address pr comments

efd6 · efd6 · commit bced8d2303dd · 2022-02-01T18:57:02.000+10:30
diff --git a/audit.go b/audit.go
@@ -598,16 +598,18 @@ type AuditStatus struct {
 	BacklogWaitTimeActual uint32          // Time the kernel has spent waiting while the backlog limit is exceeded.
 }
 
+const sizeofAuditStatus = int(unsafe.Sizeof(AuditStatus{}))
+
 func (s AuditStatus) toWireFormat() []byte {
-	return (*[unsafe.Sizeof(AuditStatus{})]byte)(unsafe.Pointer(&s))[:]
+	return (*[sizeofAuditStatus]byte)(unsafe.Pointer(&s))[:]
 }
 
 // FromWireFormat unmarshals the given buffer to an AuditStatus object. Due to
 // changes in the audit_status struct in the kernel source this method does
 // not return an error if the buffer is smaller than the sizeof our AuditStatus
 // struct.
 func (s *AuditStatus) FromWireFormat(buf []byte) error {
-	if len(buf) < int(unsafe.Sizeof(AuditStatus{})) {
+	if len(buf) < sizeofAuditStatus {
 		return io.ErrUnexpectedEOF
 	}
 	copy((*[unsafe.Sizeof(AuditStatus{})]byte)(unsafe.Pointer(s))[:], buf)
diff --git a/rule/binary.go b/rule/binary.go
@@ -36,6 +36,11 @@ type WireFormat []byte
 // AUDIT_LIST_RULES requests.
 // https://github.com/linux-audit/audit-kernel/blob/v3.15/include/uapi/linux/audit.h#L423-L437
 type auditRuleData struct {
+	auditRuleHeader
+	Buf []byte // String fields.
+}
+
+type auditRuleHeader struct {
 	Flags      filter
 	Action     action
 	FieldCount uint32
@@ -44,10 +49,9 @@ type auditRuleData struct {
 	Values     [maxFields]uint32
 	FieldFlags [maxFields]operator
 	BufLen     uint32 // Total length of buffer used for string fields.
-	Buf        []byte // String fields.
 }
 
-const ruleHeaderSize = int(unsafe.Sizeof(auditRuleData{}) - unsafe.Sizeof([]byte(nil)))
+const ruleHeaderSize = int(unsafe.Sizeof(auditRuleHeader{}))
 
 func (r auditRuleData) toWireFormat() WireFormat {
 	n := ruleHeaderSize + len(r.Buf)
diff --git a/rule/rule.go b/rule/rule.go
@@ -390,11 +390,11 @@ type ruleData struct {
 }
 
 func (d ruleData) toAuditRuleData() (*auditRuleData, error) {
-	rule := &auditRuleData{
+	rule := &auditRuleData{auditRuleHeader: auditRuleHeader{
 		Flags:      d.flags,
 		Action:     d.action,
 		FieldCount: uint32(len(d.fields)),
-	}
+	}}
 
 	if d.allSyscalls {
 		for i := 0; i < len(rule.Mask)-1; i++ {
@@ -725,7 +725,7 @@ func addFilter(rule *ruleData, lhs, comparator, rhs string) error {
 			return err
 		}
 		rule.values = append(rule.values, arg)
-	//case SessionIDField:
+	// case SessionIDField:
 	case inodeField:
 		// Flag must be FilterExit.
 		if rule.flags != exitFilter {
@@ -832,7 +832,7 @@ func getExitCode(exit string) (int32, error) {
 }
 
 func getArch(arch string) (string, uint32, error) {
-	var realArch = arch
+	realArch := arch
 	switch strings.ToLower(arch) {
 	case "b64":
 		runtimeArch, err := getRuntimeArch()

Original file line number	Diff line number	Diff line change
`@@ -598,16 +598,18 @@ type AuditStatus struct {`
`598`	`598`	`BacklogWaitTimeActual uint32 // Time the kernel has spent waiting while the backlog limit is exceeded.`
`599`	`599`	`}`
`600`	`600`
	`601`	`+const sizeofAuditStatus = int(unsafe.Sizeof(AuditStatus{}))`
	`602`	`+`
`601`	`603`	`func (s AuditStatus) toWireFormat() []byte {`
`602`		`- return (*[unsafe.Sizeof(AuditStatus{})]byte)(unsafe.Pointer(&s))[:]`
	`604`	`+ return (*[sizeofAuditStatus]byte)(unsafe.Pointer(&s))[:]`
`603`	`605`	`}`
`604`	`606`
`605`	`607`	`// FromWireFormat unmarshals the given buffer to an AuditStatus object. Due to`
`606`	`608`	`// changes in the audit_status struct in the kernel source this method does`
`607`	`609`	`// not return an error if the buffer is smaller than the sizeof our AuditStatus`
`608`	`610`	`// struct.`
`609`	`611`	`func (s *AuditStatus) FromWireFormat(buf []byte) error {`
`610`		`- if len(buf) < int(unsafe.Sizeof(AuditStatus{})) {`
	`612`	`+ if len(buf) < sizeofAuditStatus {`
`611`	`613`	`return io.ErrUnexpectedEOF`
`612`	`614`	`}`
`613`	`615`	`copy((*[unsafe.Sizeof(AuditStatus{})]byte)(unsafe.Pointer(s))[:], buf)`