fix(aa-log): ensure we also split quote in log value

fix #229
2024-10-02 21:06:45 +01:00 · 2024-10-02 21:06:45 +01:00 · 14a5d8deae
commit 14a5d8deae
parent 3f98e86e24
3 changed files with 28 additions and 1 deletions
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@ -138,7 +138,12 @@ func New(file io.Reader, profile string) AppArmorLogs {

 		aa := make(AppArmorLog)
 		for _, item := range tmp {
-			kv := strings.Split(item, "=")
+			kv := strings.FieldsFunc(item, func(r rune) bool {
+				if r == '"' {
+					quoted = !quoted
+				}
+				return !quoted && r == '='
+			})
 			if len(kv) >= 2 {
 				key, value := kv[0], kv[1]
 				if slices.Contains(toClean, key) {
--- a/pkg/logs/logs_test.go
+++ b/pkg/logs/logs_test.go
@ -267,6 +267,27 @@ func TestNew(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "startplasma",
+			path: filepath.Join(testdata, "audit.log"),
+			want: AppArmorLogs{
+				{
+					"apparmor":       "ALLOWED",
+					"operation":      "link",
+					"class":          "file",
+					"profile":        "startplasma",
+					"name":           "@{user_cache_dirs}/ksycoca5_de_LQ6f0J2qZg4vOKgw2NbXuW7iuVU=.isNSBz",
+					"target":         "@{user_cache_dirs}/#@{int}",
+					"comm":           "startplasma-way",
+					"denied_mask":    "k",
+					"requested_mask": "k",
+					"fsuid":          "1000",
+					"ouid":           "1000",
+					"FSUID":          "user",
+					"OUID":           "user",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {