Skip to content

Commit

Permalink
Reverts #40684 (#41009) (#41013)
Browse files Browse the repository at this point in the history
We're reverting because Elastic Agent CI has been failing and we've narrowed it down to the type assertion failing here and not checking `ok` right after: https://github.com/elastic/beats/blob/138e43cad7eda93c1414641682056b6c88efcf1d/winlogbeat/sys/strings_windows.go#L31-L32

Specifically, when integration tests for Elastic Agent run on its CI Windows hosts, we are seeing this failure in the log:

```
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x284f4bf]

goroutine 1 [running]:
golang.org/x/text/encoding/charmap.(*Charmap).ID(0x0)
        /go/pkg/mod/golang.org/x/text@v0.18.0/encoding/charmap/charmap.go:111 +0x1f
github.com/elastic/beats/v7/winlogbeat/sys.init.0()
        /go/src/github.com/elastic/beats/winlogbeat/sys/strings_windows.go:32 +0x10c
```

(cherry picked from commit 307e95c)

Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
  • Loading branch information
mergify[bot] and ycombinator authored Sep 26, 2024
1 parent 254bcbb commit e268982
Show file tree
Hide file tree
Showing 7 changed files with 1 addition and 180 deletions.
2 changes: 0 additions & 2 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -351,8 +351,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]

*Winlogbeat*

- Add handling for missing `EvtVarType`s in experimental api. {issue}19337[19337] {pull}40684[40684]


*Functionbeat*

Expand Down
24 changes: 0 additions & 24 deletions winlogbeat/sys/strings.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,27 +44,3 @@ func RemoveWindowsLineEndings(s string) string {
s = strings.Replace(s, "\r\n", "\n", -1)
return strings.TrimRight(s, "\n")
}

// BinaryToString converts a binary field which is encoded in hexadecimal
// to its string representation. This is equivalent to hex.EncodeToString
// but its output is in uppercase to be equivalent to the windows
// XML formatting of this fields.
func BinaryToString(bin []byte) string {
if len(bin) == 0 {
return ""
}

const hexTable = "0123456789ABCDEF"

size := len(bin) * 2
buffer := make([]byte, size)

j := 0
for _, v := range bin {
buffer[j] = hexTable[v>>4]
buffer[j+1] = hexTable[v&0x0f]
j += 2
}

return string(buffer)
}
6 changes: 0 additions & 6 deletions winlogbeat/sys/strings_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,6 @@ func TestUTF16BytesToString(t *testing.T) {
assert.Equal(t, input, output)
}

func TestMakeDisplayableBinaryString(t *testing.T) {
input := []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}
output := BinaryToString(input)
assert.Equal(t, "0123456789ABCDEF", output)
}

func BenchmarkUTF16BytesToString(b *testing.B) {
utf16Bytes := common.StringToUTF16Bytes("A logon was attempted using explicit credentials.")

Expand Down
45 changes: 0 additions & 45 deletions winlogbeat/sys/strings_windows.go

This file was deleted.

20 changes: 1 addition & 19 deletions winlogbeat/sys/wineventlog/syscall_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -442,16 +442,11 @@ func (v EvtVariant) Data(buf []byte) (interface{}, error) {
switch typ {
case EvtVarTypeNull:
return nil, nil
case EvtVarTypeString, EvtVarTypeEvtXml:
case EvtVarTypeString:
addr := unsafe.Pointer(&buf[0])
offset := v.ValueAsUintPtr() - uintptr(addr)
s, err := sys.UTF16BytesToString(buf[offset:])
return s, err
case EvtVarTypeAnsiString:
addr := unsafe.Pointer(&buf[0])
offset := v.ValueAsUintPtr() - uintptr(addr)
s, err := sys.ANSIBytesToString(buf[offset:])
return s, err
case EvtVarTypeSByte:
return int8(v.ValueAsUint8()), nil
case EvtVarTypeByte:
Expand Down Expand Up @@ -481,28 +476,15 @@ func (v EvtVariant) Data(buf []byte) (interface{}, error) {
return false, nil
}
return true, nil
case EvtVarTypeBinary:
addr := unsafe.Pointer(&buf[0])
offset := v.ValueAsUintPtr() - uintptr(addr)
return sys.BinaryToString(buf[offset:]), nil
case EvtVarTypeGuid:
addr := unsafe.Pointer(&buf[0])
offset := v.ValueAsUintPtr() - uintptr(addr)
guid := (*windows.GUID)(unsafe.Pointer(&buf[offset]))
copy := *guid
return copy, nil
case EvtVarTypeSizeT:
return v.ValueAsUintPtr(), nil
case EvtVarTypeFileTime:
ft := (*windows.Filetime)(unsafe.Pointer(&v.Value))
return time.Unix(0, ft.Nanoseconds()).UTC(), nil
case EvtVarTypeSysTime:
st := (*windows.Systemtime)(unsafe.Pointer(&v.Value))
var ft windows.Filetime
if err := sys.SystemTimeToFileTime(st, &ft); err != nil {
return nil, err
}
return time.Unix(0, ft.Nanoseconds()).UTC(), nil
case EvtVarTypeSid:
addr := unsafe.Pointer(&buf[0])
offset := v.ValueAsUintPtr() - uintptr(addr)
Expand Down
42 changes: 0 additions & 42 deletions winlogbeat/sys/zsyscall_windows.go

This file was deleted.

42 changes: 0 additions & 42 deletions winlogbeat/sys/zsyscall_windows_test.go

This file was deleted.

0 comments on commit e268982

Please sign in to comment.