fix(policymatcher): secPolicy.Source should be checked with log.Sourc…

…e rather than log.ParentProcessName Signed-off-by: Prateek <[email protected]>
kubearmor · Nov 29, 2024 · 4da39ed · 4da39ed
1 parent 1373cb6
commit 4da39ed
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/KubeArmor/feeder/policyMatcher.go b/KubeArmor/feeder/policyMatcher.go
@@ -1299,7 +1299,7 @@ func (fd *Feeder) UpdateMatchedPolicy(log tp.Log) tp.Log {
 					break // break, so that once source is matched for a log it doesn't look for other cases
 				}
 				// match sources
-				if (!secPolicy.IsFromSource) || (secPolicy.IsFromSource && (secPolicy.Source == log.ParentProcessName || secPolicy.Source == log.ProcessName)) {
+				if (!secPolicy.IsFromSource) || (secPolicy.IsFromSource && (strings.HasPrefix(log.Source, secPolicy.Source+" ") || secPolicy.Source == log.ProcessName)) {
 					matchedFlags := false
 
 					protocol := fetchProtocol(log.Resource)
@@ -1481,7 +1481,7 @@ func (fd *Feeder) UpdateMatchedPolicy(log tp.Log) tp.Log {
 					continue
 				}
 				// match sources
-				if (!secPolicy.IsFromSource) || (secPolicy.IsFromSource && (secPolicy.Source == log.ParentProcessName || secPolicy.Source == log.ProcessName)) {
+				if (!secPolicy.IsFromSource) || (secPolicy.IsFromSource && (strings.HasPrefix(log.Source, secPolicy.Source+" ") || secPolicy.Source == log.ProcessName)) {
 					skip := false
 
 					for _, matchCapability := range strings.Split(secPolicy.Resource, ",") {