From 1c6facf9f258acc620644a1c9c6ced04f86d4fd3 Mon Sep 17 00:00:00 2001
From: Aryan-sharma11 <aryan1126.sharma@gmail.com>
Date: Wed, 14 Feb 2024 16:55:27 +0530
Subject: [PATCH] fix : missing processname in bpf alerts

Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
---
 KubeArmor/enforcer/bpflsm/enforcer.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/KubeArmor/enforcer/bpflsm/enforcer.go b/KubeArmor/enforcer/bpflsm/enforcer.go
index eb5eb67d91..a4fb309a6d 100644
--- a/KubeArmor/enforcer/bpflsm/enforcer.go
+++ b/KubeArmor/enforcer/bpflsm/enforcer.go
@@ -300,6 +300,10 @@ func (be *BPFEnforcer) TraceEvents() {
 			continue
 		}
 
+		readLink := false
+		if len(string(bytes.Trim(event.Data.Source[:], "\x00"))) == 0 {
+			readLink = true
+		}
 		containerID := ""
 
 		if event.PidID != 0 && event.MntID != 0 {
@@ -316,7 +320,7 @@ func (be *BPFEnforcer) TraceEvents() {
 				HostPID:  event.HostPID,
 				HostPPID: event.HostPPID,
 			},
-		}, false)
+		}, readLink)
 
 		switch event.EventID {
 
@@ -352,6 +356,7 @@ func (be *BPFEnforcer) TraceEvents() {
 		// fallback logic if we don't receive source from BuildLogBase()
 		if len(log.Source) == 0 {
 			log.Source = string(bytes.Trim(event.Data.Source[:], "\x00"))
+			log.ProcessName = log.Source
 		}
 		if event.Retval >= 0 {
 			log.Result = "Passed"