From 8cd0f0961f61cb47f846b7b8dc37b82353e9e4af Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 24 Oct 2023 09:37:17 -0400 Subject: [PATCH] auditbeat/module - docs and comment nits Really minor fixes to docs and comments in auditbeat/modules. As I was reading the code I was applying some changes, so I figured I should contribute them. --- auditbeat/module/auditd/audit_linux.go | 2 +- .../module/file_integrity/_meta/docs.asciidoc | 2 +- auditbeat/module/file_integrity/action.go | 2 +- auditbeat/module/file_integrity/config.go | 4 ++-- auditbeat/module/file_integrity/event.go | 8 +++---- .../module/file_integrity/file_parsers.go | 2 +- .../file_integrity/fileorigin_darwin.go | 24 ++++++++++--------- auditbeat/module/file_integrity/metricset.go | 2 +- 8 files changed, 24 insertions(+), 22 deletions(-) diff --git a/auditbeat/module/auditd/audit_linux.go b/auditbeat/module/auditd/audit_linux.go index baff3363bed0..1e4510a5ad70 100644 --- a/auditbeat/module/auditd/audit_linux.go +++ b/auditbeat/module/auditd/audit_linux.go @@ -980,7 +980,7 @@ func determineSocketType(c *Config, log *logp.Logger) (string, error) { return "", fmt.Errorf("failed to create audit client: %w", err) } // Ignore errors if a socket type has been specified. It will fail during - // further setup and its necessary for unit tests to pass + // further setup and is necessary for unit tests to pass. return c.SocketType, nil } defer client.Close() diff --git a/auditbeat/module/file_integrity/_meta/docs.asciidoc b/auditbeat/module/file_integrity/_meta/docs.asciidoc index 3c537a280918..0f32ef64f930 100644 --- a/auditbeat/module/file_integrity/_meta/docs.asciidoc +++ b/auditbeat/module/file_integrity/_meta/docs.asciidoc @@ -114,7 +114,7 @@ units are `b` (default), `kib`, `kb`, `mib`, `mb`, `gib`, `gb`, `tib`, `tb`, *`max_file_size`*:: The maximum size of a file in bytes for which {beatname_uc} will compute hashes and run file parsers. Files larger than this size will not be hashed or analysed by configured file parsers. The default -value is 100 MiB. For convenience units can be specified as a suffix to the +value is 100 MiB. For convenience, units can be specified as a suffix to the value. The supported units are `b` (default), `kib`, `kb`, `mib`, `mb`, `gib`, `gb`, `tib`, `tb`, `pib`, `pb`, `eib`, and `eb`. diff --git a/auditbeat/module/file_integrity/action.go b/auditbeat/module/file_integrity/action.go index 9cfb22747af6..c0d6caabbd22 100644 --- a/auditbeat/module/file_integrity/action.go +++ b/auditbeat/module/file_integrity/action.go @@ -155,7 +155,7 @@ func (action Action) InOrder(existedBefore, existsNow bool) ActionArray { hasConfigChange := action&ConfigChange != 0 hasUpdate := action&Updated != 0 hasAttrMod := action&AttributesModified != 0 - action = Action(int(action) & int(^(ConfigChange | AttributesModified))) + action = Action(int(action) & ^(ConfigChange | AttributesModified)) if hasAttrMod { action |= Updated } diff --git a/auditbeat/module/file_integrity/config.go b/auditbeat/module/file_integrity/config.go index 1edd19d9ba0e..e431e6407667 100644 --- a/auditbeat/module/file_integrity/config.go +++ b/auditbeat/module/file_integrity/config.go @@ -91,8 +91,8 @@ type Config struct { // Validate validates the config data and return an error explaining all the // problems with the config. This method modifies the given config. func (c *Config) Validate() error { - // Resolve symlinks and make filepaths absolute if possible - // anything that does not resolve will be logged during + // Resolve symlinks and make filepaths absolute if possible. + // Anything that does not resolve will be logged during // scanning and metric set collection. for i, p := range c.Paths { p, err := filepath.EvalSymlinks(p) diff --git a/auditbeat/module/file_integrity/event.go b/auditbeat/module/file_integrity/event.go index a86130d3ec87..fd4d68828a44 100644 --- a/auditbeat/module/file_integrity/event.go +++ b/auditbeat/module/file_integrity/event.go @@ -99,7 +99,7 @@ var typeNames = map[Type]string{ SymlinkType: "symlink", } -// Digest is a output of a hash function. +// Digest is an output of a hash function. type Digest []byte // String returns the digest value in lower-case hexadecimal form. @@ -110,7 +110,7 @@ func (d Digest) String() string { // MarshalText encodes the digest to a hexadecimal representation of itself. func (d Digest) MarshalText() ([]byte, error) { return []byte(d.String()), nil } -// Event describe the filesystem change and includes metadata about the file. +// Event describes the filesystem change and includes metadata about the file. type Event struct { Timestamp time.Time `json:"timestamp"` // Time of event. Path string `json:"path"` // The path associated with the event. @@ -119,7 +119,7 @@ type Event struct { Source Source `json:"source"` // Source of the event. Action Action `json:"action"` // Action (like created, updated). Hashes map[HashType]Digest `json:"hash,omitempty"` // File hashes. - ParserResults mapstr.M `json:"file,omitempty"` // Results from runnimg file parsers. + ParserResults mapstr.M `json:"file,omitempty"` // Results from running file parsers. // Metadata rtt time.Duration // Time taken to collect the info. @@ -142,7 +142,7 @@ type Metadata struct { Mode os.FileMode `json:"mode"` // Permissions SetUID bool `json:"setuid"` // setuid bit (POSIX only) SetGID bool `json:"setgid"` // setgid bit (POSIX only) - Origin []string `json:"origin"` // External origin info for the file (MacOS only) + Origin []string `json:"origin"` // External origin info for the file (macOS only) SELinux string `json:"selinux"` // security.selinux xattr value (Linux only) POSIXACLAccess []byte `json:"posix_acl_access"` // system.posix_acl_access xattr value (Linux only) } diff --git a/auditbeat/module/file_integrity/file_parsers.go b/auditbeat/module/file_integrity/file_parsers.go index 77f6e30451e8..cb1d619f1ed2 100644 --- a/auditbeat/module/file_integrity/file_parsers.go +++ b/auditbeat/module/file_integrity/file_parsers.go @@ -23,7 +23,7 @@ import ( "github.com/elastic/elastic-agent-libs/mapstr" ) -// FileParser is a file analyser the provides enrichment for file.* fields. +// FileParser is a file analyser providing enrichment for file.* fields. type FileParser interface { Parse(dst mapstr.M, path string) error } diff --git a/auditbeat/module/file_integrity/fileorigin_darwin.go b/auditbeat/module/file_integrity/fileorigin_darwin.go index 1cf6b350d320..459951c8cda6 100644 --- a/auditbeat/module/file_integrity/fileorigin_darwin.go +++ b/auditbeat/module/file_integrity/fileorigin_darwin.go @@ -47,27 +47,29 @@ var ( ) // GetFileOrigin fetches the kMDItemWhereFroms metadata for the given path. This -// is special metadata in the filesystem that encodes information of an external -// origin of this file. It is always encoded as a list of strings, with +// is special metadata in the filesystem that encodes information about the +// external origin of this file. It is always encoded as a list of strings, with // different meanings depending on the origin: // // For files downloaded from a web browser, the first string is the URL for // the source document. The second URL (optional), is the web address where the // download link was followed: -// [ "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16", "https://www.kernel.org/" ] +// +// ["https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16", "https://www.kernel.org/"] // // For files or directories transferred via Airdrop, the origin is one string // with the name of the computer that sent the file: -// [ "Adrian's MacBook Pro" ] +// +// ["Adrian's MacBook Pro"] // // For files attached to e-mails (using Mail app), three strings are // returned: Sender address, subject and e-mail identifier: -// [ "Adrian Serrano \u003cadrian@elastic.co\u003e", -// -// "Sagrada Familia tickets", -// "message:%3CCAMZw10FD4fktC9qdJgLjwW=a8LM4gbJ44jFcaK8.BOWg1t4OwQ@elastic.co%3E" // -// ], +// [ +// "Adrian Serrano \u003cadrian@elastic.co\u003e", +// "Sagrada Familia tickets", +// "message:%3CCAMZw10FD4fktC9qdJgLjwW=a8LM4gbJ44jFcaK8.BOWg1t4OwQ@elastic.co%3E" +// ], // // For all other files the result is an empty (nil) list. func GetFileOrigin(path string) ([]string, error) { @@ -108,8 +110,8 @@ func GetFileOrigin(path string) ([]string, error) { return nil, fmt.Errorf("plist unmarshal failed: %w", err) } - // The returned list seems to be padded with empty strings when some of - // the fields are missing (i.e. no context URL). Get rid of trailing empty + // The returned list seems to be padded with empty strings when some + // fields are missing (i.e. no context URL). Get rid of trailing empty // strings: n := len(urls) for n > 0 && len(urls[n-1]) == 0 { diff --git a/auditbeat/module/file_integrity/metricset.go b/auditbeat/module/file_integrity/metricset.go index bcada27db9f4..4000231fd335 100644 --- a/auditbeat/module/file_integrity/metricset.go +++ b/auditbeat/module/file_integrity/metricset.go @@ -380,7 +380,7 @@ func store(b datastore.Bucket, e *Event) error { return nil } -// load loads an Event from the datastore. It return a nil Event if the key was +// load loads an Event from the datastore. It returns a nil Event if the key was // not found. It returns an error if there was a failure reading from the // datastore or decoding the data. func load(b datastore.Bucket, path string) (*Event, error) {