Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hooked_proc_fops: remove redundant struct check and handle null pointer #2303

Merged
merged 1 commit into from
Oct 25, 2022
Merged

hooked_proc_fops: remove redundant struct check and handle null pointer #2303

merged 1 commit into from
Oct 25, 2022

Conversation

AsafEitani
Copy link
Contributor

Initial Checklist

  • There is an issue describing the need for this PR.
  • Git log contains summary of the change.
  • Git log contains motivation and context of the change.
  • If part of an EPIC, PR git log contains EPIC number.
  • If part of an EPIC, PR was added to EPIC description.

Description (git log)

commit 7b9e6f3 (HEAD -> fix_fops, origin/fix_fops)
Author: AsafEitani eitaniasaf@gmail.com
Date: Tue Oct 25 17:22:16 2022 +0300

hooked_proc_fops: remove redundant struct check and handle null pointer

Fixes: #2300

Type of change

  • Bug fix (non-breaking change fixing an issue, preferable).
  • Quick fix (minor non-breaking change requiring no issue, use with care)
  • Code refactor (code improvement and/or code removal)
  • New feature (non-breaking change adding functionality).
  • Breaking change (cause existing functionality not to work as expected).

How Has This Been Tested?

Tests being included in this PR:

  • Tested on Ubuntu (where the bug wasn't reproduced to ensure that the detection still works)
  • Tested on GKE to make sure that it solved the issue

Final Checklist:

Pick "Bug Fix" or "Feature", delete the other and mark appropriate checks.

  • I have made corresponding changes to the documentation.
  • My code follows the style guidelines (C and Go) of this project.
  • I have performed a self-review of my own code.
  • I have commented all functions/methods created explaining what they do.
  • I have commented my code, particularly in hard-to-understand areas.
  • My changes generate no new warnings.
  • I have added tests that prove my fix, or feature, is effective.
  • New and existing unit tests pass locally with my changes.
  • Any dependent changes have been merged and published before.

@AsafEitani AsafEitani self-assigned this Oct 25, 2022
AlonZivony
AlonZivony requested changes Oct 25, 2022
View reviewed changes
Copy link
Collaborator

@AlonZivony AlonZivony left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems good to me except for the size of array passed.

pkg/ebpf/c/tracee.bpf.c Outdated Show resolved Hide resolved
yanivagman
yanivagman approved these changes Oct 25, 2022
View reviewed changes
Copy link
Collaborator

@yanivagman yanivagman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yanivagman yanivagman merged commit 537fe6c into aquasecurity:main Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlonZivony AlonZivony AlonZivony requested changes

@yanivagman yanivagman yanivagman approved these changes

Assignees

@AsafEitani AsafEitani

Labels
area/ebpf kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] False positive with hooked_proc_fops event on GKE
3 participants
@AsafEitani @yanivagman @AlonZivony