From baf311c42c99e4ab06f7c436aad90b8fde4a2963 Mon Sep 17 00:00:00 2001 From: anoop-sysd <31664950+anoop-sysd@users.noreply.github.com> Date: Fri, 24 May 2019 16:51:55 -0700 Subject: [PATCH] fix handling of container metadata in "infra" events [SMAGENT-1647] (#1418) * fix handling of container metadata in "infra" events. * address review comments. look for "sha256" instead. --- userspace/libsinsp/filterchecks.cpp | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/userspace/libsinsp/filterchecks.cpp b/userspace/libsinsp/filterchecks.cpp index 82887f49f9..7912ffcc69 100644 --- a/userspace/libsinsp/filterchecks.cpp +++ b/userspace/libsinsp/filterchecks.cpp @@ -4442,12 +4442,16 @@ uint8_t* sinsp_filter_check_event::extract(sinsp_evt *evt, OUT uint32_t* len, bo vector subelements = sinsp_split(e, ':'); ASSERT(subelements.size() == 2); m_strstorage = trim(subelements[1]); + if(m_strstorage.length() > 12) + { + m_strstorage = m_strstorage.substr(0, 12); + } RETURN_EXTRACT_STRING(m_strstorage); } } else if(m_field_id == TYPE_INFRA_DOCKER_CONTAINER_NAME) { - if(e.substr(0, sizeof("Name") - 1) == "Name") + if(e.substr(0, sizeof("name") - 1) == "name") { vector subelements = sinsp_split(e, ':'); ASSERT(subelements.size() == 2); @@ -4461,7 +4465,17 @@ uint8_t* sinsp_filter_check_event::extract(sinsp_evt *evt, OUT uint32_t* len, bo { vector subelements = sinsp_split(e, ':'); ASSERT(subelements.size() == 2); - m_strstorage = trim(subelements[1]); + m_strstorage = subelements[1]; + + if(m_strstorage.find("@") != string::npos) + { + m_strstorage = m_strstorage.substr(0, m_strstorage.find("@")); + } + else if(m_strstorage.find("sha256") != string::npos) + { + m_strstorage = e.substr(e.find(":") + 1); + } + m_strstorage = trim(m_strstorage); RETURN_EXTRACT_STRING(m_strstorage); } }