Skip to content

Commit

Permalink
Update decoding_payload_in_container.go
Browse files Browse the repository at this point in the history 
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
  • Loading branch information
@h4l0gen @poiana
h4l0gen authored and poiana committed Mar 28, 2024
1 parent 9067d37 commit 9c6f486
Showing 1 changed file with 4 additions and 10 deletions.
14 changes: 4 additions & 10 deletions events/syscall/decoding_payload_in_container.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,25 +15,19 @@ limitations under the License.
package syscall

import (
"fmt"
"os/exec"

"github.com/falcosecurity/event-generator/events"
)

var (
encodedPayload = "RmFsY28gaXMgbG92ZSEh"
var _ = events.Register(
DecodingPayloadInContainer,
events.WithDisabled(), // this rules is not included in falco_rules.yaml (stable rules), so disable the action
)

var _ = events.Register(DecodingPayloadInContainer)

func DecodingPayloadInContainer(h events.Helper) error {
if h.InContainer() {
cmd := exec.Command("sh", "-c", fmt.Sprintf("echo %s | base64 -d", encodedPayload))

if _, err := cmd.CombinedOutput(); err != nil {
return err
}
cmd := exec.Command("base64", "-d")
}
return nil
}

0 comments on commit 9c6f486

Please sign in to comment.