[CWS] fix rule_actions field type (#23234)

[CWS] fix rule_actions field type
DataDog · Feb 28, 2024 · 2bda4a3 · 2bda4a3
1 parent 7c218cb
commit 2bda4a3
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 77 deletions.
diff --git a/pkg/security/events/event.go b/pkg/security/events/event.go
@@ -18,15 +18,15 @@ import (
 // AgentContext serializes the agent context to JSON
 // easyjson:json
 type AgentContext struct {
-	RuleID        string                       `json:"rule_id"`
-	RuleVersion   string                       `json:"rule_version,omitempty"`
-	RuleActions   map[string][]json.RawMessage `json:"rule_actions,omitempty"`
-	PolicyName    string                       `json:"policy_name,omitempty"`
-	PolicyVersion string                       `json:"policy_version,omitempty"`
-	Version       string                       `json:"version,omitempty"`
-	OS            string                       `json:"os,omitempty"`
-	Arch          string                       `json:"arch,omitempty"`
-	Origin        string                       `json:"origin,omitempty"`
+	RuleID        string            `json:"rule_id"`
+	RuleVersion   string            `json:"rule_version,omitempty"`
+	RuleActions   []json.RawMessage `json:"rule_actions,omitempty"`
+	PolicyName    string            `json:"policy_name,omitempty"`
+	PolicyVersion string            `json:"policy_version,omitempty"`
+	Version       string            `json:"version,omitempty"`
+	OS            string            `json:"os,omitempty"`
+	Arch          string            `json:"arch,omitempty"`
+	Origin        string            `json:"origin,omitempty"`
 }
 
 // BackendEvent - Rule event wrapper used to send an event to the backend

diff --git a/pkg/security/events/event_easyjson.go b/pkg/security/events/event_easyjson.go
diff --git a/pkg/security/module/server.go b/pkg/security/module/server.go
@@ -56,16 +56,12 @@ type pendingMsg struct {
 }
 
 func (p *pendingMsg) ToJSON() ([]byte, error) {
-	if len(p.actionReports) > 0 {
-		p.backendEvent.RuleActions = make(map[string][]json.RawMessage)
-	}
 	for _, report := range p.actionReports {
 		data, err := report.ToJSON()
 		if err != nil {
 			return nil, err
 		}
-		actionType := report.Type()
-		p.backendEvent.RuleActions[actionType] = append(p.backendEvent.RuleActions[actionType], data)
+		p.backendEvent.RuleActions = append(p.backendEvent.RuleActions, data)
 	}
 
 	backendEventJSON, err := easyjson.Marshal(p.backendEvent)

diff --git a/pkg/security/probe/actions.go b/pkg/security/probe/actions.go
@@ -12,7 +12,6 @@ package probe
 
 import (
 	"errors"
-	"fmt"
 	"sync"
 	"time"
 
@@ -75,10 +74,3 @@ func (k *KillActionReport) ToJSON() ([]byte, error) {
 
 	return utils.MarshalEasyJSON(jk)
 }
-
-// Type returns the type of the action report
-func (k *KillActionReport) Type() string {
-	k.RLock()
-	defer k.RUnlock()
-	return fmt.Sprintf("%s_%s", rules.KillAction, k.Scope)
-}
diff --git a/pkg/security/secl/model/model.go b/pkg/security/secl/model/model.go
@@ -313,7 +313,6 @@ type MatchedRule struct {
 
 // ActionReport defines an action report
 type ActionReport interface {
-	Type() string
 	ToJSON() ([]byte, error)
 }