mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

utils: fix check for when there's no operation field in audit log

Browse source 
If the "operation" field is not present, we get the following error:
AttributeError: 'NoneType' object has no attribute 'startswith'

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia 2022-12-16 09:59:54 -03:00
parent 6f84aa2092
commit 7618d69eca
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
utils/apparmor/logparser.py
View file

@ -261,7 +261,7 @@ class ReadLog:
self.hashlog[aamode][full_profile]['signal'][e['peer']][e['denied_mask']][e['signal']] = True
return
elif e['operation'].startswith('dbus_'):
elif e['operation'] and e['operation'].startswith('dbus_'):
self.hashlog[aamode][full_profile]['dbus'][e['denied_mask']][e['bus']][e['path']][e['name']][e['interface']][e['member']][e['peer_profile']] = True
return
@ -345,7 +345,9 @@ class ReadLog:
def op_type(self, event):
"""Returns the operation type if known, unknown otherwise"""
if (event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in self.OP_TYPE_FILE_OR_NET):
if event['operation'] and (event['operation'].startswith('file_') or
event['operation'].startswith('inode_') or
event['operation'] in self.OP_TYPE_FILE_OR_NET):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out