falco_event/events/
to_bytes.rs

1use std::io::Write;
2
3pub trait EventToBytes {
4    fn binary_size(&self) -> usize;
5
6    fn write<W: Write>(&self, writer: W) -> std::io::Result<()>;
7}
8
9impl EventToBytes for &[u8] {
10    fn binary_size(&self) -> usize {
11        self.len()
12    }
13
14    fn write<W: Write>(&self, mut writer: W) -> std::io::Result<()> {
15        writer.write_all(self)
16    }
17}
18
19#[cfg(test)]
20mod tests {
21    use crate::events::types::{AnyEvent, PPME_SYSCALL_OPEN_X};
22    use crate::events::{Event, EventMetadata, EventToBytes, RawEvent};
23    use crate::fields::types::{PT_FLAGS32_file_flags, PT_FD, PT_FSPATH};
24
25    #[test]
26    fn test_event_to_bytes() {
27        let evt = Event {
28            metadata: EventMetadata { ts: 1, tid: 1 },
29            params: PPME_SYSCALL_OPEN_X {
30                fd: Some(PT_FD(5)),
31                name: Some(PT_FSPATH::new("/etc/passwd")),
32                flags: Some(PT_FLAGS32_file_flags::O_RDWR),
33                mode: Some(0o644),
34                dev: Some(0),
35                ino: Some(0),
36            },
37        };
38
39        let mut buf = Vec::new();
40        evt.write(&mut buf).unwrap();
41
42        let evt2 = RawEvent::from(buf.as_slice()).unwrap();
43        let evt2 = evt2.load::<PPME_SYSCALL_OPEN_X>().unwrap();
44
45        assert_eq!(evt2.params.fd, Some(PT_FD(5)));
46        assert_eq!(evt2.params.name, Some(PT_FSPATH::new("/etc/passwd")));
47        assert_eq!(evt2.params.flags, Some(PT_FLAGS32_file_flags::O_RDWR));
48        assert_eq!(evt2.params.mode, Some(0o644));
49        assert_eq!(evt2.params.dev, Some(0));
50        assert_eq!(evt2.params.ino, Some(0));
51    }
52
53    #[test]
54    fn test_any_event_to_bytes() {
55        let evt = Event {
56            metadata: EventMetadata { ts: 1, tid: 1 },
57            params: AnyEvent::SYSCALL_OPEN_X(PPME_SYSCALL_OPEN_X {
58                fd: Some(PT_FD(5)),
59                name: Some(PT_FSPATH::new("/etc/passwd")),
60                flags: Some(PT_FLAGS32_file_flags::O_RDWR),
61                mode: Some(0o644),
62                dev: Some(0),
63                ino: Some(0),
64            }),
65        };
66
67        let mut buf = Vec::new();
68        evt.write(&mut buf).unwrap();
69
70        let evt2 = RawEvent::from(buf.as_slice()).unwrap();
71        let evt2 = evt2.load::<PPME_SYSCALL_OPEN_X>().unwrap();
72
73        assert_eq!(evt2.params.fd, Some(PT_FD(5)));
74        assert_eq!(evt2.params.name, Some(PT_FSPATH::new("/etc/passwd")));
75        assert_eq!(evt2.params.flags, Some(PT_FLAGS32_file_flags::O_RDWR));
76        assert_eq!(evt2.params.mode, Some(0o644));
77        assert_eq!(evt2.params.dev, Some(0));
78        assert_eq!(evt2.params.ino, Some(0));
79    }
80}