Skip to content

Commit

Permalink
Add CEL filter to the CLI, fixes cilium#3112
Browse files Browse the repository at this point in the history 
Signed-off-by: Kevin Conner <[email protected]>
  • Loading branch information
@knrc
knrc committed Nov 15, 2024
1 parent 93fb03c commit 192ee0f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions pkg/filters/filters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ var Filters = []OnBuildFilter{
&PodRegexFilter{},
&PolicyNamesFilter{},
&CapsFilter{},
&CELExpressionFilter{},
}

func GetProcess(event *v1.Event) *tetragon.Process {
Expand Down
4 changes: 3 additions & 1 deletion pkg/filters/filters_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ func TestParseFilterList(t *testing.T) {
{"pid_set":[1]}
{"event_set":["PROCESS_EXEC", "PROCESS_EXIT", "PROCESS_KPROBE", "PROCESS_TRACEPOINT"]}
{"arguments_regex":["^--version$","^-a -b -c$"]}
{"capabilities": {"effective": {"all": ["CAP_BPF", "CAP_SYS_ADMIN"]}}}`
{"capabilities": {"effective": {"all": ["CAP_BPF", "CAP_SYS_ADMIN"]}}}
{"cel_expression": ["process_exec.process.bad_field_name == 'curl'"]}`
filterProto, err := ParseFilterList(f, true)
assert.NoError(t, err)
if diff := cmp.Diff(
Expand All @@ -50,6 +51,7 @@ func TestParseFilterList(t *testing.T) {
All: []tetragon.CapabilitiesType{tetragon.CapabilitiesType_CAP_BPF, tetragon.CapabilitiesType_CAP_SYS_ADMIN},
},
}},
{CelExpression: []string{"process_exec.process.bad_field_name == 'curl'"}},
},
filterProto,
cmpopts.IgnoreUnexported(tetragon.Filter{}),
Expand Down

0 comments on commit 192ee0f

Please sign in to comment.