Re: get_field_str() and interpret_field() bug with multi-word fields
LC Bruzenak wrote:
On Tue, 2008-08-12 at 12:49 -0500, Jonathan Kelly wrote:
> Hello,
>
>
>
> When using the python auparse library to call
> AuParser.interpret_field() on a multi-word field, only the first word
> in the field is returned. Using get_field_str() instead of
> interpret_field() yields the same output. I have verified that this
> issue exists in the C library, as well as the Python. I suspect that
> this may be an issue for multi-word fields in general, but have not
> noticed any other than 'op'.
>
>
>
Line forms here...see the following thread:
https://www.redhat.com/archives/linux-audit/2008-June/msg00005.html
LCB.
The line started a while ago ...
https://www.redhat.com/archives/linux-audit/2008-January/msg00082.html
(the discussion "While we're at it" is irrelevant to the current topic)
FWIW, I think the proper encoding should be that all string values are
enclosed in double quotes and the string encoding follows the same
backslash escaping defined for the C language which was subsequently
adopted by many other system components which would make it instantly
familiar and parseable by many tools. This would be a very simple and
welcome fix.
More complaints here:
https://www.redhat.com/archives/linux-audit/2008-June/msg00009.html
--
John Dennis <jdennis(a)redhat.com>
Attachments:
- attachment.html (text/html — 2.2 KB)