Handle them like any other detected group because the remote can send
invalid values. The current code can handle arbitrary group names just
fine but it's better to treat all untrusted input the same.
func hostInfoRespToGroups(resp safcm.MsgInfoResp) []string {
groups := []string{
func hostInfoRespToGroups(resp safcm.MsgInfoResp) []string {
groups := []string{
- config.GroupDetectedPrefix + "_" + resp.Goos,
- config.GroupDetectedPrefix + "_" + resp.Goarch,
+ hostInfoDetectedGroupName(resp.Goos),
+ hostInfoDetectedGroupName(resp.Goarch),
}
for _, x := range resp.Output {
}
for _, x := range resp.Output {
+ groups = append(groups, hostInfoDetectedGroupName(x))
+ }
+ return groups
+}
+
+func hostInfoDetectedGroupName(x string) string {
x = strings.TrimSpace(x)
x = strings.ToLower(x)
x = infoGroupDetectedRegexp.ReplaceAllString(x, "_")
x = strings.TrimSpace(x)
x = strings.ToLower(x)
x = infoGroupDetectedRegexp.ReplaceAllString(x, "_")
- groups = append(groups, config.GroupDetectedPrefix+"_"+x)
- }
- return groups
+ x = config.GroupDetectedPrefix + "_" + x
+ return x
"detected_with_utf-8_hello_",
},
},
"detected_with_utf-8_hello_",
},
},
+
+ {
+ "invalid goos/goarch",
+ safcm.MsgInfoResp{
+ Goos: " INVALID goos! ",
+ Goarch: "Hello, 世界",
+ Output: nil,
+ },
+ []string{
+ "detected_invalid_goos_",
+ "detected_hello_",
+ },
+ },
}
for _, tc := range tests {
}
for _, tc := range tests {