github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-31 14:20:04 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(falco): use a header file for rule json schema

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra
2024-09-13 15:20:16 +00:00
committed by poiana
parent ed4fb33981
commit 037d7f9b36
4 changed files with 176 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
userspace/engine/falco_engine.cpp
View File

@@ -45,9 +45,9 @@ limitations under the License.
#include "evttype_index_ruleset.h"
const std::string falco_engine::s_default_ruleset = "falco-default-ruleset";
#include "rule_json_schema.h"
static const std::string rule_schema_string = R"({"$schema":"http://json-schema.org/draft-06/schema#","type":"array","items":{"$ref":"#/definitions/FalcoRule"},"definitions":{"FalcoRule":{"type":"object","additionalProperties":false,"properties":{"required_engine_version":{"type":"string"},"macro":{"type":"string"},"condition":{"type":"string"},"list":{"type":"string"},"items":{"type":"array","items":{"$ref":"#/definitions/Item"}},"rule":{"type":"string"},"desc":{"type":"string"},"enabled":{"type":"boolean"},"output":{"type":"string"},"append":{"type":"boolean"},"priority":{"$ref":"#/definitions/Priority"},"exceptions":{"type":"array","items":{"$ref":"#/definitions/Exception"}},"override":{"$ref":"#/definitions/Override"},"tags":{"type":"array","items":{"type":"string"}}},"required":[],"title":"FalcoRule"},"Item":{"anyOf":[{"type":"integer"},{"type":"string"}],"title":"Item"},"Exception":{"type":"object","additionalProperties":false,"properties":{"name":{"type":"string"},"fields":{},"comps":{},"values":{}},"required":["name","values"],"title":"Exception"},"Priority":{"type":"string","enum":["EMERGENCY","ALERT","CRITICAL","ERROR","WARNING","NOTICE","INFO","INFORMATIONAL","DEBUG"],"title":"Priority"},"OverriddenItem":{"type":"string","enum":["append","replace"],"title":"Priority"},"Override":{"type":"object","additionalProperties":false,"properties":{"items":{"$ref":"#/definitions/OverriddenItem"},"desc":{"$ref":"#/definitions/OverriddenItem"},"condition":{"$ref":"#/definitions/OverriddenItem"},"output":{"$ref":"#/definitions/OverriddenItem"},"priority":{"$ref":"#/definitions/OverriddenItem"},"enabled":{"$ref":"#/definitions/OverriddenItem"},"exceptions":{"$ref":"#/definitions/OverriddenItem"}},"minProperties":1,"title":"Override"}}})";
const std::string falco_engine::s_default_ruleset = "falco-default-ruleset";
using namespace falco;

173
userspace/engine/rule_json_schema.h Normal file
View File

@@ -0,0 +1,173 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2024 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#pragma once
#define LONG_STRING_CONST(...) #__VA_ARGS__
const char rule_schema_string[] = LONG_STRING_CONST(
{
"$schema": "http://json-schema.org/draft-06/schema#",
"type": "array",
"items": {
"$ref": "#/definitions/FalcoRule"
},
"definitions": {
"FalcoRule": {
"type": "object",
"additionalProperties": false,
"properties": {
"required_engine_version": {
"type": "string"
},
"macro": {
"type": "string"
},
"condition": {
"type": "string"
},
"list": {
"type": "string"
},
"items": {
"type": "array",
"items": {
"$ref": "#/definitions/Item"
}
},
"rule": {
"type": "string"
},
"desc": {
"type": "string"
},
"enabled": {
"type": "boolean"
},
"output": {
"type": "string"
},
"append": {
"type": "boolean"
},
"priority": {
"$ref": "#/definitions/Priority"
},
"exceptions": {
"type": "array",
"items": {
"$ref": "#/definitions/Exception"
}
},
"override": {
"$ref": "#/definitions/Override"
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [],
"title": "FalcoRule"
},
"Item": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"title": "Item"
},
"Exception": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"fields": {},
"comps": {},
"values": {}
},
"required": [
"name",
"values"
],
"title": "Exception"
},
"Priority": {
"type": "string",
"enum": [
"EMERGENCY",
"ALERT",
"CRITICAL",
"ERROR",
"WARNING",
"NOTICE",
"INFO",
"INFORMATIONAL",
"DEBUG"
],
"title": "Priority"
},
"OverriddenItem": {
"type": "string",
"enum": [
"append",
"replace"
],
"title": "Priority"
},
"Override": {
"type": "object",
"additionalProperties": false,
"properties": {
"items": {
"$ref": "#/definitions/OverriddenItem"
},
"desc": {
"$ref": "#/definitions/OverriddenItem"
},
"condition": {
"$ref": "#/definitions/OverriddenItem"
},
"output": {
"$ref": "#/definitions/OverriddenItem"
},
"priority": {
"$ref": "#/definitions/OverriddenItem"
},
"enabled": {
"$ref": "#/definitions/OverriddenItem"
},
"exceptions": {
"$ref": "#/definitions/OverriddenItem"
}
},
"minProperties": 1,
"title": "Override"
}
}
}
); // LONG_STRING_CONST macro

0
userspace/falco/json_schema.h → userspace/falco/config_json_schema.h
View File

2
userspace/falco/configuration.cpp
View File

@@ -36,7 +36,7 @@ limitations under the License.
#include "configuration.h"
#include "logger.h"
#include "json_schema.h"
#include "config_json_schema.h"
#include <re2/re2.h>