Merge pull request kubearmor#1932 from rksharma95/fix-empty-process-name

fix(monitor): handle logs with process name empty
Aryan-sharma11 · Jan 15, 2025 · a82efe7 · a82efe7
2 parents 3d4164d + aefd287
commit a82efe7
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/KubeArmor/monitor/logUpdate.go b/KubeArmor/monitor/logUpdate.go
@@ -524,6 +524,29 @@ func (mon *SystemMonitor) UpdateLogs() {
 				continue
 			}
 
+			if log.ProcessName == "" {
+				switch log.Operation {
+				case "Process":
+					if log.Resource != "" {
+						if res := strings.Split(log.Resource, " "); len(res) > 0 {
+							log.ProcessName = res[0]
+						}
+					} else {
+						mon.Logger.Debug("Dropping Process Event with empty processName and Resource")
+						continue
+					}
+				case "Network", "File":
+					if log.Source != "" {
+						if src := strings.Split(log.Source, " "); len(src) > 0 {
+							log.ProcessName = src[0]
+						}
+					} else {
+						mon.Logger.Debugf("Dropping %s Event with empty processName and Source", log.Operation)
+						continue
+					}
+				}
+			}
+
 			// fallback logic: in case we get relative path in log.Resource then we join cwd + resource to get pull path
 			if !strings.HasPrefix(strings.Split(log.Resource, " ")[0], "/") && log.Cwd != "/" {
 				log.Resource = filepath.Join(log.Cwd, log.Resource)