Always catch json type errors when extracting

In all extraction functions, always catch json type errors alongside json out of range errors. Both cases result in not extracting any value from the event. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2025-08-01 22:47:46 +00:00 · 2019-11-18 12:04:45 -08:00 · 2019-11-18 12:04:45 -08:00 · 4e39fee54e
commit 4e39fee54e
parent 885e131451
1 changed files with 48 additions and 0 deletions
--- a/userspace/engine/json_evt.cpp
+++ b/userspace/engine/json_evt.cpp
@ -324,6 +324,10 @@ bool json_event_filter_check::def_extract(const nlohmann::json &root,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -704,6 +708,10 @@ bool json_event_filter_check::extract_values(json_event *jevt)
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -817,6 +825,10 @@ bool jevt_filter_check::extract_values(json_event *jevt)
 		{
 			return false;
 		}
+		catch(json::type_error &e)
+		{
+			return false;
+		}
 	}
 	else
 	{
@ -881,6 +893,10 @@ bool k8s_audit_filter_check::extract_images(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -900,6 +916,10 @@ bool k8s_audit_filter_check::extract_query_param(const nlohmann::json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	uri_parts = sinsp_split(uri, '?');

@ -953,6 +973,10 @@ bool k8s_audit_filter_check::extract_rule_attrs(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -996,6 +1020,10 @@ bool k8s_audit_filter_check::check_volumes_hostpath(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	jchk.add_extracted_value(string("false"));

@ -1026,6 +1054,10 @@ bool k8s_audit_filter_check::extract_volume_types(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -1065,6 +1097,10 @@ bool k8s_audit_filter_check::extract_host_port(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -1113,6 +1149,10 @@ bool k8s_audit_filter_check::extract_effective_run_as(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	return true;
 }
@ -1146,6 +1186,10 @@ bool k8s_audit_filter_check::extract_any_privileged(const json &j,
 			{
 				// No-op
 			}
+			catch(json::type_error &e)
+			{
+				return false;
+			}

 			if(privileged)
 			{
@ -1158,6 +1202,10 @@ bool k8s_audit_filter_check::extract_any_privileged(const json &j,
 	{
 		return false;
 	}
+	catch(json::type_error &e)
+	{
+		return false;
+	}

 	jchk.add_extracted_value(string("false"));
 	return true;