github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/model/field_handlers_windows.go (about) 1 // Unless explicitly stated otherwise all files in this repository are licensed 2 // under the Apache License Version 2.0. 3 // This product includes software developed at Datadog (https://www.datadoghq.com/). 4 // Copyright 2022-present Datadog, Inc. 5 // Code generated - DO NOT EDIT. 6 7 //go:build windows 8 9 package model 10 11 import ( 12 "time" 13 ) 14 15 // ResolveFields resolves all the fields associate to the event type. Context fields are automatically resolved. 16 func (ev *Event) ResolveFields() { 17 ev.resolveFields(false) 18 } 19 20 // ResolveFieldsForAD resolves all the fields associate to the event type. Context fields are automatically resolved. 21 func (ev *Event) ResolveFieldsForAD() { 22 ev.resolveFields(true) 23 } 24 func (ev *Event) resolveFields(forADs bool) { 25 // resolve context fields that are not related to any event type 26 _ = ev.FieldHandlers.ResolveContainerCreatedAt(ev, ev.BaseEvent.ContainerContext) 27 _ = ev.FieldHandlers.ResolveContainerID(ev, ev.BaseEvent.ContainerContext) 28 if !forADs { 29 _ = ev.FieldHandlers.ResolveContainerTags(ev, ev.BaseEvent.ContainerContext) 30 } 31 _ = ev.FieldHandlers.ResolveService(ev, &ev.BaseEvent) 32 _ = ev.FieldHandlers.ResolveEventTimestamp(ev, &ev.BaseEvent) 33 _ = ev.FieldHandlers.ResolveProcessCmdLine(ev, &ev.BaseEvent.ProcessContext.Process) 34 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, &ev.BaseEvent.ProcessContext.Process) 35 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, &ev.BaseEvent.ProcessContext.Process) 36 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, &ev.BaseEvent.ProcessContext.Process) 37 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 38 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.BaseEvent.ProcessContext.Process.FileEvent) 39 if ev.BaseEvent.ProcessContext.HasParent() { 40 _ = ev.FieldHandlers.ResolveProcessCmdLine(ev, ev.BaseEvent.ProcessContext.Parent) 41 } 42 if ev.BaseEvent.ProcessContext.HasParent() { 43 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.BaseEvent.ProcessContext.Parent) 44 } 45 if ev.BaseEvent.ProcessContext.HasParent() { 46 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.BaseEvent.ProcessContext.Parent) 47 } 48 if ev.BaseEvent.ProcessContext.HasParent() { 49 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.BaseEvent.ProcessContext.Parent) 50 } 51 if ev.BaseEvent.ProcessContext.HasParent() { 52 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 53 } 54 if ev.BaseEvent.ProcessContext.HasParent() { 55 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.BaseEvent.ProcessContext.Parent.FileEvent) 56 } 57 if ev.BaseEvent.ProcessContext.HasParent() { 58 _ = ev.FieldHandlers.ResolveUser(ev, ev.BaseEvent.ProcessContext.Parent) 59 } 60 _ = ev.FieldHandlers.ResolveUser(ev, &ev.BaseEvent.ProcessContext.Process) 61 // resolve event specific fields 62 switch ev.GetEventType().String() { 63 case "create": 64 _ = ev.FieldHandlers.ResolveFimFilePath(ev, &ev.CreateNewFile.File) 65 _ = ev.FieldHandlers.ResolveFimFileBasename(ev, &ev.CreateNewFile.File) 66 case "create_key": 67 case "delete": 68 _ = ev.FieldHandlers.ResolveFimFilePath(ev, &ev.DeleteFile.File) 69 _ = ev.FieldHandlers.ResolveFimFileBasename(ev, &ev.DeleteFile.File) 70 case "delete_key": 71 case "exec": 72 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Exec.Process.FileEvent) 73 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Exec.Process.FileEvent) 74 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.Exec.Process) 75 _ = ev.FieldHandlers.ResolveProcessCmdLine(ev, ev.Exec.Process) 76 _ = ev.FieldHandlers.ResolveUser(ev, ev.Exec.Process) 77 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.Exec.Process) 78 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.Exec.Process) 79 case "exit": 80 _ = ev.FieldHandlers.ResolveFilePath(ev, &ev.Exit.Process.FileEvent) 81 _ = ev.FieldHandlers.ResolveFileBasename(ev, &ev.Exit.Process.FileEvent) 82 _ = ev.FieldHandlers.ResolveProcessCreatedAt(ev, ev.Exit.Process) 83 _ = ev.FieldHandlers.ResolveProcessCmdLine(ev, ev.Exit.Process) 84 _ = ev.FieldHandlers.ResolveUser(ev, ev.Exit.Process) 85 _ = ev.FieldHandlers.ResolveProcessEnvs(ev, ev.Exit.Process) 86 _ = ev.FieldHandlers.ResolveProcessEnvp(ev, ev.Exit.Process) 87 case "open_key": 88 case "rename": 89 _ = ev.FieldHandlers.ResolveFimFilePath(ev, &ev.RenameFile.Old) 90 _ = ev.FieldHandlers.ResolveFimFileBasename(ev, &ev.RenameFile.Old) 91 _ = ev.FieldHandlers.ResolveFimFilePath(ev, &ev.RenameFile.New) 92 _ = ev.FieldHandlers.ResolveFimFileBasename(ev, &ev.RenameFile.New) 93 case "set_key_value": 94 case "write": 95 _ = ev.FieldHandlers.ResolveFimFilePath(ev, &ev.WriteFile.File) 96 _ = ev.FieldHandlers.ResolveFimFileBasename(ev, &ev.WriteFile.File) 97 } 98 } 99 100 type FieldHandlers interface { 101 ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int 102 ResolveContainerID(ev *Event, e *ContainerContext) string 103 ResolveContainerTags(ev *Event, e *ContainerContext) []string 104 ResolveEventTime(ev *Event, e *BaseEvent) time.Time 105 ResolveEventTimestamp(ev *Event, e *BaseEvent) int 106 ResolveFileBasename(ev *Event, e *FileEvent) string 107 ResolveFilePath(ev *Event, e *FileEvent) string 108 ResolveFimFileBasename(ev *Event, e *FimFileEvent) string 109 ResolveFimFilePath(ev *Event, e *FimFileEvent) string 110 ResolveProcessCmdLine(ev *Event, e *Process) string 111 ResolveProcessCmdLineScrubbed(ev *Event, e *Process) string 112 ResolveProcessCreatedAt(ev *Event, e *Process) int 113 ResolveProcessEnvp(ev *Event, e *Process) []string 114 ResolveProcessEnvs(ev *Event, e *Process) []string 115 ResolveService(ev *Event, e *BaseEvent) string 116 ResolveUser(ev *Event, e *Process) string 117 // custom handlers not tied to any fields 118 ExtraFieldHandlers 119 } 120 type FakeFieldHandlers struct{} 121 122 func (dfh *FakeFieldHandlers) ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int { 123 return int(e.CreatedAt) 124 } 125 func (dfh *FakeFieldHandlers) ResolveContainerID(ev *Event, e *ContainerContext) string { return e.ID } 126 func (dfh *FakeFieldHandlers) ResolveContainerTags(ev *Event, e *ContainerContext) []string { 127 return e.Tags 128 } 129 func (dfh *FakeFieldHandlers) ResolveEventTime(ev *Event, e *BaseEvent) time.Time { return e.Timestamp } 130 func (dfh *FakeFieldHandlers) ResolveEventTimestamp(ev *Event, e *BaseEvent) int { 131 return int(e.TimestampRaw) 132 } 133 func (dfh *FakeFieldHandlers) ResolveFileBasename(ev *Event, e *FileEvent) string { 134 return e.BasenameStr 135 } 136 func (dfh *FakeFieldHandlers) ResolveFilePath(ev *Event, e *FileEvent) string { return e.PathnameStr } 137 func (dfh *FakeFieldHandlers) ResolveFimFileBasename(ev *Event, e *FimFileEvent) string { 138 return e.BasenameStr 139 } 140 func (dfh *FakeFieldHandlers) ResolveFimFilePath(ev *Event, e *FimFileEvent) string { 141 return e.PathnameStr 142 } 143 func (dfh *FakeFieldHandlers) ResolveProcessCmdLine(ev *Event, e *Process) string { return e.CmdLine } 144 func (dfh *FakeFieldHandlers) ResolveProcessCmdLineScrubbed(ev *Event, e *Process) string { 145 return e.CmdLineScrubbed 146 } 147 func (dfh *FakeFieldHandlers) ResolveProcessCreatedAt(ev *Event, e *Process) int { 148 return int(e.CreatedAt) 149 } 150 func (dfh *FakeFieldHandlers) ResolveProcessEnvp(ev *Event, e *Process) []string { return e.Envp } 151 func (dfh *FakeFieldHandlers) ResolveProcessEnvs(ev *Event, e *Process) []string { return e.Envs } 152 func (dfh *FakeFieldHandlers) ResolveService(ev *Event, e *BaseEvent) string { return e.Service } 153 func (dfh *FakeFieldHandlers) ResolveUser(ev *Event, e *Process) string { return e.User }