From 192ee0ffdf06f8cb09723f6fdb9f07eb6462afe8 Mon Sep 17 00:00:00 2001
From: Kevin Conner <kev.conner@getupcloud.com>
Date: Thu, 14 Nov 2024 18:47:23 -0700
Subject: [PATCH] Add CEL filter to the CLI, fixes #3112

Signed-off-by: Kevin Conner <kev.conner@getupcloud.com>
---
 pkg/filters/filters.go      | 1 +
 pkg/filters/filters_test.go | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/filters/filters.go b/pkg/filters/filters.go
index 648f7457b02..f7090bba7f4 100644
--- a/pkg/filters/filters.go
+++ b/pkg/filters/filters.go
@@ -95,6 +95,7 @@ var Filters = []OnBuildFilter{
 	&PodRegexFilter{},
 	&PolicyNamesFilter{},
 	&CapsFilter{},
+	&CELExpressionFilter{},
 }
 
 func GetProcess(event *v1.Event) *tetragon.Process {
diff --git a/pkg/filters/filters_test.go b/pkg/filters/filters_test.go
index b8d66e1d537..2d903403dc4 100644
--- a/pkg/filters/filters_test.go
+++ b/pkg/filters/filters_test.go
@@ -33,7 +33,8 @@ func TestParseFilterList(t *testing.T) {
 {"pid_set":[1]}
 {"event_set":["PROCESS_EXEC", "PROCESS_EXIT", "PROCESS_KPROBE", "PROCESS_TRACEPOINT"]}
 {"arguments_regex":["^--version$","^-a -b -c$"]}
-{"capabilities": {"effective": {"all": ["CAP_BPF", "CAP_SYS_ADMIN"]}}}`
+{"capabilities": {"effective": {"all": ["CAP_BPF", "CAP_SYS_ADMIN"]}}}
+{"cel_expression": ["process_exec.process.bad_field_name == 'curl'"]}`
 	filterProto, err := ParseFilterList(f, true)
 	assert.NoError(t, err)
 	if diff := cmp.Diff(
@@ -50,6 +51,7 @@ func TestParseFilterList(t *testing.T) {
 					All: []tetragon.CapabilitiesType{tetragon.CapabilitiesType_CAP_BPF, tetragon.CapabilitiesType_CAP_SYS_ADMIN},
 				},
 			}},
+			{CelExpression: []string{"process_exec.process.bad_field_name == 'curl'"}},
 		},
 		filterProto,
 		cmpopts.IgnoreUnexported(tetragon.Filter{}),