update: sync release 0.18.x

.github/workflows/drivers_ci.yml

@@ -181,7 +181,7 @@ jobs:
     runs-on: ubuntu-22.04
     # Avoid running on forks since this job uses a private secret
     # not available on forks, leading to failures.
-    if: github.repository == 'falcosecurity/libs'
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == 'falcosecurity/libs'
     needs: paths-filter
     steps:
       - name: Extract branch name
@@ -351,7 +351,7 @@ jobs:
     needs: paths-filter
     # Avoid running on forks since this job uses a private secret
     # not available on forks, leading to failures.
-    if: github.repository == 'falcosecurity/libs' && github.event_name == 'pull_request' && (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true')
+    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'falcosecurity/libs' && (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true')
     uses: ./.github/workflows/reusable_kernel_tests.yaml
     with:
       # Use real branch's HEAD sha, not the merge commit
@@ -362,7 +362,7 @@ jobs:
     needs: kernel-tests-dev
     # Avoid running on forks since this job uses a private secret
     # not available on forks, leading to failures.
-    if: github.repository == 'falcosecurity/libs' && github.event_name == 'pull_request' && (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true')
+    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'falcosecurity/libs' && (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true')
     runs-on: ubuntu-latest
     steps:
       - name: Download X64 matrix

.github/workflows/format.yml

@@ -4,15 +4,15 @@ on:
   push:
     branches:
       - master
-      - 'release/**'
+      - "release/**"
 
 jobs:
   format:
     name: format code 🐲
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repository 🎉
-        uses: actions/checkout@v3
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           fetch-depth: 0
 
@@ -32,7 +32,7 @@ jobs:
 
       - name: Upload the git diff artifact 📦
         if: failure()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: format_diff.patch
           path: ./format_diff.patch

driver/configure/CLASS_CREATE_1/test.c

@@ -21,6 +21,7 @@ MODULE_AUTHOR("the Falco authors");
 
 static int class_create_test_init(void) {
 	struct class *g_ppm_class = class_create("test");
+	(void)g_ppm_class;
 	return 0;
 }
 

test/drivers/event_class/network_utils.h

@@ -64,7 +64,7 @@
 /*=============================== UNIX ===========================*/
 
 /* Max length socket unix path. */
-#define MAX_SUN_PATH 109
+#define MAX_SUN_PATH 108
 
 /* Unix Client: the `xyzxe-` prefix is used to avoid name collisions */
 #define UNIX_CLIENT "/tmp/xyzxe-client"

test/drivers/helpers/proc_parsing.h

@@ -12,18 +12,18 @@
  * in which we don't need them all.
  */
 struct proc_info {
-	uint32_t tty;
-	pid_t ppid; /* The PID of the parent of this process. */
-	pid_t pgid; /* The process group ID of the process. */
-	char raw_args[MAX_NUM_ARGS][MAX_PATH];
-	const char* args[MAX_NUM_ARGS];
-	uint32_t uid;
-	uint32_t gid;
-	uint32_t vpid;
-	uint32_t vtid;
-	struct rlimit file_rlimit;
-	uint32_t loginuid;
-	char exepath[MAX_PATH];
+	uint32_t tty = 0;
+	pid_t ppid = 0; /* The PID of the parent of this process. */
+	pid_t pgid = 0; /* The process group ID of the process. */
+	char raw_args[MAX_NUM_ARGS][MAX_PATH] = {};
+	const char* args[MAX_NUM_ARGS] = {};
+	uint32_t uid = 0;
+	uint32_t gid = 0;
+	uint32_t vpid = 0;
+	uint32_t vtid = 0;
+	struct rlimit file_rlimit = {0, 0};
+	uint32_t loginuid = 0;
+	char exepath[MAX_PATH] = {};
 };
 
 bool get_proc_info(pid_t pid, proc_info* info);

test/drivers/test_suites/generic_tracepoints_suite/sched_process_exec.cpp

@@ -42,7 +42,7 @@ TEST(GenericTracepoints, sched_proc_exec) {
 	/* We need to use `SIGCHLD` otherwise the parent won't receive any signal
 	 * when the child terminates.
 	 */
-	clone_args cl_args = {0};
+	clone_args cl_args = {};
 	cl_args.exit_signal = SIGCHLD;
 	pid_t ret_pid = syscall(__NR_clone3, &cl_args, sizeof(cl_args));
 
@@ -182,7 +182,7 @@ TEST(GenericTracepoints, sched_proc_exec_success_memfd) {
 	/* We need to use `SIGCHLD` otherwise the parent won't receive any signal
 	 * when the child terminates.
 	 */
-	clone_args cl_args = {0};
+	clone_args cl_args = {};
 	cl_args.exit_signal = SIGCHLD;
 	pid_t ret_pid = syscall(__NR_clone3, &cl_args, sizeof(cl_args));
 

test/drivers/test_suites/generic_tracepoints_suite/sched_process_fork.cpp

@@ -14,7 +14,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3) {
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
 	/* Here we scan the parent just to obtain some info for the child */
-	struct proc_info info = {0};
+	struct proc_info info = {};
 	pid_t pid = ::getpid();
 	if(!get_proc_info(pid, &info)) {
 		FAIL() << "Unable to get all the info from proc" << std::endl;
@@ -23,7 +23,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3) {
 	/* We need to use `SIGCHLD` otherwise the parent won't receive any signal
 	 * when the child terminates. We use `CLONE_FILES` just to test the flags.
 	 */
-	clone_args cl_args = {0};
+	clone_args cl_args = {};
 	cl_args.flags = CLONE_FILES;
 	cl_args.exit_signal = SIGCHLD;
 	pid_t ret_pid = syscall(__NR_clone3, &cl_args, sizeof(cl_args));
@@ -122,7 +122,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3_create_child_with_2_threads
 	pid_t p1_t1 = 61001;
 	pid_t p1_t2 = 61004;
 
-	clone_args cl_args_parent = {0};
+	clone_args cl_args_parent = {};
 	cl_args_parent.set_tid = (uint64_t)&p1_t1;
 	cl_args_parent.set_tid_size = 1;
 	cl_args_parent.exit_signal = SIGCHLD;
@@ -131,7 +131,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3_create_child_with_2_threads
 	/* Create a child process that will spawn a new thread */
 	if(ret_pid == 0) {
 		/* Spawn a new thread */
-		clone_args cl_args_child = {0};
+		clone_args cl_args_child = {};
 		cl_args_child.set_tid = (uint64_t)&p1_t2;
 		cl_args_child.set_tid_size = 1;
 		/* CLONE_PARENT has no additional effects if we are spawning a thread
@@ -223,14 +223,14 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3_child_clone_parent_flag) {
 	pid_t p1_t1 = 61024;
 	pid_t p2_t1 = 60128;
 
-	clone_args cl_args_parent = {0};
+	clone_args cl_args_parent = {};
 	cl_args_parent.set_tid = (uint64_t)&p1_t1;
 	cl_args_parent.set_tid_size = 1;
 	cl_args_parent.exit_signal = SIGCHLD;
 	pid_t ret_pid = syscall(__NR_clone3, &cl_args_parent, sizeof(cl_args_parent));
 
 	if(ret_pid == 0) {
-		clone_args cl_args_child = {0};
+		clone_args cl_args_child = {};
 		cl_args_child.set_tid = (uint64_t)&p2_t1;
 		cl_args_child.set_tid_size = 1;
 		cl_args_child.flags = CLONE_PARENT;
@@ -327,7 +327,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3_child_new_namespace_from_ch
 
 	/* Here we create a child process in a new namespace. */
 	pid_t p1_t1[2] = {1, 61032};
-	clone_args cl_args = {0};
+	clone_args cl_args = {};
 	cl_args.set_tid = (uint64_t)&p1_t1;
 	cl_args.set_tid_size = 2;
 	cl_args.flags = CLONE_NEWPID;
@@ -411,7 +411,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3_child_new_namespace_create_
 	/* Please note that a process can have the same pid number in different namespaces */
 	pid_t p1_t2[2] = {61036, 61036};
 
-	clone_args cl_args = {0};
+	clone_args cl_args = {};
 	cl_args.set_tid = (uint64_t)&p1_t1;
 	cl_args.set_tid_size = 2;
 	cl_args.flags = CLONE_NEWPID;
@@ -420,7 +420,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone3_child_new_namespace_create_
 
 	if(ret_pid == 0) {
 		/* Spawn a new thread */
-		clone_args cl_args_child = {0};
+		clone_args cl_args_child = {};
 		cl_args_child.set_tid = (uint64_t)&p1_t2;
 		cl_args_child.set_tid_size = 2;
 		cl_args_child.flags = CLONE_THREAD | CLONE_SIGHAND | CLONE_VM | CLONE_VFORK;
@@ -502,7 +502,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_clone) {
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
 	/* Here we scan the parent just to obtain some info for the child */
-	struct proc_info info = {0};
+	struct proc_info info = {};
 	pid_t pid = ::getpid();
 	if(!get_proc_info(pid, &info)) {
 		FAIL() << "Unable to get all the info from proc" << std::endl;
@@ -611,7 +611,7 @@ TEST(GenericTracepoints, sched_proc_fork_case_fork) {
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
 	/* Here we scan the parent just to obtain some info for the child */
-	struct proc_info info = {0};
+	struct proc_info info = {};
 	pid_t pid = ::getpid();
 	if(!get_proc_info(pid, &info)) {
 		FAIL() << "Unable to get all the info from proc" << std::endl;

test/drivers/test_suites/syscall_enter_suite/connect_e.cpp

@@ -169,10 +169,10 @@ TEST(SyscallEnter, connectE_UNIX_failure) {
  */
 #define UNIX_LONG_PATH                                                                          \
 	"/unix_socket/test/too_long/too_long/too_long/too_long/unix_socket/test/too_long/too_long/" \
-	"too_long/too_longgg*"
+	"too_long/too_longgg"
 #define EXPECTED_UNIX_LONG_PATH                                                                 \
 	"/unix_socket/test/too_long/too_long/too_long/too_long/unix_socket/test/too_long/too_long/" \
-	"too_long/too_longgg"
+	"too_long/too_longg"
 
 TEST(SyscallEnter, connectE_UNIX_max_path_failure) {
 	auto evt_test = get_syscall_event_test(__NR_connect, ENTER_EVENT);

test/drivers/test_suites/syscall_enter_suite/socketcall_e.cpp

@@ -25,7 +25,7 @@ TEST(SyscallEnter, socketcall_socketE) {
 	/* Here we need to call the `socket` from a child because the main process throws a `socket`
 	 * syscall to calibrate the socket file options if we are using the bpf probe.
 	 */
-	clone_args cl_args = {0};
+	clone_args cl_args = {};
 	cl_args.flags = CLONE_FILES;
 	cl_args.exit_signal = SIGCHLD;
 	pid_t ret_pid = syscall(__NR_clone3, &cl_args, sizeof(cl_args));
@@ -599,8 +599,8 @@ TEST(SyscallEnter, socketcall_sendtoE) {
 
 	int32_t client_socket_fd = 0;
 	int32_t server_socket_fd = 0;
-	sockaddr_in client_addr = {0};
-	sockaddr_in server_addr = {0};
+	sockaddr_in client_addr = {};
+	sockaddr_in server_addr = {};
 	evt_test->connect_ipv4_client_to_server(&client_socket_fd,
 	                                        &client_addr,
 	                                        &server_socket_fd,
@@ -679,8 +679,8 @@ TEST(SyscallEnter, socketcall_sendmsgE) {
 
 	int32_t client_socket_fd = 0;
 	int32_t server_socket_fd = 0;
-	sockaddr_in client_addr = {0};
-	sockaddr_in server_addr = {0};
+	sockaddr_in client_addr = {};
+	sockaddr_in server_addr = {};
 	evt_test->connect_ipv4_client_to_server(&client_socket_fd,
 	                                        &client_addr,
 	                                        &server_socket_fd,

test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp

@@ -391,7 +391,6 @@ TEST(SyscallExit, execveatX_execve_exit) {
 	/* Prepare the execve args */
 	int dirfd = 0;
 	const char *pathname = "/usr/bin/echo";
-	const char *comm = "echo";
 	const char *argv[] = {pathname, "[OUTPUT] SyscallExit.execveatX_success test", NULL};
 	const char *envp[] = {"IN_TEST=yes", "3_ARGUMENT=yes", "2_ARGUMENT=no", NULL};
 	int flags = 0;
@@ -472,6 +471,7 @@ TEST(SyscallExit, execveatX_execve_exit) {
 	evt_test->assert_empty_param(7);
 
 	/* Parameter 14: comm (type: PT_CHARBUF) */
+	const char *comm = "echo";
 	evt_test->assert_charbuf_param(14, comm);
 
 	/* Parameter 15: cgroups (type: PT_CHARBUFARRAY) */