github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/model/legacy_secl.go

github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/model/legacy_secl.go (about)

     1  // Unless explicitly stated otherwise all files in this repository are licensed
     2  // under the Apache License Version 2.0.
     3  // This product includes software developed at Datadog (https://www.datadoghq.com/).
     4  // Copyright 2016-2020 Datadog, Inc.
     5  
     6  // Package model holds model related files
     7  package model
     8  
     9  import "github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
    10  
    11  // SECLLegacyFields contains the list of the legacy attributes we need to support
    12  var SECLLegacyFields = map[eval.Field]eval.Field{
    13  	// event
    14  	"async": "event.async",
    15  
    16  	// chmod
    17  	"chmod.filename": "chmod.file.path",
    18  	"chmod.basename": "chmod.file.name",
    19  	"chmod.mode":     "chmod.file.destination.mode",
    20  
    21  	// chown
    22  	"chown.filename": "chown.file.path",
    23  	"chown.basename": "chown.file.name",
    24  	"chown.uid":      "chown.file.destination.uid",
    25  	"chown.user":     "chown.file.destination.user",
    26  	"chown.gid":      "chown.file.destination.gid",
    27  	"chown.group":    "chown.file.destination.group",
    28  
    29  	// open
    30  	"open.filename": "open.file.path",
    31  	"open.basename": "open.file.name",
    32  	"open.mode":     "open.file.destination.mode",
    33  
    34  	// mkdir
    35  	"mkdir.filename": "mkdir.file.path",
    36  	"mkdir.basename": "mkdir.file.name",
    37  	"mkdir.mode":     "mkdir.file.destination.mode",
    38  
    39  	// rmdir
    40  	"rmdir.filename": "rmdir.file.path",
    41  	"rmdir.basename": "rmdir.file.name",
    42  
    43  	// rename
    44  	"rename.old.filename": "rename.file.path",
    45  	"rename.old.basename": "rename.file.name",
    46  	"rename.new.filename": "rename.file.destination.path",
    47  	"rename.new.basename": "rename.file.destination.name",
    48  
    49  	// unlink
    50  	"unlink.filename": "unlink.file.path",
    51  	"unlink.basename": "unlink.file.name",
    52  
    53  	// utimes
    54  	"utimes.filename": "utimes.file.path",
    55  	"utimes.basename": "utimes.file.name",
    56  
    57  	// link
    58  	"link.source.filename": "link.file.path",
    59  	"link.source.basename": "link.file.name",
    60  	"link.target.filename": "link.file.destination.path",
    61  	"link.target.basename": "link.file.destination.name",
    62  
    63  	// setxattr
    64  	"setxattr.filename":  "setxattr.file.path",
    65  	"setxattr.basename":  "setxattr.file.name",
    66  	"setxattr.namespace": "setxattr.file.destination.namespace",
    67  	"setxattr.name":      "setxattr.file.destination.name",
    68  
    69  	// removexattr
    70  	"removexattr.filename":  "removexattr.file.path",
    71  	"removexattr.basename":  "removexattr.file.name",
    72  	"removexattr.namespace": "removexattr.file.destination.namespace",
    73  	"removexattr.name":      "removexattr.file.destination.name",
    74  
    75  	// exec
    76  	"exec.filename":         "exec.file.path",
    77  	"exec.overlay_numlower": "exec.file.overlay_numlower",
    78  	"exec.basename":         "exec.file.name",
    79  	"exec.name":             "exec.comm",
    80  
    81  	// process
    82  	"process.filename":           "process.file.path",
    83  	"process.basename":           "process.file.name",
    84  	"process.name":               "process.comm",
    85  	"process.ancestors.filename": "process.ancestors.file.path",
    86  	"process.ancestors.basename": "process.ancestors.file.name",
    87  	"process.ancestors.name":     "process.ancestors.comm",
    88  }