From 243b82209ab1fd7f302d7fbed30657da8f77ba01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:21:15 +0000 Subject: [PATCH 01/11] build(deps): bump google.golang.org/api from 0.138.0 to 0.139.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.138.0 to 0.139.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.138.0...v0.139.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3b90791653..c79ef29076 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/xitongsys/parquet-go v1.6.2 github.com/xitongsys/parquet-go-source v0.0.0-20230830030807-0dd610dbff1d golang.org/x/oauth2 v0.11.0 - google.golang.org/api v0.138.0 + google.golang.org/api v0.139.0 google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d k8s.io/api v0.28.1 k8s.io/apimachinery v0.28.1 diff --git a/go.sum b/go.sum index c9bfefbcd9..46c4ad57d1 100644 --- a/go.sum +++ b/go.sum @@ -1223,8 +1223,8 @@ google.golang.org/api v0.69.0/go.mod h1:boanBiw+h5c3s+tBPgEzLDRHfFLWV0qXxRHz3ws7 google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= -google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0= -google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY= +google.golang.org/api v0.139.0 h1:A1TrCPgMmOiYu0AiNkvQIpIx+D8blHTDcJ5EogkP7LI= +google.golang.org/api v0.139.0/go.mod h1:CVagp6Eekz9CjGZ718Z+sloknzkDJE7Vc1Ckj9+viBk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= From 9e51a022dae5df791f47d5c66873c8144b0b4b1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:21:03 +0000 Subject: [PATCH 02/11] build(deps): bump github.com/aws/aws-sdk-go from 1.45.2 to 1.45.6 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.45.2 to 1.45.6. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.45.2...v1.45.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c79ef29076..8cd669c295 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/DataDog/datadog-go v4.8.3+incompatible github.com/PagerDuty/go-pagerduty v1.7.0 github.com/alecthomas/kingpin/v2 v2.3.2 - github.com/aws/aws-sdk-go v1.45.2 + github.com/aws/aws-sdk-go v1.45.6 github.com/cloudevents/sdk-go/v2 v2.14.0 github.com/eclipse/paho.mqtt.golang v1.4.3 github.com/embano1/memlog v0.4.5 diff --git a/go.sum b/go.sum index 46c4ad57d1..de110f9135 100644 --- a/go.sum +++ b/go.sum @@ -184,8 +184,8 @@ github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo github.com/aws/aws-sdk-go v1.30.19/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.45.2 h1:hTong9YUklQKqzrGk3WnKABReb5R8GjbG4Y6dEQfjnk= -github.com/aws/aws-sdk-go v1.45.2/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.45.6 h1:Y2isQQBZsnO15dzUQo9YQRThtHgrV200XCH05BRHVJI= +github.com/aws/aws-sdk-go v1.45.6/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.16.2/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1/go.mod h1:n8Bs1ElDD2wJ9kCRTczA83gYbBmjSwZp3umc6zF4EeM= github.com/aws/aws-sdk-go-v2/config v1.15.3/go.mod h1:9YL3v07Xc/ohTsxFXzan9ZpFpdTOFl4X65BAKYaz8jg= From 474cd7d0c5dda41a28f96f7568b6ba3646861904 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:21:27 +0000 Subject: [PATCH 03/11] build(deps): bump cloud.google.com/go/storage from 1.32.0 to 1.33.0 Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.32.0 to 1.33.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.32.0...pubsub/v1.33.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8cd669c295..87ef55eb5e 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( cloud.google.com/go/functions v1.15.1 cloud.google.com/go/pubsub v1.33.0 - cloud.google.com/go/storage v1.32.0 + cloud.google.com/go/storage v1.33.0 github.com/Azure/azure-event-hubs-go/v3 v3.6.1 github.com/DataDog/datadog-go v4.8.3+incompatible github.com/PagerDuty/go-pagerduty v1.7.0 diff --git a/go.sum b/go.sum index de110f9135..15d97cc7f1 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.21.0/go.mod h1:XmRlxkgPjlBONznT2dDUU/5XlpU2OjMnKuqnZI01LAA= -cloud.google.com/go/storage v1.32.0 h1:5w6DxEGOnktmJHarxAOUywxVW9lbNWIzlzzUltG/3+o= -cloud.google.com/go/storage v1.32.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8= +cloud.google.com/go/storage v1.33.0 h1:PVrDOkIC8qQVa1P3SXGpQvfuJhN2LHOoyZvWs8D2X5M= +cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM= contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= From bbf3af0b86d072f20d8ff8c23ca0af1062522d71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:21:33 +0000 Subject: [PATCH 04/11] build(deps): bump github.com/emersion/go-smtp from 0.18.0 to 0.18.1 Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.18.0 to 0.18.1. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.18.0...v0.18.1) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 87ef55eb5e..8bf46e1178 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/eclipse/paho.mqtt.golang v1.4.3 github.com/embano1/memlog v0.4.5 github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead - github.com/emersion/go-smtp v0.18.0 + github.com/emersion/go-smtp v0.18.1 github.com/google/uuid v1.3.1 github.com/googleapis/gax-go/v2 v2.12.0 github.com/jackc/pgx/v5 v5.4.3 diff --git a/go.sum b/go.sum index 15d97cc7f1..327864b7ab 100644 --- a/go.sum +++ b/go.sum @@ -269,8 +269,8 @@ github.com/embano1/memlog v0.4.5/go.mod h1:7uN1Nv5QilpClPjWuT4dXQ35mzRCrpH3GGrGg github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ= github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead h1:fI1Jck0vUrXT8bnphprS1EoVRe2Q5CKCX8iDlpqjQ/Y= github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ= -github.com/emersion/go-smtp v0.18.0 h1:lrVQqB0JdxYjC8CsBt55pSwB756bRRN6vK0DSr0pXfM= -github.com/emersion/go-smtp v0.18.0/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ= +github.com/emersion/go-smtp v0.18.1 h1:4DFV0jxKhq0Gqt/Br3BRHyKZy5TStk6NIMHAx6GE/LA= +github.com/emersion/go-smtp v0.18.1/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= From df6de746181086f5a389c054dd50501e53bcce54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:55:18 +0000 Subject: [PATCH 05/11] build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/3fa32b8bb5620a2c1afe798654bbad59f9da4906...5fdedb94abba051217030cc86d4523cf3f02243d) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image.yml | 2 +- .github/workflows/push-main.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 72a5488116..efa5aab405 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -25,7 +25,7 @@ jobs: - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3 - - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + - uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 with: install-only: true diff --git a/.github/workflows/push-main.yml b/.github/workflows/push-main.yml index 415441d264..2031e31341 100644 --- a/.github/workflows/push-main.yml +++ b/.github/workflows/push-main.yml @@ -32,7 +32,7 @@ jobs: - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3 - - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + - uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 with: install-only: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b2e6489e49..26f1a74ebe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,7 +68,7 @@ jobs: - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 with: version: latest args: release --clean --timeout 120m From 8974e6c168650d95fd2f981f9003a456371d2c92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:55:15 +0000 Subject: [PATCH 06/11] build(deps): bump aws-actions/configure-aws-credentials Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/04b98b3f9e85f563fb061be8751a0352327246b0...50ac8dd1e1b10d09dac7b8727528b91bed831ac0) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/push-main.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-main.yml b/.github/workflows/push-main.yml index 2031e31341..9e2d813ecf 100644 --- a/.github/workflows/push-main.yml +++ b/.github/workflows/push-main.yml @@ -63,7 +63,7 @@ jobs: # Push images to AWS Public ECR - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1 + uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2 with: role-to-assume: arn:aws:iam::292999226676:role/github_actions-falcosidekick-ecr aws-region: us-east-1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 26f1a74ebe..344968d112 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,7 @@ jobs: # Push images to AWS Public ECR - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1 + uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2 with: role-to-assume: arn:aws:iam::292999226676:role/github_actions-falcosidekick-ecr aws-region: us-east-1 From 0960c4c0bf1233766007e2fc7d9522b26a26af14 Mon Sep 17 00:00:00 2001 From: Mario Kahlhofer Date: Mon, 11 Sep 2023 15:49:25 +0200 Subject: [PATCH 07/11] fix(dynatrace): [TR-1706] Correct Falco output name container.image, k8s.ns.name and Dynatrace field name k8s.pod.uid Signed-off-by: Mario Kahlhofer --- outputs/dynatrace.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/outputs/dynatrace.go b/outputs/dynatrace.go index 26ca897331..96762c39f9 100644 --- a/outputs/dynatrace.go +++ b/outputs/dynatrace.go @@ -28,7 +28,7 @@ type dtLogMessage struct { ContainerImageName string `json:"container.image.name,omitempty"` K8sNamespaceName string `json:"k8s.namespace.name,omitempty"` K8sPodName string `json:"k8s.pod.name,omitempty"` - K8sPodId string `json:"k8s.pod.id,omitempty"` + K8sPodUid string `json:"k8s.pod.uid,omitempty"` ProcessExecutableName string `json:"process.executable.name,omitempty"` SpanId string `json:"span.id,omitempty"` } @@ -71,14 +71,14 @@ func newDynatracePayload(falcopayload types.FalcoPayload) dtPayload { message.ContainerId = val.(string) case "container.name": message.ContainerName = val.(string) - case "container.image.name": + case "container.image": message.ContainerImageName = val.(string) - case "k8s.namespace.name", "ka.target.namespace": + case "k8s.ns.name", "ka.target.namespace": message.K8sNamespaceName = val.(string) case "k8s.pod.name": message.K8sPodName = val.(string) case "k8s.pod.id": - message.K8sPodId = val.(string) + message.K8sPodUid = val.(string) case "proc.name": message.ProcessExecutableName = val.(string) case "span.id": From afc415a55e5cd1507bf92400094138e6f959ff37 Mon Sep 17 00:00:00 2001 From: Mario Kahlhofer Date: Mon, 11 Sep 2023 15:50:49 +0200 Subject: [PATCH 08/11] fix(dynatrace): [TR-1706] Check for nil when parsing output fields and parse span.id Signed-off-by: Mario Kahlhofer --- outputs/dynatrace.go | 47 +++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/outputs/dynatrace.go b/outputs/dynatrace.go index 96762c39f9..24bba3ebdc 100644 --- a/outputs/dynatrace.go +++ b/outputs/dynatrace.go @@ -3,6 +3,7 @@ package outputs import ( "log" "regexp" + "strconv" "time" "github.com/falcosecurity/falcosidekick/types" @@ -65,26 +66,32 @@ func newDynatracePayload(falcopayload types.FalcoPayload) dtPayload { } // possibly map a few fields to semantic attributes - for fcKey, val := range falcopayload.OutputFields { - switch fcKey { - case "container.id": - message.ContainerId = val.(string) - case "container.name": - message.ContainerName = val.(string) - case "container.image": - message.ContainerImageName = val.(string) - case "k8s.ns.name", "ka.target.namespace": - message.K8sNamespaceName = val.(string) - case "k8s.pod.name": - message.K8sPodName = val.(string) - case "k8s.pod.id": - message.K8sPodUid = val.(string) - case "proc.name": - message.ProcessExecutableName = val.(string) - case "span.id": - message.SpanId = val.(string) - default: - continue + if falcopayload.OutputFields != nil { + for fcKey, val := range falcopayload.OutputFields { + if val == nil { + continue + } + + switch fcKey { + case "container.id": + message.ContainerId = val.(string) + case "container.name": + message.ContainerName = val.(string) + case "container.image": + message.ContainerImageName = val.(string) + case "k8s.ns.name", "ka.target.namespace": + message.K8sNamespaceName = val.(string) + case "k8s.pod.name": + message.K8sPodName = val.(string) + case "k8s.pod.id": + message.K8sPodUid = val.(string) + case "proc.name": + message.ProcessExecutableName = val.(string) + case "span.id": + message.SpanId = strconv.Itoa(val.(int)) + default: + continue + } } } From 19e864fb9cfc417c0dfae0aa3ab20b84837c8238 Mon Sep 17 00:00:00 2001 From: Mario Kahlhofer Date: Mon, 11 Sep 2023 21:31:21 +0200 Subject: [PATCH 09/11] test(dynatrace): [TR-1706] Add unit tests for the Dynatrace output Signed-off-by: Mario Kahlhofer --- outputs/dynatrace_test.go | 106 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 outputs/dynatrace_test.go diff --git a/outputs/dynatrace_test.go b/outputs/dynatrace_test.go new file mode 100644 index 0000000000..9d16fdecd7 --- /dev/null +++ b/outputs/dynatrace_test.go @@ -0,0 +1,106 @@ +package outputs + +import ( + "encoding/json" + "strconv" + "testing" + + "github.com/falcosecurity/falcosidekick/types" + + "github.com/stretchr/testify/require" +) + +func TestNewDynatracePayload(t *testing.T) { + expectedOutput := dtPayload{ + Payload: []dtLogMessage{ + { + Timestamp: "2001-01-01T01:10:00Z", + EventName: "Test rule", + EventProvider: "Falco", + Severity: "Debug", + HostName: "test-host", + LogSource: "syscalls", + Content: dtLogContent{ + Output: "This is a test from falcosidekick", + OutputFields: map[string]interface{}{ + "proc.name": "falcosidekick", + "proc.tty": float64(1234), + }, + Tags: []string{"test", "example"}, + }, + ProcessExecutableName: "falcosidekick", + }, + }, + } + + var f types.FalcoPayload + require.Nil(t, json.Unmarshal([]byte(falcoTestInput), &f)) + + output := newDynatracePayload(f) + require.Equal(t, output, expectedOutput) +} + +func TestNewDynatracePayloadWithExtraOutputFields(t *testing.T) { + const ContainerId = "77d156711504" + const ContainerName = "hello-world" + const ContainerImageName = "falcosecurity/falco:latest" + const K8sNamespaceName = "falco" + const K8sPodName = "falco-khx2g" + const ProcessExecutableName = "falcosidekick" + const SpanId = 1337 + const MitreTechnique = "T1059" + const MitreTactic = "mitre_execution" + + expectedOutput := dtPayload{ + Payload: []dtLogMessage{ + { + Timestamp: "2001-01-01T01:10:00Z", + EventName: "Test rule", + EventProvider: "Falco", + Severity: "Debug", + HostName: "test-host", + LogSource: "syscalls", + Content: dtLogContent{ + Output: "This is a test from falcosidekick", + OutputFields: map[string]interface{}{ + "container.id": ContainerId, + "container.name": ContainerName, + "container.image": ContainerImageName, + "k8s.ns.name": K8sNamespaceName, + "k8s.pod.name": K8sPodName, + "k8s.pod.id": nil, + "proc.name": ProcessExecutableName, + "span.id": SpanId, + }, + Tags: []string{"test", "example", MitreTechnique, MitreTactic}, + }, + ContainerId: ContainerId, + ContainerName: ContainerName, + ContainerImageName: ContainerImageName, + K8sNamespaceName: K8sNamespaceName, + K8sPodName: K8sPodName, + ProcessExecutableName: ProcessExecutableName, + SpanId: strconv.Itoa(SpanId), + MitreTactic: MitreTactic, + MitreTechnique: MitreTechnique, + }, + }, + } + + var f types.FalcoPayload + require.Nil(t, json.Unmarshal([]byte(falcoTestInput), &f)) + delete(f.OutputFields, "proc.tty") + f.OutputFields["container.id"] = ContainerId + f.OutputFields["container.name"] = ContainerName + f.OutputFields["container.image"] = ContainerImageName + f.OutputFields["k8s.ns.name"] = K8sNamespaceName + f.OutputFields["k8s.pod.name"] = K8sPodName + f.OutputFields["k8s.pod.id"] = nil + f.OutputFields["proc.name"] = ProcessExecutableName + f.OutputFields["span.id"] = SpanId + f.Tags = append(f.Tags, "T1059") + f.Tags = append(f.Tags, "mitre_execution") + + output := newDynatracePayload(f) + require.Equal(t, output, expectedOutput) +} From 2a458cb07ce4d072491f8cb687ea237537f676d9 Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Mon, 11 Sep 2023 23:12:19 +0200 Subject: [PATCH 10/11] fix panic in prometheus when hostname field is missing Signed-off-by: Thomas Labarussias --- README.md | 2 +- handlers.go | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8bd72c6e4e..3d7b9b9956 100644 --- a/README.md +++ b/README.md @@ -1427,7 +1427,7 @@ The name from the table should match with the `hypertable` output configuration. Run you daemon and try (from Falco's documentation) : ```bash -curl -XPOST "http://localhost:2801/" -d'{"output":"16:31:56.746609046: Error File below a known binary directory opened for writing (user=root command=touch /bin/hack file=/bin/hack)","priority":"Error","rule":"Write below binary dir","time":"2019-05-17T15:31:56.746609046Z", "output_fields": {"evt.time":1507591916746609046,"fd.name":"/bin/hack","proc.cmdline":"touch /bin/hack","user.name":"root"}}' +curl -XPOST "http://localhost:2801/" -d'{"output":"16:31:56.746609046: Error File below a known binary directory opened for writing (user=root command=touch /bin/hack file=/bin/hack)","hostname": "localhost", "priority":"Error","rule":"Write below binary dir","time":"2019-05-17T15:31:56.746609046Z", "output_fields": {"evt.time":1507591916746609046,"fd.name":"/bin/hack","proc.cmdline":"touch /bin/hack","user.name":"root"}}' ``` You should get : diff --git a/handlers.go b/handlers.go index ca1e6671e6..97002c8746 100644 --- a/handlers.go +++ b/handlers.go @@ -136,6 +136,8 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) { promLabels := map[string]string{"rule": falcopayload.Rule, "priority": falcopayload.Priority.String(), "k8s_ns_name": kn, "k8s_pod_name": kp} if falcopayload.Hostname != "" { promLabels["hostname"] = falcopayload.Hostname + } else { + promLabels["hostname"] = "unknown" } for key, value := range config.Customfields { From 897dce4915bfab58d31adc18ca73cd442fc09385 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 15:39:46 +0000 Subject: [PATCH 11/11] build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/oauth2/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 8bf46e1178..91950fa5e4 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/wavefronthq/wavefront-sdk-go v0.14.0 github.com/xitongsys/parquet-go v1.6.2 github.com/xitongsys/parquet-go-source v0.0.0-20230830030807-0dd610dbff1d - golang.org/x/oauth2 v0.11.0 + golang.org/x/oauth2 v0.12.0 google.golang.org/api v0.139.0 google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d k8s.io/api v0.28.1 @@ -125,10 +125,10 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.25.0 // indirect - golang.org/x/crypto v0.12.0 // indirect + golang.org/x/crypto v0.13.0 // indirect golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/net v0.15.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.12.0 // indirect golang.org/x/term v0.12.0 // indirect diff --git a/go.sum b/go.sum index 327864b7ab..ca1b8e7dd0 100644 --- a/go.sum +++ b/go.sum @@ -823,8 +823,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -934,8 +934,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -956,8 +956,8 @@ golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=