||
} else {
|
||||
|
@ -864,7 +866,7 @@ bool RawEventProcessor::process_field(const EventRecord& record, const EventReco
|
|||
break;
|
||||
}
|
||||
case field_type_t::GID: {
|
||||
int gid = static_cast<int>(strtoul(val_ptr, NULL, 10));
|
||||
int gid = static_cast<int>(strtoul(val_ptr, nullptr, 10));
|
||||
if (gid < 0) {
|
||||
_tmp_val = S_UNSET;
|
||||
} else {
|
||||
|
@ -905,7 +907,7 @@ bool RawEventProcessor::add_int_field(const std::string_view& name, int val, fie
|
|||
}
|
||||
|
||||
bool RawEventProcessor::add_str_field(const std::string_view& name, const std::string_view& val, field_type_t ft) {
|
||||
if (!_builder->AddField(name, val, nullptr, ft)) {
|
||||
if (!_builder->AddField(name, val, std::string_view(), ft)) {
|
||||
throw std::runtime_error("Queue closed");
|
||||
}
|
||||
return true;
|
||||
|
|
|
@ -214,6 +214,7 @@ bool RawEventRecord::Parse(RecordType record_type, size_t size) {
|
|||
bool RawEventRecord::AddRecord(EventBuilder& builder) {
|
||||
static auto SV_NODE = "node"sv;
|
||||
static auto SV_UNPARSED_TEXT = "unparsed_text"sv;
|
||||
static auto SV_EMPTY = ""sv;
|
||||
|
||||
uint16_t num_fields = static_cast<uint16_t>(_record_fields.size());
|
||||
if (!_node.empty()) {
|
||||
|
@ -225,7 +226,7 @@ bool RawEventRecord::AddRecord(EventBuilder& builder) {
|
|||
}
|
||||
|
||||
if (!_node.empty()) {
|
||||
if (!builder.AddField(SV_NODE, _node, nullptr, field_type_t::UNCLASSIFIED)) {
|
||||
if (!builder.AddField(SV_NODE, _node, SV_EMPTY, field_type_t::UNCLASSIFIED)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -233,7 +234,7 @@ bool RawEventRecord::AddRecord(EventBuilder& builder) {
|
|||
// If record is marked as unparsable, then the text (after the 'audit():' section is included as the only value in
|
||||
// _record_fields
|
||||
if (_unparsable) {
|
||||
if (!builder.AddField(SV_UNPARSED_TEXT, _record_fields[0].second, nullptr, field_type_t::UNESCAPED)) {
|
||||
if (!builder.AddField(SV_UNPARSED_TEXT, _record_fields[0].second, SV_EMPTY, field_type_t::UNESCAPED)) {
|
||||
return false;
|
||||
}
|
||||
return builder.EndRecord();
|
||||
|
@ -243,10 +244,10 @@ bool RawEventRecord::AddRecord(EventBuilder& builder) {
|
|||
for (auto& f: _record_fields) {
|
||||
int ret;
|
||||
if (!f.first.empty()) {
|
||||
ret = builder.AddField(f.first, f.second, nullptr, field_type_t::UNCLASSIFIED);
|
||||
ret = builder.AddField(f.first, f.second, SV_EMPTY, field_type_t::UNCLASSIFIED);
|
||||
} else {
|
||||
std::string key = "unknown" + std::to_string(unknown_key);
|
||||
ret = builder.AddField(key, f.second, nullptr, field_type_t::UNCLASSIFIED);
|
||||
ret = builder.AddField(key, f.second, SV_EMPTY, field_type_t::UNCLASSIFIED);
|
||||
unknown_key += 1;
|
||||
}
|
||||
if (!ret) {
|
||||
|
|
|
@ -7,5 +7,5 @@
|
|||
|
||||
AUOMS_BUILDVERSION_MAJOR=2
|
||||
AUOMS_BUILDVERSION_MINOR=6
|
||||
AUOMS_BUILDVERSION_PATCH=0
|
||||
AUOMS_BUILDVERSION_PATCH=1
|
||||
AUOMS_BUILDVERSION_BUILDNR=0
|
||||
|
|
Загрузка…
Ссылка в новой задаче