Skip to content

[3.1] collapse_log(): Attach null-* events to correct target profile

ask_exec() and ask_addhat() set hashlog[aamode][full_profile]['final_name'].

While this was used to get profile and hat split, it was not used as key for log_dict. This resulted in entries like log_dict['PERMITTING']['foo//null-/usr/bin/cat'] which are obviously wrong.

Use final_name as log_dict key so that we end up with (assuming child exec was selected) log_dict['PERMITTING']['foo///usr/bin/cat']

This fixes a regression introduced in 3.1.

This is the 3.1 version of !1091 (merged)

Merge request reports

Loading