github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/model/field_handlers_unix.go (about) 1 // Unless explicitly stated otherwise all files in this repository are licensed 2 // under the Apache License Version 2.0. 3 // This product includes software developed at Datadog (https://www.datadoghq.com/). 4 // Copyright 2022-present Datadog, Inc. 5 // Code generated - DO NOT EDIT. 6 7 //go:build unix 8 9 package model 10 11 import ( 12 "time" 13 ) 14 15 // ResolveFields resolves all the fields associate to the event type. Context fields are automatically resolved. 16 func (ev *Event) ResolveFields() { 17 ev.resolveFields(false) 18 } 19 20 // ResolveFieldsForAD resolves all the fields associate to the event type. Context fields are automatically resolved. 21 func (ev *Event) ResolveFieldsForAD() { 22 ev.resolveFields(true) 23 } 24 func (ev *Event) resolveFields(forADs bool) { 25 // resolve context fields that are not related to any event type 26 _ = ev.FieldHandlers.ResolveContainerCreatedAt(ev, ev.BaseEvent.ContainerContext) 27 _ = ev.FieldHandlers.ResolveContainerID(ev, ev.BaseEvent.ContainerContext) 28 if !forADs { 29 _ = ev.FieldHandlers.ResolveContainerTags(ev, ev.BaseEvent.ContainerContext) 30 } 31 _ = ev.FieldHandlers.ResolveAsync(ev) 32 _ = ev.FieldHandlers.ResolveService(ev, &ev.BaseEvent) 33 _ = ev.FieldHandlers.ResolveEventTimestamp(ev, &ev.BaseEvent) 34 _ = ev.FieldHandlers.ResolveProcessArgs(ev, &ev.BaseEvent.ProcessContext.Process) 35 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, &ev.BaseEvent.ProcessContext.Process) 36 _ = ev.FieldHandlers.ResolveProcessArgv(ev, &ev.BaseEvent.ProcessContext.Process) 37 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, &ev.BaseEvent.ProcessContext.Process) 38 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, &ev.BaseEvent.ProcessContext.Process) 39 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, &ev.BaseEvent.ProcessContext.Process) 40 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, &ev.BaseEvent.ProcessContext.Process) 41 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, &ev.BaseEvent.ProcessContext.Process) 42 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 43 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 44 } 45 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 46 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent.FileFields) 47 } 48 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 49 if !forADs { 50 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 51 } 52 } 53 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 54 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent.FileFields) 55 } 56 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 57 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 58 } 59 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 60 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 61 } 62 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 63 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 64 } 65 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 66 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 67 } 68 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 69 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 70 } 71 if ev.BaseEvent.ProcessContext.Process.IsNotKworker() { 72 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent.FileFields) 73 } 74 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 75 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 76 } 77 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 78 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent.FileFields) 79 } 80 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 81 if !forADs { 82 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 83 } 84 } 85 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 86 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent.FileFields) 87 } 88 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 89 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 90 } 91 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 92 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 93 } 94 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 95 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 96 } 97 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 98 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 99 } 100 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 101 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent) 102 } 103 if ev.BaseEvent.ProcessContext.Process.HasInterpreter() { 104 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.BaseEvent.ProcessContext.Process.LinuxBinprm.FileEvent.FileFields) 105 } 106 if ev.BaseEvent.ProcessContext.HasParent() { 107 _ = ev.FieldHandlers.ResolveProcessArgs(ev, ev.BaseEvent.ProcessContext.Parent) 108 } 109 if ev.BaseEvent.ProcessContext.HasParent() { 110 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, ev.BaseEvent.ProcessContext.Parent) 111 } 112 if ev.BaseEvent.ProcessContext.HasParent() { 113 _ = ev.FieldHandlers.ResolveProcessArgv(ev, ev.BaseEvent.ProcessContext.Parent) 114 } 115 if ev.BaseEvent.ProcessContext.HasParent() { 116 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, ev.BaseEvent.ProcessContext.Parent) 117 } 118 if ev.BaseEvent.ProcessContext.HasParent() { 119 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.BaseEvent.ProcessContext.Parent) 120 } 121 if ev.BaseEvent.ProcessContext.HasParent() { 122 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.BaseEvent.ProcessContext.Parent) 123 } 124 if ev.BaseEvent.ProcessContext.HasParent() { 125 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.BaseEvent.ProcessContext.Parent) 126 } 127 if ev.BaseEvent.ProcessContext.HasParent() { 128 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, ev.BaseEvent.ProcessContext.Parent) 129 } 130 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 131 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 132 } 133 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 134 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent.FileFields) 135 } 136 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 137 if !forADs { 138 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 139 } 140 } 141 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 142 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent.FileFields) 143 } 144 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 145 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 146 } 147 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 148 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 149 } 150 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 151 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 152 } 153 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 154 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 155 } 156 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 157 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 158 } 159 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.IsNotKworker() { 160 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent.FileFields) 161 } 162 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 163 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 164 } 165 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 166 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent.FileFields) 167 } 168 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 169 if !forADs { 170 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 171 } 172 } 173 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 174 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent.FileFields) 175 } 176 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 177 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 178 } 179 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 180 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 181 } 182 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 183 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 184 } 185 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 186 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 187 } 188 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 189 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent) 190 } 191 if ev.BaseEvent.ProcessContext.HasParent() && ev.BaseEvent.ProcessContext.Parent.HasInterpreter() { 192 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.BaseEvent.ProcessContext.Parent.LinuxBinprm.FileEvent.FileFields) 193 } 194 if ev.BaseEvent.ProcessContext.HasParent() { 195 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.BaseEvent.ProcessContext.Parent.UserSession) 196 } 197 if ev.BaseEvent.ProcessContext.HasParent() { 198 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.BaseEvent.ProcessContext.Parent.UserSession) 199 } 200 if ev.BaseEvent.ProcessContext.HasParent() { 201 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.BaseEvent.ProcessContext.Parent.UserSession) 202 } 203 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.BaseEvent.ProcessContext.Process.UserSession) 204 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.BaseEvent.ProcessContext.Process.UserSession) 205 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.BaseEvent.ProcessContext.Process.UserSession) 206 // resolve event specific fields 207 switch ev.GetEventType().String() { 208 case "bind": 209 case "bpf": 210 case "capset": 211 case "chdir": 212 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Chdir.File.FileFields) 213 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Chdir.File.FileFields) 214 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Chdir.File.FileFields) 215 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Chdir.File) 216 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Chdir.File) 217 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Chdir.File) 218 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Chdir.File) 219 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Chdir.File) 220 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Chdir.File) 221 if !forADs { 222 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Chdir.File) 223 } 224 case "chmod": 225 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Chmod.File.FileFields) 226 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Chmod.File.FileFields) 227 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Chmod.File.FileFields) 228 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Chmod.File) 229 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Chmod.File) 230 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Chmod.File) 231 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Chmod.File) 232 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Chmod.File) 233 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Chmod.File) 234 if !forADs { 235 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Chmod.File) 236 } 237 case "chown": 238 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Chown.File.FileFields) 239 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Chown.File.FileFields) 240 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Chown.File.FileFields) 241 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Chown.File) 242 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Chown.File) 243 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Chown.File) 244 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Chown.File) 245 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Chown.File) 246 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Chown.File) 247 if !forADs { 248 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Chown.File) 249 } 250 _ = ev.FieldHandlers.ResolveChownUID(ev, &ev.Chown) 251 _ = ev.FieldHandlers.ResolveChownGID(ev, &ev.Chown) 252 case "dns": 253 _ = ev.FieldHandlers.ResolveNetworkDeviceIfName(ev, &ev.NetworkContext.Device) 254 case "exec": 255 if ev.Exec.Process.IsNotKworker() { 256 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Exec.Process.FileEvent.FileFields) 257 } 258 if ev.Exec.Process.IsNotKworker() { 259 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Exec.Process.FileEvent.FileFields) 260 } 261 if ev.Exec.Process.IsNotKworker() { 262 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Exec.Process.FileEvent.FileFields) 263 } 264 if ev.Exec.Process.IsNotKworker() { 265 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Exec.Process.FileEvent) 266 } 267 if ev.Exec.Process.IsNotKworker() { 268 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Exec.Process.FileEvent) 269 } 270 if ev.Exec.Process.IsNotKworker() { 271 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Exec.Process.FileEvent) 272 } 273 if ev.Exec.Process.IsNotKworker() { 274 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Exec.Process.FileEvent) 275 } 276 if ev.Exec.Process.IsNotKworker() { 277 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Exec.Process.FileEvent) 278 } 279 if ev.Exec.Process.IsNotKworker() { 280 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Exec.Process.FileEvent) 281 } 282 if ev.Exec.Process.IsNotKworker() { 283 if !forADs { 284 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Exec.Process.FileEvent) 285 } 286 } 287 if ev.Exec.Process.HasInterpreter() { 288 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Exec.Process.LinuxBinprm.FileEvent.FileFields) 289 } 290 if ev.Exec.Process.HasInterpreter() { 291 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Exec.Process.LinuxBinprm.FileEvent.FileFields) 292 } 293 if ev.Exec.Process.HasInterpreter() { 294 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Exec.Process.LinuxBinprm.FileEvent.FileFields) 295 } 296 if ev.Exec.Process.HasInterpreter() { 297 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 298 } 299 if ev.Exec.Process.HasInterpreter() { 300 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 301 } 302 if ev.Exec.Process.HasInterpreter() { 303 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 304 } 305 if ev.Exec.Process.HasInterpreter() { 306 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 307 } 308 if ev.Exec.Process.HasInterpreter() { 309 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 310 } 311 if ev.Exec.Process.HasInterpreter() { 312 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 313 } 314 if ev.Exec.Process.HasInterpreter() { 315 if !forADs { 316 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Exec.Process.LinuxBinprm.FileEvent) 317 } 318 } 319 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.Exec.Process) 320 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.Exec.Process.UserSession) 321 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.Exec.Process.UserSession) 322 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.Exec.Process.UserSession) 323 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, ev.Exec.Process) 324 _ = ev.FieldHandlers.ResolveProcessArgs(ev, ev.Exec.Process) 325 _ = ev.FieldHandlers.ResolveProcessArgv(ev, ev.Exec.Process) 326 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, ev.Exec.Process) 327 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.Exec.Process) 328 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.Exec.Process) 329 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, ev.Exec.Process) 330 case "exit": 331 if ev.Exit.Process.IsNotKworker() { 332 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Exit.Process.FileEvent.FileFields) 333 } 334 if ev.Exit.Process.IsNotKworker() { 335 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Exit.Process.FileEvent.FileFields) 336 } 337 if ev.Exit.Process.IsNotKworker() { 338 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Exit.Process.FileEvent.FileFields) 339 } 340 if ev.Exit.Process.IsNotKworker() { 341 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Exit.Process.FileEvent) 342 } 343 if ev.Exit.Process.IsNotKworker() { 344 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Exit.Process.FileEvent) 345 } 346 if ev.Exit.Process.IsNotKworker() { 347 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Exit.Process.FileEvent) 348 } 349 if ev.Exit.Process.IsNotKworker() { 350 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Exit.Process.FileEvent) 351 } 352 if ev.Exit.Process.IsNotKworker() { 353 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Exit.Process.FileEvent) 354 } 355 if ev.Exit.Process.IsNotKworker() { 356 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Exit.Process.FileEvent) 357 } 358 if ev.Exit.Process.IsNotKworker() { 359 if !forADs { 360 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Exit.Process.FileEvent) 361 } 362 } 363 if ev.Exit.Process.HasInterpreter() { 364 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Exit.Process.LinuxBinprm.FileEvent.FileFields) 365 } 366 if ev.Exit.Process.HasInterpreter() { 367 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Exit.Process.LinuxBinprm.FileEvent.FileFields) 368 } 369 if ev.Exit.Process.HasInterpreter() { 370 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Exit.Process.LinuxBinprm.FileEvent.FileFields) 371 } 372 if ev.Exit.Process.HasInterpreter() { 373 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 374 } 375 if ev.Exit.Process.HasInterpreter() { 376 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 377 } 378 if ev.Exit.Process.HasInterpreter() { 379 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 380 } 381 if ev.Exit.Process.HasInterpreter() { 382 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 383 } 384 if ev.Exit.Process.HasInterpreter() { 385 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 386 } 387 if ev.Exit.Process.HasInterpreter() { 388 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 389 } 390 if ev.Exit.Process.HasInterpreter() { 391 if !forADs { 392 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Exit.Process.LinuxBinprm.FileEvent) 393 } 394 } 395 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.Exit.Process) 396 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.Exit.Process.UserSession) 397 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.Exit.Process.UserSession) 398 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.Exit.Process.UserSession) 399 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, ev.Exit.Process) 400 _ = ev.FieldHandlers.ResolveProcessArgs(ev, ev.Exit.Process) 401 _ = ev.FieldHandlers.ResolveProcessArgv(ev, ev.Exit.Process) 402 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, ev.Exit.Process) 403 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.Exit.Process) 404 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.Exit.Process) 405 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, ev.Exit.Process) 406 case "link": 407 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Link.Source.FileFields) 408 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Link.Source.FileFields) 409 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Link.Source.FileFields) 410 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Link.Source) 411 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Link.Source) 412 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Link.Source) 413 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Link.Source) 414 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Link.Source) 415 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Link.Source) 416 if !forADs { 417 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Link.Source) 418 } 419 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Link.Target.FileFields) 420 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Link.Target.FileFields) 421 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Link.Target.FileFields) 422 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Link.Target) 423 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Link.Target) 424 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Link.Target) 425 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Link.Target) 426 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Link.Target) 427 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Link.Target) 428 if !forADs { 429 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Link.Target) 430 } 431 case "load_module": 432 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.LoadModule.File.FileFields) 433 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.LoadModule.File.FileFields) 434 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.LoadModule.File.FileFields) 435 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.LoadModule.File) 436 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.LoadModule.File) 437 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.LoadModule.File) 438 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.LoadModule.File) 439 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.LoadModule.File) 440 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.LoadModule.File) 441 if !forADs { 442 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.LoadModule.File) 443 } 444 _ = ev.FieldHandlers.ResolveModuleArgs(ev, &ev.LoadModule) 445 _ = ev.FieldHandlers.ResolveModuleArgv(ev, &ev.LoadModule) 446 case "mkdir": 447 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Mkdir.File.FileFields) 448 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Mkdir.File.FileFields) 449 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Mkdir.File.FileFields) 450 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Mkdir.File) 451 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Mkdir.File) 452 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Mkdir.File) 453 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Mkdir.File) 454 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Mkdir.File) 455 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Mkdir.File) 456 if !forADs { 457 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Mkdir.File) 458 } 459 case "mmap": 460 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.MMap.File.FileFields) 461 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.MMap.File.FileFields) 462 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.MMap.File.FileFields) 463 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.MMap.File) 464 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.MMap.File) 465 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.MMap.File) 466 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.MMap.File) 467 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.MMap.File) 468 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.MMap.File) 469 if !forADs { 470 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.MMap.File) 471 } 472 case "mount": 473 _ = ev.FieldHandlers.ResolveMountPointPath(ev, &ev.Mount) 474 _ = ev.FieldHandlers.ResolveMountSourcePath(ev, &ev.Mount) 475 _ = ev.FieldHandlers.ResolveMountRootPath(ev, &ev.Mount) 476 case "mprotect": 477 case "open": 478 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Open.File.FileFields) 479 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Open.File.FileFields) 480 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Open.File.FileFields) 481 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Open.File) 482 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Open.File) 483 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Open.File) 484 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Open.File) 485 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Open.File) 486 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Open.File) 487 if !forADs { 488 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Open.File) 489 } 490 case "ptrace": 491 if ev.PTrace.Tracee.Process.IsNotKworker() { 492 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.PTrace.Tracee.Process.FileEvent.FileFields) 493 } 494 if ev.PTrace.Tracee.Process.IsNotKworker() { 495 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.PTrace.Tracee.Process.FileEvent.FileFields) 496 } 497 if ev.PTrace.Tracee.Process.IsNotKworker() { 498 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.PTrace.Tracee.Process.FileEvent.FileFields) 499 } 500 if ev.PTrace.Tracee.Process.IsNotKworker() { 501 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.PTrace.Tracee.Process.FileEvent) 502 } 503 if ev.PTrace.Tracee.Process.IsNotKworker() { 504 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.PTrace.Tracee.Process.FileEvent) 505 } 506 if ev.PTrace.Tracee.Process.IsNotKworker() { 507 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.PTrace.Tracee.Process.FileEvent) 508 } 509 if ev.PTrace.Tracee.Process.IsNotKworker() { 510 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.PTrace.Tracee.Process.FileEvent) 511 } 512 if ev.PTrace.Tracee.Process.IsNotKworker() { 513 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.PTrace.Tracee.Process.FileEvent) 514 } 515 if ev.PTrace.Tracee.Process.IsNotKworker() { 516 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.PTrace.Tracee.Process.FileEvent) 517 } 518 if ev.PTrace.Tracee.Process.IsNotKworker() { 519 if !forADs { 520 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.PTrace.Tracee.Process.FileEvent) 521 } 522 } 523 if ev.PTrace.Tracee.Process.HasInterpreter() { 524 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent.FileFields) 525 } 526 if ev.PTrace.Tracee.Process.HasInterpreter() { 527 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent.FileFields) 528 } 529 if ev.PTrace.Tracee.Process.HasInterpreter() { 530 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent.FileFields) 531 } 532 if ev.PTrace.Tracee.Process.HasInterpreter() { 533 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 534 } 535 if ev.PTrace.Tracee.Process.HasInterpreter() { 536 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 537 } 538 if ev.PTrace.Tracee.Process.HasInterpreter() { 539 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 540 } 541 if ev.PTrace.Tracee.Process.HasInterpreter() { 542 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 543 } 544 if ev.PTrace.Tracee.Process.HasInterpreter() { 545 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 546 } 547 if ev.PTrace.Tracee.Process.HasInterpreter() { 548 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 549 } 550 if ev.PTrace.Tracee.Process.HasInterpreter() { 551 if !forADs { 552 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.PTrace.Tracee.Process.LinuxBinprm.FileEvent) 553 } 554 } 555 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, &ev.PTrace.Tracee.Process) 556 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.PTrace.Tracee.Process.UserSession) 557 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.PTrace.Tracee.Process.UserSession) 558 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.PTrace.Tracee.Process.UserSession) 559 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, &ev.PTrace.Tracee.Process) 560 _ = ev.FieldHandlers.ResolveProcessArgs(ev, &ev.PTrace.Tracee.Process) 561 _ = ev.FieldHandlers.ResolveProcessArgv(ev, &ev.PTrace.Tracee.Process) 562 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, &ev.PTrace.Tracee.Process) 563 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, &ev.PTrace.Tracee.Process) 564 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, &ev.PTrace.Tracee.Process) 565 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, &ev.PTrace.Tracee.Process) 566 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 567 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.PTrace.Tracee.Parent.FileEvent.FileFields) 568 } 569 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 570 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.PTrace.Tracee.Parent.FileEvent.FileFields) 571 } 572 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 573 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.PTrace.Tracee.Parent.FileEvent.FileFields) 574 } 575 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 576 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.PTrace.Tracee.Parent.FileEvent) 577 } 578 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 579 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.PTrace.Tracee.Parent.FileEvent) 580 } 581 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 582 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.PTrace.Tracee.Parent.FileEvent) 583 } 584 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 585 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.PTrace.Tracee.Parent.FileEvent) 586 } 587 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 588 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.PTrace.Tracee.Parent.FileEvent) 589 } 590 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 591 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.PTrace.Tracee.Parent.FileEvent) 592 } 593 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.IsNotKworker() { 594 if !forADs { 595 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.PTrace.Tracee.Parent.FileEvent) 596 } 597 } 598 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 599 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent.FileFields) 600 } 601 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 602 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent.FileFields) 603 } 604 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 605 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent.FileFields) 606 } 607 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 608 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 609 } 610 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 611 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 612 } 613 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 614 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 615 } 616 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 617 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 618 } 619 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 620 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 621 } 622 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 623 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 624 } 625 if ev.PTrace.Tracee.HasParent() && ev.PTrace.Tracee.Parent.HasInterpreter() { 626 if !forADs { 627 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.PTrace.Tracee.Parent.LinuxBinprm.FileEvent) 628 } 629 } 630 if ev.PTrace.Tracee.HasParent() { 631 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.PTrace.Tracee.Parent) 632 } 633 if ev.PTrace.Tracee.HasParent() { 634 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.PTrace.Tracee.Parent.UserSession) 635 } 636 if ev.PTrace.Tracee.HasParent() { 637 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.PTrace.Tracee.Parent.UserSession) 638 } 639 if ev.PTrace.Tracee.HasParent() { 640 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.PTrace.Tracee.Parent.UserSession) 641 } 642 if ev.PTrace.Tracee.HasParent() { 643 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, ev.PTrace.Tracee.Parent) 644 } 645 if ev.PTrace.Tracee.HasParent() { 646 _ = ev.FieldHandlers.ResolveProcessArgs(ev, ev.PTrace.Tracee.Parent) 647 } 648 if ev.PTrace.Tracee.HasParent() { 649 _ = ev.FieldHandlers.ResolveProcessArgv(ev, ev.PTrace.Tracee.Parent) 650 } 651 if ev.PTrace.Tracee.HasParent() { 652 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, ev.PTrace.Tracee.Parent) 653 } 654 if ev.PTrace.Tracee.HasParent() { 655 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.PTrace.Tracee.Parent) 656 } 657 if ev.PTrace.Tracee.HasParent() { 658 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.PTrace.Tracee.Parent) 659 } 660 if ev.PTrace.Tracee.HasParent() { 661 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, ev.PTrace.Tracee.Parent) 662 } 663 case "removexattr": 664 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.RemoveXAttr.File.FileFields) 665 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.RemoveXAttr.File.FileFields) 666 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.RemoveXAttr.File.FileFields) 667 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.RemoveXAttr.File) 668 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.RemoveXAttr.File) 669 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.RemoveXAttr.File) 670 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.RemoveXAttr.File) 671 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.RemoveXAttr.File) 672 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.RemoveXAttr.File) 673 if !forADs { 674 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.RemoveXAttr.File) 675 } 676 _ = ev.FieldHandlers.ResolveXAttrNamespace(ev, &ev.RemoveXAttr) 677 _ = ev.FieldHandlers.ResolveXAttrName(ev, &ev.RemoveXAttr) 678 case "rename": 679 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Rename.Old.FileFields) 680 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Rename.Old.FileFields) 681 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Rename.Old.FileFields) 682 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Rename.Old) 683 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Rename.Old) 684 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Rename.Old) 685 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Rename.Old) 686 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Rename.Old) 687 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Rename.Old) 688 if !forADs { 689 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Rename.Old) 690 } 691 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Rename.New.FileFields) 692 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Rename.New.FileFields) 693 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Rename.New.FileFields) 694 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Rename.New) 695 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Rename.New) 696 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Rename.New) 697 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Rename.New) 698 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Rename.New) 699 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Rename.New) 700 if !forADs { 701 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Rename.New) 702 } 703 case "rmdir": 704 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Rmdir.File.FileFields) 705 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Rmdir.File.FileFields) 706 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Rmdir.File.FileFields) 707 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Rmdir.File) 708 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Rmdir.File) 709 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Rmdir.File) 710 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Rmdir.File) 711 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Rmdir.File) 712 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Rmdir.File) 713 if !forADs { 714 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Rmdir.File) 715 } 716 case "selinux": 717 _ = ev.FieldHandlers.ResolveSELinuxBoolName(ev, &ev.SELinux) 718 case "setgid": 719 _ = ev.FieldHandlers.ResolveSetgidGroup(ev, &ev.SetGID) 720 _ = ev.FieldHandlers.ResolveSetgidEGroup(ev, &ev.SetGID) 721 _ = ev.FieldHandlers.ResolveSetgidFSGroup(ev, &ev.SetGID) 722 case "setuid": 723 _ = ev.FieldHandlers.ResolveSetuidUser(ev, &ev.SetUID) 724 _ = ev.FieldHandlers.ResolveSetuidEUser(ev, &ev.SetUID) 725 _ = ev.FieldHandlers.ResolveSetuidFSUser(ev, &ev.SetUID) 726 case "setxattr": 727 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.SetXAttr.File.FileFields) 728 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.SetXAttr.File.FileFields) 729 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.SetXAttr.File.FileFields) 730 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.SetXAttr.File) 731 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.SetXAttr.File) 732 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.SetXAttr.File) 733 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.SetXAttr.File) 734 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.SetXAttr.File) 735 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.SetXAttr.File) 736 if !forADs { 737 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.SetXAttr.File) 738 } 739 _ = ev.FieldHandlers.ResolveXAttrNamespace(ev, &ev.SetXAttr) 740 _ = ev.FieldHandlers.ResolveXAttrName(ev, &ev.SetXAttr) 741 case "signal": 742 if ev.Signal.Target.Process.IsNotKworker() { 743 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Signal.Target.Process.FileEvent.FileFields) 744 } 745 if ev.Signal.Target.Process.IsNotKworker() { 746 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Signal.Target.Process.FileEvent.FileFields) 747 } 748 if ev.Signal.Target.Process.IsNotKworker() { 749 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Signal.Target.Process.FileEvent.FileFields) 750 } 751 if ev.Signal.Target.Process.IsNotKworker() { 752 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Signal.Target.Process.FileEvent) 753 } 754 if ev.Signal.Target.Process.IsNotKworker() { 755 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Signal.Target.Process.FileEvent) 756 } 757 if ev.Signal.Target.Process.IsNotKworker() { 758 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Signal.Target.Process.FileEvent) 759 } 760 if ev.Signal.Target.Process.IsNotKworker() { 761 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Signal.Target.Process.FileEvent) 762 } 763 if ev.Signal.Target.Process.IsNotKworker() { 764 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Signal.Target.Process.FileEvent) 765 } 766 if ev.Signal.Target.Process.IsNotKworker() { 767 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Signal.Target.Process.FileEvent) 768 } 769 if ev.Signal.Target.Process.IsNotKworker() { 770 if !forADs { 771 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Signal.Target.Process.FileEvent) 772 } 773 } 774 if ev.Signal.Target.Process.HasInterpreter() { 775 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent.FileFields) 776 } 777 if ev.Signal.Target.Process.HasInterpreter() { 778 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent.FileFields) 779 } 780 if ev.Signal.Target.Process.HasInterpreter() { 781 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent.FileFields) 782 } 783 if ev.Signal.Target.Process.HasInterpreter() { 784 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 785 } 786 if ev.Signal.Target.Process.HasInterpreter() { 787 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 788 } 789 if ev.Signal.Target.Process.HasInterpreter() { 790 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 791 } 792 if ev.Signal.Target.Process.HasInterpreter() { 793 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 794 } 795 if ev.Signal.Target.Process.HasInterpreter() { 796 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 797 } 798 if ev.Signal.Target.Process.HasInterpreter() { 799 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 800 } 801 if ev.Signal.Target.Process.HasInterpreter() { 802 if !forADs { 803 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Signal.Target.Process.LinuxBinprm.FileEvent) 804 } 805 } 806 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, &ev.Signal.Target.Process) 807 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.Signal.Target.Process.UserSession) 808 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.Signal.Target.Process.UserSession) 809 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.Signal.Target.Process.UserSession) 810 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, &ev.Signal.Target.Process) 811 _ = ev.FieldHandlers.ResolveProcessArgs(ev, &ev.Signal.Target.Process) 812 _ = ev.FieldHandlers.ResolveProcessArgv(ev, &ev.Signal.Target.Process) 813 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, &ev.Signal.Target.Process) 814 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, &ev.Signal.Target.Process) 815 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, &ev.Signal.Target.Process) 816 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, &ev.Signal.Target.Process) 817 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 818 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Signal.Target.Parent.FileEvent.FileFields) 819 } 820 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 821 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Signal.Target.Parent.FileEvent.FileFields) 822 } 823 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 824 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Signal.Target.Parent.FileEvent.FileFields) 825 } 826 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 827 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Signal.Target.Parent.FileEvent) 828 } 829 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 830 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Signal.Target.Parent.FileEvent) 831 } 832 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 833 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Signal.Target.Parent.FileEvent) 834 } 835 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 836 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Signal.Target.Parent.FileEvent) 837 } 838 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 839 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Signal.Target.Parent.FileEvent) 840 } 841 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 842 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Signal.Target.Parent.FileEvent) 843 } 844 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.IsNotKworker() { 845 if !forADs { 846 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Signal.Target.Parent.FileEvent) 847 } 848 } 849 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 850 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent.FileFields) 851 } 852 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 853 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent.FileFields) 854 } 855 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 856 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent.FileFields) 857 } 858 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 859 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 860 } 861 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 862 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 863 } 864 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 865 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 866 } 867 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 868 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 869 } 870 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 871 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 872 } 873 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 874 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 875 } 876 if ev.Signal.Target.HasParent() && ev.Signal.Target.Parent.HasInterpreter() { 877 if !forADs { 878 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Signal.Target.Parent.LinuxBinprm.FileEvent) 879 } 880 } 881 if ev.Signal.Target.HasParent() { 882 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.Signal.Target.Parent) 883 } 884 if ev.Signal.Target.HasParent() { 885 _ = ev.FieldHandlers.ResolveK8SUsername(ev, &ev.Signal.Target.Parent.UserSession) 886 } 887 if ev.Signal.Target.HasParent() { 888 _ = ev.FieldHandlers.ResolveK8SUID(ev, &ev.Signal.Target.Parent.UserSession) 889 } 890 if ev.Signal.Target.HasParent() { 891 _ = ev.FieldHandlers.ResolveK8SGroups(ev, &ev.Signal.Target.Parent.UserSession) 892 } 893 if ev.Signal.Target.HasParent() { 894 _ = ev.FieldHandlers.ResolveProcessArgv0(ev, ev.Signal.Target.Parent) 895 } 896 if ev.Signal.Target.HasParent() { 897 _ = ev.FieldHandlers.ResolveProcessArgs(ev, ev.Signal.Target.Parent) 898 } 899 if ev.Signal.Target.HasParent() { 900 _ = ev.FieldHandlers.ResolveProcessArgv(ev, ev.Signal.Target.Parent) 901 } 902 if ev.Signal.Target.HasParent() { 903 _ = ev.FieldHandlers.ResolveProcessArgsTruncated(ev, ev.Signal.Target.Parent) 904 } 905 if ev.Signal.Target.HasParent() { 906 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.Signal.Target.Parent) 907 } 908 if ev.Signal.Target.HasParent() { 909 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.Signal.Target.Parent) 910 } 911 if ev.Signal.Target.HasParent() { 912 _ = ev.FieldHandlers.ResolveProcessEnvsTruncated(ev, ev.Signal.Target.Parent) 913 } 914 case "splice": 915 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Splice.File.FileFields) 916 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Splice.File.FileFields) 917 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Splice.File.FileFields) 918 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Splice.File) 919 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Splice.File) 920 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Splice.File) 921 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Splice.File) 922 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Splice.File) 923 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Splice.File) 924 if !forADs { 925 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Splice.File) 926 } 927 case "unlink": 928 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Unlink.File.FileFields) 929 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Unlink.File.FileFields) 930 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Unlink.File.FileFields) 931 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Unlink.File) 932 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Unlink.File) 933 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Unlink.File) 934 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Unlink.File) 935 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Unlink.File) 936 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Unlink.File) 937 if !forADs { 938 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Unlink.File) 939 } 940 case "unload_module": 941 case "utimes": 942 _ = ev.FieldHandlers.ResolveFileFieldsUser(ev, &ev.Utimes.File.FileFields) 943 _ = ev.FieldHandlers.ResolveFileFieldsGroup(ev, &ev.Utimes.File.FileFields) 944 _ = ev.FieldHandlers.ResolveFileFieldsInUpperLayer(ev, &ev.Utimes.File.FileFields) 945 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Utimes.File) 946 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Utimes.File) 947 _ = ev.FieldHandlers.ResolveFileFilesystem(ev, &ev.Utimes.File) 948 _ = ev.FieldHandlers.ResolvePackageName(ev, &ev.Utimes.File) 949 _ = ev.FieldHandlers.ResolvePackageVersion(ev, &ev.Utimes.File) 950 _ = ev.FieldHandlers.ResolvePackageSourceVersion(ev, &ev.Utimes.File) 951 if !forADs { 952 _ = ev.FieldHandlers.ResolveHashesFromEvent(ev, &ev.Utimes.File) 953 } 954 } 955 } 956 957 type FieldHandlers interface { 958 ResolveAsync(ev *Event) bool 959 ResolveChownGID(ev *Event, e *ChownEvent) string 960 ResolveChownUID(ev *Event, e *ChownEvent) string 961 ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int 962 ResolveContainerID(ev *Event, e *ContainerContext) string 963 ResolveContainerTags(ev *Event, e *ContainerContext) []string 964 ResolveEventTime(ev *Event, e *BaseEvent) time.Time 965 ResolveEventTimestamp(ev *Event, e *BaseEvent) int 966 ResolveFileBasename(ev *Event, e *FileEvent) string 967 ResolveFileFieldsGroup(ev *Event, e *FileFields) string 968 ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool 969 ResolveFileFieldsUser(ev *Event, e *FileFields) string 970 ResolveFileFilesystem(ev *Event, e *FileEvent) string 971 ResolveFilePath(ev *Event, e *FileEvent) string 972 ResolveHashesFromEvent(ev *Event, e *FileEvent) []string 973 ResolveK8SGroups(ev *Event, e *UserSessionContext) []string 974 ResolveK8SUID(ev *Event, e *UserSessionContext) string 975 ResolveK8SUsername(ev *Event, e *UserSessionContext) string 976 ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string 977 ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string 978 ResolveMountPointPath(ev *Event, e *MountEvent) string 979 ResolveMountRootPath(ev *Event, e *MountEvent) string 980 ResolveMountSourcePath(ev *Event, e *MountEvent) string 981 ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string 982 ResolvePackageName(ev *Event, e *FileEvent) string 983 ResolvePackageSourceVersion(ev *Event, e *FileEvent) string 984 ResolvePackageVersion(ev *Event, e *FileEvent) string 985 ResolveProcessArgs(ev *Event, e *Process) string 986 ResolveProcessArgsFlags(ev *Event, e *Process) []string 987 ResolveProcessArgsOptions(ev *Event, e *Process) []string 988 ResolveProcessArgsScrubbed(ev *Event, e *Process) string 989 ResolveProcessArgsTruncated(ev *Event, e *Process) bool 990 ResolveProcessArgv(ev *Event, e *Process) []string 991 ResolveProcessArgv0(ev *Event, e *Process) string 992 ResolveProcessArgvScrubbed(ev *Event, e *Process) []string 993 ResolveProcessCmdArgv(ev *Event, e *Process) []string 994 ResolveProcessCreatedAt(ev *Event, e *Process) int 995 ResolveProcessEnvp(ev *Event, e *Process) []string 996 ResolveProcessEnvs(ev *Event, e *Process) []string 997 ResolveProcessEnvsTruncated(ev *Event, e *Process) bool 998 ResolveRights(ev *Event, e *FileFields) int 999 ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string 1000 ResolveService(ev *Event, e *BaseEvent) string 1001 ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string 1002 ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string 1003 ResolveSetgidGroup(ev *Event, e *SetgidEvent) string 1004 ResolveSetuidEUser(ev *Event, e *SetuidEvent) string 1005 ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string 1006 ResolveSetuidUser(ev *Event, e *SetuidEvent) string 1007 ResolveXAttrName(ev *Event, e *SetXAttrEvent) string 1008 ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string 1009 // custom handlers not tied to any fields 1010 ExtraFieldHandlers 1011 } 1012 type FakeFieldHandlers struct{} 1013 1014 func (dfh *FakeFieldHandlers) ResolveAsync(ev *Event) bool { return ev.Async } 1015 func (dfh *FakeFieldHandlers) ResolveChownGID(ev *Event, e *ChownEvent) string { return e.Group } 1016 func (dfh *FakeFieldHandlers) ResolveChownUID(ev *Event, e *ChownEvent) string { return e.User } 1017 func (dfh *FakeFieldHandlers) ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int { 1018 return int(e.CreatedAt) 1019 } 1020 func (dfh *FakeFieldHandlers) ResolveContainerID(ev *Event, e *ContainerContext) string { return e.ID } 1021 func (dfh *FakeFieldHandlers) ResolveContainerTags(ev *Event, e *ContainerContext) []string { 1022 return e.Tags 1023 } 1024 func (dfh *FakeFieldHandlers) ResolveEventTime(ev *Event, e *BaseEvent) time.Time { return e.Timestamp } 1025 func (dfh *FakeFieldHandlers) ResolveEventTimestamp(ev *Event, e *BaseEvent) int { 1026 return int(e.TimestampRaw) 1027 } 1028 func (dfh *FakeFieldHandlers) ResolveFileBasename(ev *Event, e *FileEvent) string { 1029 return e.BasenameStr 1030 } 1031 func (dfh *FakeFieldHandlers) ResolveFileFieldsGroup(ev *Event, e *FileFields) string { return e.Group } 1032 func (dfh *FakeFieldHandlers) ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool { 1033 return e.InUpperLayer 1034 } 1035 func (dfh *FakeFieldHandlers) ResolveFileFieldsUser(ev *Event, e *FileFields) string { return e.User } 1036 func (dfh *FakeFieldHandlers) ResolveFileFilesystem(ev *Event, e *FileEvent) string { 1037 return e.Filesystem 1038 } 1039 func (dfh *FakeFieldHandlers) ResolveFilePath(ev *Event, e *FileEvent) string { return e.PathnameStr } 1040 func (dfh *FakeFieldHandlers) ResolveHashesFromEvent(ev *Event, e *FileEvent) []string { 1041 return e.Hashes 1042 } 1043 func (dfh *FakeFieldHandlers) ResolveK8SGroups(ev *Event, e *UserSessionContext) []string { 1044 return e.K8SGroups 1045 } 1046 func (dfh *FakeFieldHandlers) ResolveK8SUID(ev *Event, e *UserSessionContext) string { return e.K8SUID } 1047 func (dfh *FakeFieldHandlers) ResolveK8SUsername(ev *Event, e *UserSessionContext) string { 1048 return e.K8SUsername 1049 } 1050 func (dfh *FakeFieldHandlers) ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string { return e.Args } 1051 func (dfh *FakeFieldHandlers) ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string { 1052 return e.Argv 1053 } 1054 func (dfh *FakeFieldHandlers) ResolveMountPointPath(ev *Event, e *MountEvent) string { 1055 return e.MountPointPath 1056 } 1057 func (dfh *FakeFieldHandlers) ResolveMountRootPath(ev *Event, e *MountEvent) string { 1058 return e.MountRootPath 1059 } 1060 func (dfh *FakeFieldHandlers) ResolveMountSourcePath(ev *Event, e *MountEvent) string { 1061 return e.MountSourcePath 1062 } 1063 func (dfh *FakeFieldHandlers) ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string { 1064 return e.IfName 1065 } 1066 func (dfh *FakeFieldHandlers) ResolvePackageName(ev *Event, e *FileEvent) string { return e.PkgName } 1067 func (dfh *FakeFieldHandlers) ResolvePackageSourceVersion(ev *Event, e *FileEvent) string { 1068 return e.PkgSrcVersion 1069 } 1070 func (dfh *FakeFieldHandlers) ResolvePackageVersion(ev *Event, e *FileEvent) string { 1071 return e.PkgVersion 1072 } 1073 func (dfh *FakeFieldHandlers) ResolveProcessArgs(ev *Event, e *Process) string { return e.Args } 1074 func (dfh *FakeFieldHandlers) ResolveProcessArgsFlags(ev *Event, e *Process) []string { return e.Argv } 1075 func (dfh *FakeFieldHandlers) ResolveProcessArgsOptions(ev *Event, e *Process) []string { 1076 return e.Argv 1077 } 1078 func (dfh *FakeFieldHandlers) ResolveProcessArgsScrubbed(ev *Event, e *Process) string { 1079 return e.ArgsScrubbed 1080 } 1081 func (dfh *FakeFieldHandlers) ResolveProcessArgsTruncated(ev *Event, e *Process) bool { 1082 return e.ArgsTruncated 1083 } 1084 func (dfh *FakeFieldHandlers) ResolveProcessArgv(ev *Event, e *Process) []string { return e.Argv } 1085 func (dfh *FakeFieldHandlers) ResolveProcessArgv0(ev *Event, e *Process) string { return e.Argv0 } 1086 func (dfh *FakeFieldHandlers) ResolveProcessArgvScrubbed(ev *Event, e *Process) []string { 1087 return e.ArgvScrubbed 1088 } 1089 func (dfh *FakeFieldHandlers) ResolveProcessCmdArgv(ev *Event, e *Process) []string { return e.Argv } 1090 func (dfh *FakeFieldHandlers) ResolveProcessCreatedAt(ev *Event, e *Process) int { 1091 return int(e.CreatedAt) 1092 } 1093 func (dfh *FakeFieldHandlers) ResolveProcessEnvp(ev *Event, e *Process) []string { return e.Envp } 1094 func (dfh *FakeFieldHandlers) ResolveProcessEnvs(ev *Event, e *Process) []string { return e.Envs } 1095 func (dfh *FakeFieldHandlers) ResolveProcessEnvsTruncated(ev *Event, e *Process) bool { 1096 return e.EnvsTruncated 1097 } 1098 func (dfh *FakeFieldHandlers) ResolveRights(ev *Event, e *FileFields) int { return int(e.Mode) } 1099 func (dfh *FakeFieldHandlers) ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string { 1100 return e.BoolName 1101 } 1102 func (dfh *FakeFieldHandlers) ResolveService(ev *Event, e *BaseEvent) string { return e.Service } 1103 func (dfh *FakeFieldHandlers) ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string { return e.EGroup } 1104 func (dfh *FakeFieldHandlers) ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string { 1105 return e.FSGroup 1106 } 1107 func (dfh *FakeFieldHandlers) ResolveSetgidGroup(ev *Event, e *SetgidEvent) string { return e.Group } 1108 func (dfh *FakeFieldHandlers) ResolveSetuidEUser(ev *Event, e *SetuidEvent) string { return e.EUser } 1109 func (dfh *FakeFieldHandlers) ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string { return e.FSUser } 1110 func (dfh *FakeFieldHandlers) ResolveSetuidUser(ev *Event, e *SetuidEvent) string { return e.User } 1111 func (dfh *FakeFieldHandlers) ResolveXAttrName(ev *Event, e *SetXAttrEvent) string { return e.Name } 1112 func (dfh *FakeFieldHandlers) ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string { 1113 return e.Namespace 1114 }