From 00f71ab983d7ec7fa908cf975fee38340ae8b78b Mon Sep 17 00:00:00 2001
From: Jose Donizetti <jdbjunior@gmail.com>
Date: Wed, 28 Jun 2023 08:05:48 -0300
Subject: [PATCH] fix: derived event not triggering if base filtered

---
 pkg/ebpf/events_pipeline.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/ebpf/events_pipeline.go b/pkg/ebpf/events_pipeline.go
index 9b8308a4242a..369d42eb90b7 100644
--- a/pkg/ebpf/events_pipeline.go
+++ b/pkg/ebpf/events_pipeline.go
@@ -510,16 +510,16 @@ func (t *Tracee) deriveEvents(ctx context.Context, in <-chan *trace.Event) (
 					t.handleError(err)
 				}
 
-				for i, derivative := range derivatives {
+				for i := range derivatives {
 					// Skip events that dont work with filtering due to missing types being handled.
 					// https://github.com/aquasecurity/tracee/issues/2486
-					switch events.ID(derivative.EventID) {
+					switch events.ID(derivatives[i].EventID) {
 					case events.SymbolsLoaded:
 					case events.SharedObjectLoaded:
 					case events.PrintMemDump:
 					default:
 						// Derived events might need filtering as well
-						if t.matchPolicies(&derivative) == 0 {
+						if t.matchPolicies(&derivatives[i]) == 0 {
 							_ = t.stats.EventsFiltered.Increment()
 							continue
 						}