From 7871099fe217499dce4ff9703271df51bf4ae9c0 Mon Sep 17 00:00:00 2001
From: Dan Kortschak <dan.kortschak@elastic.co>
Date: Wed, 16 Aug 2023 16:20:18 +0930
Subject: [PATCH] add missing fbDecodeMetadata accesses

---
 .../module/file_integrity/flatbuffers.go      | 26 ++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/auditbeat/module/file_integrity/flatbuffers.go b/auditbeat/module/file_integrity/flatbuffers.go
index 21ef24150c93..f2037e2b48d8 100644
--- a/auditbeat/module/file_integrity/flatbuffers.go
+++ b/auditbeat/module/file_integrity/flatbuffers.go
@@ -129,10 +129,10 @@ func fbWriteMetadata(b *flatbuffers.Builder, m *Metadata) flatbuffers.UOffsetT {
 	if m.SID != "" {
 		sidOffset = b.CreateString(m.SID)
 	}
-	if m.SELinux != "" {
+	if len(m.SELinux) != 0 {
 		selinuxOffset = b.CreateString(m.SELinux)
 	}
-	if m.POSIXACLAccess != "" {
+	if len(m.POSIXACLAccess) != 0 {
 		aclAccessOffset = b.CreateString(m.POSIXACLAccess)
 	}
 	schema.MetadataStart(b)
@@ -257,16 +257,18 @@ func fbDecodeMetadata(e *schema.Event) *Metadata {
 	}
 	mode := os.FileMode(info.Mode())
 	rtn := &Metadata{
-		Inode:  info.Inode(),
-		UID:    info.Uid(),
-		GID:    info.Gid(),
-		SID:    string(info.Sid()),
-		Mode:   mode & ^(os.ModeSetuid | os.ModeSetgid),
-		Size:   info.Size(),
-		MTime:  time.Unix(0, info.MtimeNs()).UTC(),
-		CTime:  time.Unix(0, info.CtimeNs()).UTC(),
-		SetUID: mode&os.ModeSetuid != 0,
-		SetGID: mode&os.ModeSetgid != 0,
+		Inode:          info.Inode(),
+		UID:            info.Uid(),
+		GID:            info.Gid(),
+		SID:            string(info.Sid()),
+		Mode:           mode & ^(os.ModeSetuid | os.ModeSetgid),
+		Size:           info.Size(),
+		MTime:          time.Unix(0, info.MtimeNs()).UTC(),
+		CTime:          time.Unix(0, info.CtimeNs()).UTC(),
+		SetUID:         mode&os.ModeSetuid != 0,
+		SetGID:         mode&os.ModeSetgid != 0,
+		SELinux:        string(info.Selinux()),
+		POSIXACLAccess: string(info.PosixAclAccess()),
 	}
 
 	switch info.Type() {