fix: name some fields better

secDre4mer · secDre4mer · commit 52a2a97bfe74 · 2025-11-10T11:18:36.000+01:00
diff --git a/thorlog/v3/event_test.go b/thorlog/v3/event_test.go
@@ -134,7 +134,7 @@ func TestFinding_UnmarshalJSON(t *testing.T) {
 }
 
 func TestFinding_UnmarshalIssue(t *testing.T) {
-	finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"Unix permissions","owner":"root","group":"root","permissions":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
+	finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"Unix permissions","owner":"root","group":"root","mask":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
 	var findingObj Finding
 	if err := json.Unmarshal([]byte(finding), &findingObj); err != nil {
 		t.Fatalf("Failed to unmarshal finding: %v", err)
diff --git a/thorlog/v3/permissions.go b/thorlog/v3/permissions.go
@@ -28,7 +28,7 @@ type UnixPermissions struct {
 
 	Owner string         `json:"owner" textlog:"owner"` // FIXME: Could explicitly include name / UID
 	Group string         `json:"group" textlog:"group"` // FIXME: Could explicitly include name / GID
-	Mask  PermissionMask `json:"permissions" textlog:"permissions"`
+	Mask  PermissionMask `json:"mask" textlog:"permissions"`
 }
 
 func (p UnixPermissions) String() string {
@@ -88,7 +88,7 @@ type WindowsPermissions struct {
 	LogObjectHeader
 
 	Owner       string     `json:"owner" textlog:"owner"` // FIXME: Could include information like the original SID
-	Permissions AclEntries `json:"permissions" textlog:"permissions" jsonschema:"nullable"`
+	Permissions AclEntries `json:"acl" textlog:"permissions" jsonschema:"nullable"`
 }
 
 func (p WindowsPermissions) String() string {
diff --git a/thorlog/v3/reason.go b/thorlog/v3/reason.go
@@ -44,9 +44,9 @@ type Signature struct {
 	// a likely false positive (which results in a score reduction on any related
 	// finding).
 	Score int64 `json:"score" textlog:"subscore"`
-	// Ref contains a reference (usually in form of a link) for further information about
+	// Ref contains references (usually as links) for further information about
 	// the threat that is detected by this signature.
-	Ref StringList `json:"ref" textlog:"ref" jsonschema:"nullable"`
+	Ref StringList `json:"reference" textlog:"ref" jsonschema:"nullable"`
 	// Type indicates whether a signature was part of THOR's built in signature set
 	// or whether it was a custom signature provided by the user.
 	Type Sigtype `json:"origin" textlog:"sigtype"`

Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@ func TestFinding_UnmarshalJSON(t *testing.T) {`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`func TestFinding_UnmarshalIssue(t *testing.T) {`
`137`		- finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"Unix permissions","owner":"root","group":"root","permissions":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
	`137`	+ finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"Unix permissions","owner":"root","group":"root","mask":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
`138`	`138`	`var findingObj Finding`
`139`	`139`	`if err := json.Unmarshal([]byte(finding), &findingObj); err != nil {`
`140`	`140`	`t.Fatalf("Failed to unmarshal finding: %v", err)`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ type UnixPermissions struct {`
`28`	`28`
`29`	`29`	Owner string `json:"owner" textlog:"owner"` // FIXME: Could explicitly include name / UID
`30`	`30`	Group string `json:"group" textlog:"group"` // FIXME: Could explicitly include name / GID
`31`		- Mask PermissionMask `json:"permissions" textlog:"permissions"`
	`31`	+ Mask PermissionMask `json:"mask" textlog:"permissions"`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`func (p UnixPermissions) String() string {`
`@@ -88,7 +88,7 @@ type WindowsPermissions struct {`
`88`	`88`	`LogObjectHeader`
`89`	`89`
`90`	`90`	Owner string `json:"owner" textlog:"owner"` // FIXME: Could include information like the original SID
`91`		- Permissions AclEntries `json:"permissions" textlog:"permissions" jsonschema:"nullable"`
	`91`	+ Permissions AclEntries `json:"acl" textlog:"permissions" jsonschema:"nullable"`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`func (p WindowsPermissions) String() string {`