[CWS] Remove connect.server.* secl field aliases (#31218)

docs/cloud-workload-security/linux_expressions.md

@@ -524,10 +524,6 @@ A connect was executed
 | [`connect.addr.is_public`](#common-ipportcontext-is_public-doc) | Whether the IP address belongs to a public network |
 | [`connect.addr.port`](#common-ipportcontext-port-doc) | Port number |
 | [`connect.retval`](#common-syscallevent-retval-doc) | Return value of the syscall |
-| [`connect.server.addr.family`](#connect-server-addr-family-doc) | Server address family |
-| [`connect.server.addr.ip`](#common-ipportcontext-ip-doc) | IP address |
-| [`connect.server.addr.is_public`](#common-ipportcontext-is_public-doc) | Whether the IP address belongs to a public network |
-| [`connect.server.addr.port`](#common-ipportcontext-port-doc) | Port number |
 
 ### Event `dns`
 
@@ -2144,8 +2140,8 @@ Type: IP/CIDR
 
 Definition: IP address
 
-`*.ip` has 7 possible prefixes:
-`bind.addr` `connect.addr` `connect.server.addr` `network.destination` `network.source` `packet.destination` `packet.source`
+`*.ip` has 6 possible prefixes:
+`bind.addr` `connect.addr` `network.destination` `network.source` `packet.destination` `packet.source`
 
 
 ### `*.is_exec` {#common-process-is_exec-doc}
@@ -2171,8 +2167,8 @@ Type: bool
 
 Definition: Whether the IP address belongs to a public network
 
-`*.is_public` has 7 possible prefixes:
-`bind.addr` `connect.addr` `connect.server.addr` `network.destination` `network.source` `packet.destination` `packet.source`
+`*.is_public` has 6 possible prefixes:
+`bind.addr` `connect.addr` `network.destination` `network.source` `packet.destination` `packet.source`
 
 
 ### `*.is_thread` {#common-process-is_thread-doc}
@@ -2368,8 +2364,8 @@ Type: int
 
 Definition: Port number
 
-`*.port` has 7 possible prefixes:
-`bind.addr` `connect.addr` `connect.server.addr` `network.destination` `network.source` `packet.destination` `packet.source`
+`*.port` has 6 possible prefixes:
+`bind.addr` `connect.addr` `network.destination` `network.source` `packet.destination` `packet.source`
 
 
 ### `*.ppid` {#common-process-ppid-doc}
@@ -2672,13 +2668,6 @@ Definition: Address family
 
 
 
-### `connect.server.addr.family` {#connect-server-addr-family-doc}
-Type: int
-
-Definition: Server address family
-
-
-
 ### `container.created_at` {#container-created_at-doc}
 Type: int
 

docs/cloud-workload-security/secl_linux.json

@@ -1839,26 +1839,6 @@
           "name": "connect.retval",
           "definition": "Return value of the syscall",
           "property_doc_link": "common-syscallevent-retval-doc"
-        },
-        {
-          "name": "connect.server.addr.family",
-          "definition": "Server address family",
-          "property_doc_link": "connect-server-addr-family-doc"
-        },
-        {
-          "name": "connect.server.addr.ip",
-          "definition": "IP address",
-          "property_doc_link": "common-ipportcontext-ip-doc"
-        },
-        {
-          "name": "connect.server.addr.is_public",
-          "definition": "Whether the IP address belongs to a public network",
-          "property_doc_link": "common-ipportcontext-is_public-doc"
-        },
-        {
-          "name": "connect.server.addr.port",
-          "definition": "Port number",
-          "property_doc_link": "common-ipportcontext-port-doc"
         }
       ]
     },
@@ -8370,7 +8350,6 @@
       "prefixes": [
         "bind.addr",
         "connect.addr",
-        "connect.server.addr",
         "network.destination",
         "network.source",
         "packet.destination",
@@ -8432,7 +8411,6 @@
       "prefixes": [
         "bind.addr",
         "connect.addr",
-        "connect.server.addr",
         "network.destination",
         "network.source",
         "packet.destination",
@@ -9128,7 +9106,6 @@
       "prefixes": [
         "bind.addr",
         "connect.addr",
-        "connect.server.addr",
         "network.destination",
         "network.source",
         "packet.destination",
@@ -9738,18 +9715,6 @@
       "constants_link": "",
       "examples": []
     },
-    {
-      "name": "connect.server.addr.family",
-      "link": "connect-server-addr-family-doc",
-      "type": "int",
-      "definition": "Server address family",
-      "prefixes": [
-        "connect"
-      ],
-      "constants": "",
-      "constants_link": "",
-      "examples": []
-    },
     {
       "name": "container.created_at",
       "link": "container-created_at-doc",

pkg/security/secl/model/model_unix.go

@@ -645,8 +645,9 @@ type BindEvent struct {
 // ConnectEvent represents a connect event
 type ConnectEvent struct {
 	SyscallEvent
-	Addr       IPPortContext `field:"addr;server.addr"`               // Connection address
-	AddrFamily uint16        `field:"addr.family;server.addr.family"` // SECLDoc[addr.family] Definition:`Address family` SECLDoc[server.addr.family] Definition:`Server address family`
+
+	Addr       IPPortContext `field:"addr"`        // Connection address
+	AddrFamily uint16        `field:"addr.family"` // SECLDoc[addr.family] Definition:`Address family`
 }
 
 // NetDevice represents a network device

pkg/security/tests/connect_test.go

@@ -30,11 +30,11 @@ func TestConnectEvent(t *testing.T) {
 	ruleDefs := []*rules.RuleDefinition{
 		{
 			ID:         "test_connect_af_inet",
-			Expression: `connect.server.addr.family == AF_INET && process.file.name == "syscall_tester"`,
+			Expression: `connect.addr.family == AF_INET && process.file.name == "syscall_tester"`,
 		},
 		{
 			ID:         "test_connect_af_inet6",
-			Expression: `connect.server.addr.family == AF_INET6 && process.file.name == "syscall_tester"`,
+			Expression: `connect.addr.family == AF_INET6 && process.file.name == "syscall_tester"`,
 		},
 	}