Added rule extras (#442)

Signed-off-by: Afek Berger <[email protected]>

pkg/ruleengine/v1/r0006_unexpected_service_account_token_access.go

@@ -168,6 +168,7 @@ func (rule *R0006UnexpectedServiceAccountTokenAccess) ProcessEvent(eventType uti
 			PodLabels: openEvent.K8s.PodLabels,
 		},
 		RuleID: rule.ID(),
+		Extra:  convertedEvent.GetExtra(),
 	}
 }
 

pkg/ruleengine/v1/r1005_fileless_execution.go

@@ -107,6 +107,7 @@ func (rule *R1005FilelessExecution) handleExecveEvent(execEvent *events.ExecEven
 				PodLabels: execEvent.K8s.PodLabels,
 			},
 			RuleID: rule.ID(),
+			Extra:  execEvent.GetExtra(),
 		}
 
 		return &ruleFailure

pkg/ruleengine/v1/r1011_ld_preload_hook.go

@@ -90,7 +90,7 @@ func (rule *R1011LdPreloadHook) ProcessEvent(eventType utils.EventType, event ut
 			return nil
 		}
 
-		return rule.ruleFailureOpenEvent(&openEvent.Event)
+		return rule.ruleFailureOpenEvent(&openEvent.Event, openEvent.GetExtra())
 	}
 
 	return nil
@@ -165,12 +165,13 @@ func (rule *R1011LdPreloadHook) ruleFailureExecEvent(execEvent *events.ExecEvent
 			PodLabels: execEvent.K8s.PodLabels,
 		},
 		RuleID: rule.ID(),
+		Extra:  execEvent.GetExtra(),
 	}
 
 	return &ruleFailure
 }
 
-func (rule *R1011LdPreloadHook) ruleFailureOpenEvent(openEvent *traceropentype.Event) ruleengine.RuleFailure {
+func (rule *R1011LdPreloadHook) ruleFailureOpenEvent(openEvent *traceropentype.Event, extra interface{}) ruleengine.RuleFailure {
 	ruleFailure := GenericRuleFailure{
 		BaseRuntimeAlert: apitypes.BaseRuntimeAlert{
 			AlertName: rule.Name(),
@@ -199,6 +200,7 @@ func (rule *R1011LdPreloadHook) ruleFailureOpenEvent(openEvent *traceropentype.E
 			PodLabels: openEvent.K8s.PodLabels,
 		},
 		RuleID: rule.ID(),
+		Extra:  extra,
 	}
 
 	return &ruleFailure