From 5b8f456dae7bee30450556fe48f948fb731fc1a3 Mon Sep 17 00:00:00 2001
From: Yaniv Agman <yanivagman@gmail.com>
Date: Tue, 24 Dec 2024 15:38:49 +0200
Subject: [PATCH] Revert "feat(helpers): unparsed flag helpers"

This reverts commit 4d5e47de02ff2e1214db1a167e38ba50dd7aa98c.
---
 signatures/helpers/go.mod     |  7 +------
 signatures/helpers/go.sum     | 16 ++++++----------
 signatures/helpers/helpers.go | 13 ++++++-------
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/signatures/helpers/go.mod b/signatures/helpers/go.mod
index 6eec45116e7b..80d479054c46 100644
--- a/signatures/helpers/go.mod
+++ b/signatures/helpers/go.mod
@@ -4,9 +4,4 @@ go 1.22.0
 
 toolchain go1.22.4
 
-require (
-	github.com/aquasecurity/tracee v0.22.2
-	github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863
-)
-
-require golang.org/x/sys v0.21.0 // indirect
+require github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863
diff --git a/signatures/helpers/go.sum b/signatures/helpers/go.sum
index d17799bdcdea..c75b3133860a 100644
--- a/signatures/helpers/go.sum
+++ b/signatures/helpers/go.sum
@@ -1,14 +1,10 @@
-github.com/aquasecurity/tracee v0.22.2 h1:YRUQmGZBMHEaIGEVzokAdvQc/r7b0e0102wzzn5tc5c=
-github.com/aquasecurity/tracee v0.22.2/go.mod h1:H5WZzjnNDmgaa4GRJjZUYvQ/QU93iXrMx0RIp+Ol+F0=
 github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863 h1:domVTTQICTuCvX+ZW5EjvdUBz8EH7FedBj5lRqwpgf4=
 github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863/go.mod h1:Jwh9OOuiMHXDoGQY12N9ls5YB+j1FlRcXvFMvh1CmIU=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/signatures/helpers/helpers.go b/signatures/helpers/helpers.go
index 4cf30ea0beac..ea53851d08af 100644
--- a/signatures/helpers/helpers.go
+++ b/signatures/helpers/helpers.go
@@ -4,15 +4,14 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/aquasecurity/tracee/pkg/events/parsers"
 	"github.com/aquasecurity/tracee/types/trace"
 )
 
 // IsFileWrite returns whether the passed file permissions string contains
 // o_wronly or o_rdwr
-func IsFileWrite(flags int) bool {
-	accessMode := uint64(flags) & parsers.O_ACCMODE.Value()
-	if accessMode == parsers.O_WRONLY.Value() || accessMode == parsers.O_RDWR.Value() {
+func IsFileWrite(flags string) bool {
+	flagsLow := strings.ToLower(flags)
+	if strings.Contains(flagsLow, "o_wronly") || strings.Contains(flagsLow, "o_rdwr") {
 		return true
 	}
 	return false
@@ -20,9 +19,9 @@ func IsFileWrite(flags int) bool {
 
 // IsFileRead returns whether the passed file permissions string contains
 // o_rdonly or o_rdwr
-func IsFileRead(flags int) bool {
-	accessMode := uint64(flags) & parsers.O_ACCMODE.Value()
-	if accessMode == parsers.O_RDONLY.Value() || accessMode == parsers.O_RDWR.Value() {
+func IsFileRead(flags string) bool {
+	flagsLow := strings.ToLower(flags)
+	if strings.Contains(flagsLow, "o_rdonly") || strings.Contains(flagsLow, "o_rdwr") {
 		return true
 	}
 	return false