Skip to content

feat: sanitize paths generated by calling d_path #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Molter73 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: sanitize paths generated by calling d_path #181

Molter73 wants to merge 2 commits into from

Conversation

@Molter73
Copy link
Collaborator

@Molter73 Molter73 commented Jan 8, 2026
edited
Loading

Description

The paths generated from calling bpf_d_path can have a " (deleted)" suffix when a file is removed from the system, this can mess with our files being reported, so some basic sanitization is added to these buffers.

Checklist

  • Investigated and inspected CI test results
  • Updated documentation accordingly

Automated testing

  • Added unit tests
  • Added integration tests
  • Added regression tests

If any of these don't apply, please comment below.

Testing Performed

Created a small Rust binary that will delete its own executable and then try to access a file provided as an argument, this can be run standalone for manual checking. A new integration test was added which builds a container with this binary and then runs it to check the (deleted) suffix is properly stripped from the executable path.

@Molter73 Molter73 force-pushed the mauro/feat/sanitize-d-paths branch from bec7609 to f10cf81 Compare January 8, 2026 16:52
@Molter73
feat: sanitize paths generated by calling d_path
7fe725b 
The paths generated from calling bpf_d_path can have a " (deleted)"
suffix when a file is removed from the system, this can mess with our
files being reported, so some basic sanitization is added to these
buffers.
@Molter73
test: add test_d_path_sanitization integration test
30ceda3 
A new test is added which builds and runs a small container with a Rust
binary that deletes itself and accesses a monitored file. This will
trigger an open event where the executable path retrieved by the
`bpf_d_path` helper will add a " (deleted)" suffix, the test checks our
code correctly strips this suffix.
@Molter73 Molter73 force-pushed the mauro/feat/sanitize-d-paths branch from e4419d8 to 30ceda3 Compare January 9, 2026 11:23
@Molter73 Molter73 marked this pull request as ready for review January 12, 2026 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Molter73