mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-19 03:06:22 +00:00
1df80fd94b
The rule Delete Bucket Public Access Block has a predicate
`json.value[/requestParameters/publicAccessBlock]=""` to match
an event snippet like this:
```
"requestParameters": {
"publicAccessBlock": "",
```
The cloudtrail plugin properly returns `""` for this field, but the
yaml representation was a literal back-to-back quote, which gets
interpreted by the yaml parser to be an empty string.
Escaping the back-to-back quote fixes the ambiguity.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>