elastic · andrewkroh · Oct 26, 2023 · Oct 24, 2023 · Oct 26, 2023 · Oct 26, 2023
@@ -121,7 +121,7 @@ units are `b` (default), `kib`, `kb`, `mib`, `mb`, `gib`, `gb`, `tib`, `tb`,
 *`max_file_size`*:: The maximum size of a file in bytes for which
 {beatname_uc} will compute hashes and run file parsers. Files larger than this
 size will not be hashed or analysed by configured file parsers. The default
-value is 100 MiB. For convenience units can be specified as a suffix to the
+value is 100 MiB. For convenience, units can be specified as a suffix to the
 value. The supported units are `b` (default), `kib`, `kb`, `mib`, `mb`, `gib`,
 `gb`, `tib`, `tb`, `pib`, `pb`, `eib`, and `eb`.
 

@@ -979,8 +979,7 @@ func determineSocketType(c *Config, log *logp.Logger) (string, error) {
 		if c.SocketType == "" {
 			return "", fmt.Errorf("failed to create audit client: %w", err)
 		}
-		// Ignore errors if a socket type has been specified. It will fail during
-		// further setup and its necessary for unit tests to pass
+		// Ignore errors if a socket type has been specified.
 		return c.SocketType, nil
 	}
 	defer client.Close()

@@ -114,7 +114,7 @@ units are `b` (default), `kib`, `kb`, `mib`, `mb`, `gib`, `gb`, `tib`, `tb`,
 *`max_file_size`*:: The maximum size of a file in bytes for which
 {beatname_uc} will compute hashes and run file parsers. Files larger than this
 size will not be hashed or analysed by configured file parsers. The default
-value is 100 MiB. For convenience units can be specified as a suffix to the
+value is 100 MiB. For convenience, units can be specified as a suffix to the
 value. The supported units are `b` (default), `kib`, `kb`, `mib`, `mb`, `gib`,
 `gb`, `tib`, `tb`, `pib`, `pb`, `eib`, and `eb`.
 

@@ -155,7 +155,7 @@ func (action Action) InOrder(existedBefore, existsNow bool) ActionArray {
 	hasConfigChange := action&ConfigChange != 0
 	hasUpdate := action&Updated != 0
 	hasAttrMod := action&AttributesModified != 0
-	action = Action(int(action) & int(^(ConfigChange | AttributesModified)))
+	action = Action(int(action) &^ (ConfigChange | AttributesModified))
 	if hasAttrMod {
 		action |= Updated
 	}

@@ -91,8 +91,8 @@ type Config struct {
 // Validate validates the config data and return an error explaining all the
 // problems with the config. This method modifies the given config.
 func (c *Config) Validate() error {
-	// Resolve symlinks and make filepaths absolute if possible
-	// anything that does not resolve will be logged during
+	// Resolve symlinks and make filepaths absolute if possible.
+	// Anything that does not resolve will be logged during
 	// scanning and metric set collection.
 	for i, p := range c.Paths {
 		p, err := filepath.EvalSymlinks(p)

@@ -99,7 +99,7 @@ var typeNames = map[Type]string{
 	SymlinkType: "symlink",
 }
 
-// Digest is a output of a hash function.
+// Digest is an output of a hash function.
 type Digest []byte
 
 // String returns the digest value in lower-case hexadecimal form.
@@ -110,7 +110,7 @@ func (d Digest) String() string {
 // MarshalText encodes the digest to a hexadecimal representation of itself.
 func (d Digest) MarshalText() ([]byte, error) { return []byte(d.String()), nil }
 
-// Event describe the filesystem change and includes metadata about the file.
+// Event describes the filesystem change and includes metadata about the file.
 type Event struct {
 	Timestamp     time.Time           `json:"timestamp"`             // Time of event.
 	Path          string              `json:"path"`                  // The path associated with the event.
@@ -119,7 +119,7 @@ type Event struct {
 	Source        Source              `json:"source"`                // Source of the event.
 	Action        Action              `json:"action"`                // Action (like created, updated).
 	Hashes        map[HashType]Digest `json:"hash,omitempty"`        // File hashes.
-	ParserResults mapstr.M            `json:"file,omitempty"`        // Results from runnimg file parsers.
+	ParserResults mapstr.M            `json:"file,omitempty"`        // Results from running file parsers.
 
 	// Metadata
 	rtt        time.Duration // Time taken to collect the info.
@@ -142,7 +142,7 @@ type Metadata struct {
 	Mode           os.FileMode `json:"mode"`             // Permissions
 	SetUID         bool        `json:"setuid"`           // setuid bit (POSIX only)
 	SetGID         bool        `json:"setgid"`           // setgid bit (POSIX only)
-	Origin         []string    `json:"origin"`           // External origin info for the file (MacOS only)
+	Origin         []string    `json:"origin"`           // External origin info for the file (macOS only)
 	SELinux        string      `json:"selinux"`          // security.selinux xattr value (Linux only)
 	POSIXACLAccess []byte      `json:"posix_acl_access"` // system.posix_acl_access xattr value (Linux only)
 }

@@ -23,7 +23,7 @@ import (
 	"github.com/elastic/elastic-agent-libs/mapstr"
 )
 
-// FileParser is a file analyser the provides enrichment for file.* fields.
+// FileParser is a file analyser providing enrichment for file.* fields.
 type FileParser interface {
 	Parse(dst mapstr.M, path string) error
 }

@@ -24,7 +24,7 @@
 #include <stdlib.h>
 #include <sys/xattr.h>
 */
 import "C"

 import (
 	"errors"
@@ -47,27 +47,29 @@
 )
 
 // GetFileOrigin fetches the kMDItemWhereFroms metadata for the given path. This
-// is special metadata in the filesystem that encodes information of an external
-// origin of this file. It is always encoded as a list of strings, with
+// is special metadata in the filesystem that encodes information about the
+// external origin of this file. It is always encoded as a list of strings, with
 // different meanings depending on the origin:
 //
 // For files downloaded from a web browser, the first string is the URL for
 // the source document. The second URL (optional), is the web address where the
 // download link was followed:
-// [ "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16", "https://www.kernel.org/" ]
+//
+//	["https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16", "https://www.kernel.org/"]
 //
 // For files or directories transferred via Airdrop, the origin is one string
 // with the name of the computer that sent the file:
-// [ "Adrian's MacBook Pro" ]
+//
+//	["Adrian's MacBook Pro"]
 //
 // For files attached to e-mails (using Mail app), three strings are
 // returned: Sender address, subject and e-mail identifier:
-// [ "Adrian Serrano \[email protected]\u003e",
-//
-//	"Sagrada Familia tickets",
-//	"message:%[email protected]%3E"
 //
-// ],
+//	[
+//	 "Adrian Serrano \[email protected]\u003e",
+//	 "Sagrada Familia tickets",
+//	 "message:%[email protected]%3E"
+//	],
 //
 // For all other files the result is an empty (nil) list.
 func GetFileOrigin(path string) ([]string, error) {
@@ -108,8 +110,8 @@
 		return nil, fmt.Errorf("plist unmarshal failed: %w", err)
 	}
 
-	// The returned list seems to be padded with empty strings when some of
-	// the fields are missing (i.e. no context URL). Get rid of trailing empty
+	// The returned list seems to be padded with empty strings when some
+	// fields are missing (i.e. no context URL). Get rid of trailing empty
 	// strings:
 	n := len(urls)
 	for n > 0 && len(urls[n-1]) == 0 {

@@ -380,7 +380,7 @@ func store(b datastore.Bucket, e *Event) error {
 	return nil
 }
 
-// load loads an Event from the datastore. It return a nil Event if the key was
+// load loads an Event from the datastore. It returns a nil Event if the key was
 // not found. It returns an error if there was a failure reading from the
 // datastore or decoding the data.
 func load(b datastore.Bucket, path string) (*Event, error) {