Skip to content

Commit

Permalink
address pr comment
Browse files Browse the repository at this point in the history
  • Loading branch information
@efd6
efd6 committed Aug 30, 2023
1 parent a38354f commit 7d1865a
Show file tree
Hide file tree
Showing 2 changed files with 152 additions and 150 deletions.
82 changes: 41 additions & 41 deletions filebeat/input/journald/pkg/journalfield/conv.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,47 +213,47 @@ func expandCapabilities(fields mapstr.M) {

// include/uapi/linux/capability.h
var capTable = [...]string{
0: "cap_chown",
1: "cap_dac_override",
2: "cap_dac_read_search",
3: "cap_fowner",
4: "cap_fsetid",
5: "cap_kill",
6: "cap_setgid",
7: "cap_setuid",
8: "cap_setpcap",
9: "cap_linux_immutable",
10: "cap_net_bind_service",
11: "cap_net_broadcast",
12: "cap_net_admin",
13: "cap_net_raw",
14: "cap_ipc_lock",
15: "cap_ipc_owner",
16: "cap_sys_module",
17: "cap_sys_rawio",
18: "cap_sys_chroot",
19: "cap_sys_ptrace",
20: "cap_sys_pacct",
21: "cap_sys_admin",
22: "cap_sys_boot",
23: "cap_sys_nice",
24: "cap_sys_resource",
25: "cap_sys_time",
26: "cap_sys_tty_config",
27: "cap_mknod",
28: "cap_lease",
29: "cap_audit_write",
30: "cap_audit_control",
31: "cap_setfcap",
32: "cap_mac_override",
33: "cap_mac_admin",
34: "cap_syslog",
35: "cap_wake_alarm",
36: "cap_block_suspend",
37: "cap_audit_read",
38: "cap_perfmon",
39: "cap_bpf",
40: "cap_checkpoint_restore",
0: "CAP_CHOWN",
1: "CAP_DAC_OVERRIDE",
2: "CAP_DAC_READ_SEARCH",
3: "CAP_FOWNER",
4: "CAP_FSETID",
5: "CAP_KILL",
6: "CAP_SETGID",
7: "CAP_SETUID",
8: "CAP_SETPCAP",
9: "CAP_LINUX_IMMUTABLE",
10: "CAP_NET_BIND_SERVICE",
11: "CAP_NET_BROADCAST",
12: "CAP_NET_ADMIN",
13: "CAP_NET_RAW",
14: "CAP_IPC_LOCK",
15: "CAP_IPC_OWNER",
16: "CAP_SYS_MODULE",
17: "CAP_SYS_RAWIO",
18: "CAP_SYS_CHROOT",
19: "CAP_SYS_PTRACE",
20: "CAP_SYS_PACCT",
21: "CAP_SYS_ADMIN",
22: "CAP_SYS_BOOT",
23: "CAP_SYS_NICE",
24: "CAP_SYS_RESOURCE",
25: "CAP_SYS_TIME",
26: "CAP_SYS_TTY_CONFIG",
27: "CAP_MKNOD",
28: "CAP_LEASE",
29: "CAP_AUDIT_WRITE",
30: "CAP_AUDIT_CONTROL",
31: "CAP_SETFCAP",
32: "CAP_MAC_OVERRIDE",
33: "CAP_MAC_ADMIN",
34: "CAP_SYSLOG",
35: "CAP_WAKE_ALARM",
36: "CAP_BLOCK_SUSPEND",
37: "CAP_AUDIT_READ",
38: "CAP_PERFMON",
39: "CAP_BPF",
40: "CAP_CHECKPOINT_RESTORE",
}

func getStringFromFields(key string, fields mapstr.M) string {
Expand Down
220 changes: 111 additions & 109 deletions filebeat/input/journald/pkg/journalfield/conv_expand_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@ var expandCapabilitiesTests = []struct {
src mapstr.M
want mapstr.M
}{
// All test cases were constructed based on behaviour of capsh --decode <journald.process.capabilities>.
// All test cases were constructed based on behaviour of capsh --decode <journald.process.capabilities>,
// with the exception that the CONSTANT names are used instead of the canonical lowercase names in order
// to conform with ECS directions.
{
name: "none",
src: mapstr.M{
Expand Down Expand Up @@ -67,7 +69,7 @@ var expandCapabilitiesTests = []struct {
"thread": mapstr.M{
"capabilities": mapstr.M{
"effective": []string{
"cap_chown",
"CAP_CHOWN",
},
},
},
Expand All @@ -93,7 +95,7 @@ var expandCapabilitiesTests = []struct {
"thread": mapstr.M{
"capabilities": mapstr.M{
"effective": []string{
"cap_chown",
"CAP_CHOWN",
},
},
},
Expand All @@ -119,47 +121,47 @@ var expandCapabilitiesTests = []struct {
"thread": mapstr.M{
"capabilities": mapstr.M{
"effective": []string{
"cap_chown",
"cap_dac_override",
"cap_dac_read_search",
"cap_fowner",
"cap_fsetid",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_setpcap",
"cap_linux_immutable",
"cap_net_bind_service",
"cap_net_broadcast",
"cap_net_admin",
"cap_net_raw",
"cap_ipc_lock",
"cap_ipc_owner",
"cap_sys_module",
"cap_sys_rawio",
"cap_sys_chroot",
"cap_sys_ptrace",
"cap_sys_pacct",
"cap_sys_admin",
"cap_sys_boot",
"cap_sys_nice",
"cap_sys_resource",
"cap_sys_time",
"cap_sys_tty_config",
"cap_mknod",
"cap_lease",
"cap_audit_write",
"cap_audit_control",
"cap_setfcap",
"cap_mac_override",
"cap_mac_admin",
"cap_syslog",
"cap_wake_alarm",
"cap_block_suspend",
"cap_audit_read",
"cap_perfmon",
"cap_bpf",
"cap_checkpoint_restore",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND",
"CAP_AUDIT_READ",
"CAP_PERFMON",
"CAP_BPF",
"CAP_CHECKPOINT_RESTORE",
},
},
},
Expand All @@ -185,47 +187,47 @@ var expandCapabilitiesTests = []struct {
"thread": mapstr.M{
"capabilities": mapstr.M{
"effective": []string{
"cap_chown",
"cap_dac_override",
"cap_dac_read_search",
"cap_fowner",
"cap_fsetid",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_setpcap",
"cap_linux_immutable",
"cap_net_bind_service",
"cap_net_broadcast",
"cap_net_admin",
"cap_net_raw",
"cap_ipc_lock",
"cap_ipc_owner",
"cap_sys_module",
"cap_sys_rawio",
"cap_sys_chroot",
"cap_sys_ptrace",
"cap_sys_pacct",
"cap_sys_admin",
"cap_sys_boot",
"cap_sys_nice",
"cap_sys_resource",
"cap_sys_time",
"cap_sys_tty_config",
"cap_mknod",
"cap_lease",
"cap_audit_write",
"cap_audit_control",
"cap_setfcap",
"cap_mac_override",
"cap_mac_admin",
"cap_syslog",
"cap_wake_alarm",
"cap_block_suspend",
"cap_audit_read",
"cap_perfmon",
"cap_bpf",
"cap_checkpoint_restore",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND",
"CAP_AUDIT_READ",
"CAP_PERFMON",
"CAP_BPF",
"CAP_CHECKPOINT_RESTORE",
"41",
"42",
},
Expand Down Expand Up @@ -253,30 +255,30 @@ var expandCapabilitiesTests = []struct {
"thread": mapstr.M{
"capabilities": mapstr.M{
"effective": []string{
"cap_chown",
"cap_dac_override",
"cap_dac_read_search",
"cap_fowner",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_linux_immutable",
"cap_net_bind_service",
"cap_net_broadcast",
"cap_net_admin",
"cap_net_raw",
"cap_ipc_owner",
"cap_sys_module",
"cap_sys_chroot",
"cap_sys_ptrace",
"cap_sys_admin",
"cap_sys_nice",
"cap_sys_time",
"cap_sys_tty_config",
"cap_mknod",
"cap_lease",
"cap_audit_control",
"cap_setfcap",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_ADMIN",
"CAP_SYS_NICE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
},
},
},
Expand Down

0 comments on commit 7d1865a

Please sign in to comment.