github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 23:27:20 +00:00
Code Issues Projects Releases Wiki Activity

refactor(userspace): sync falco codebase to new falco_common definitions

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-04-11 10:12:08 +00:00 committed by poiana
parent 55ec8c0e1b
commit 06b6565fa6
5 changed files with 13 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
userspace/engine/stats_manager.cpp
View File

@ -38,7 +38,8 @@ void stats_manager::format(
{ {
if (m_by_priority[i] > 0) if (m_by_priority[i] > 0)
{ {
falco_common::format_priority((falco_common::priority_type) i, fmt); falco_common::format_priority(
(falco_common::priority_type) i, fmt, true);
transform(fmt.begin(), fmt.end(), fmt.begin(), ::toupper); transform(fmt.begin(), fmt.end(), fmt.begin(), ::toupper);
out += " " + fmt; out += " " + fmt;
out += ": " + to_string(m_by_priority[i]) + "\n"; out += ": " + to_string(m_by_priority[i]) + "\n";

9
userspace/falco/configuration.cpp
View File

@ -190,17 +190,10 @@ void falco_configuration::init(string conf_filename, const vector<string> &cmdli
m_notifications_max_burst = m_config->get_scalar<uint32_t>("outputs.max_burst", 1000); m_notifications_max_burst = m_config->get_scalar<uint32_t>("outputs.max_burst", 1000);
string priority = m_config->get_scalar<string>("priority", "debug"); string priority = m_config->get_scalar<string>("priority", "debug");
vector<string>::iterator it; if (!falco_common::parse_priority(priority, m_min_priority))
auto comp = [priority](string &s) {
return (strcasecmp(s.c_str(), priority.c_str()) == 0);
};
if((it = std::find_if(falco_common::priority_names.begin(), falco_common::priority_names.end(), comp)) == falco_common::priority_names.end())
{ {
throw logic_error("Unknown priority \"" + priority + "\"--must be one of emergency, alert, critical, error, warning, notice, informational, debug"); throw logic_error("Unknown priority \"" + priority + "\"--must be one of emergency, alert, critical, error, warning, notice, informational, debug");
} }
m_min_priority = (falco_common::priority_type)(it - falco_common::priority_names.begin());
m_buffered_outputs = m_config->get_scalar<bool>("buffered_outputs", false); m_buffered_outputs = m_config->get_scalar<bool>("buffered_outputs", false);
m_time_format_iso_8601 = m_config->get_scalar<bool>("time_format_iso_8601", false); m_time_format_iso_8601 = m_config->get_scalar<bool>("time_format_iso_8601", false);

2
userspace/falco/falco.cpp
View File

@ -61,7 +61,7 @@ bool g_reopen_outputs = false;
bool g_restart = false; bool g_restart = false;
bool g_daemonized = false; bool g_daemonized = false;
static std::string syscall_source = "syscall"; static std::string syscall_source = falco_common::syscall_source;
static std::size_t syscall_source_idx; static std::size_t syscall_source_idx;
static std::string k8s_audit_source = "k8s_audit"; static std::string k8s_audit_source = "k8s_audit";
static std::size_t k8s_audit_source_idx; static std::size_t k8s_audit_source_idx;

15
userspace/falco/falco_outputs.cpp
View File

@ -159,24 +159,25 @@ void falco_outputs::handle_event(gen_event *evt, string &rule, string &source,
{ {
if(m_time_format_iso_8601) if(m_time_format_iso_8601)
{ {
sformat = "*%evt.time.iso8601: " + falco_common::priority_names[priority]; sformat = "*%evt.time.iso8601: ";
} }
else else
{ {
sformat = "*%evt.time: " + falco_common::priority_names[priority]; sformat = "*%evt.time: ";
} }
} }
else else
{ {
if(m_time_format_iso_8601) if(m_time_format_iso_8601)
{ {
sformat = "*%jevt.time.iso8601: " + falco_common::priority_names[priority]; sformat = "*%jevt.time.iso8601: ";
} }
else else
{ {
sformat = "*%jevt.time: " + falco_common::priority_names[priority]; sformat = "*%jevt.time: ";
} }
} }
sformat += falco_common::format_priority(priority);
// if format starts with a *, remove it, as we added our own prefix // if format starts with a *, remove it, as we added our own prefix
if(format[0] == '*') if(format[0] == '*')
@ -188,7 +189,7 @@ void falco_outputs::handle_event(gen_event *evt, string &rule, string &source,
sformat += " " + format; sformat += " " + format;
} }
cmsg.msg = m_formats->format_event(evt, rule, source, falco_common::priority_names[priority], sformat, tags); cmsg.msg = m_formats->format_event(evt, rule, source, falco_common::format_priority(priority), sformat, tags);
cmsg.fields = m_formats->get_field_values(evt, source, sformat); cmsg.fields = m_formats->get_field_values(evt, source, sformat);
cmsg.tags.insert(tags.begin(), tags.end()); cmsg.tags.insert(tags.begin(), tags.end());
@ -225,7 +226,7 @@ void falco_outputs::handle_msg(uint64_t ts,
iso8601evttime += time_ns; iso8601evttime += time_ns;
jmsg["output"] = msg; jmsg["output"] = msg;
jmsg["priority"] = falco_common::priority_names[priority]; jmsg["priority"] = falco_common::format_priority(priority);
jmsg["rule"] = rule; jmsg["rule"] = rule;
jmsg["time"] = iso8601evttime; jmsg["time"] = iso8601evttime;
jmsg["output_fields"] = output_fields; jmsg["output_fields"] = output_fields;
@ -238,7 +239,7 @@ void falco_outputs::handle_msg(uint64_t ts,
bool first = true; bool first = true;
sinsp_utils::ts_to_string(ts, &timestr, false, true); sinsp_utils::ts_to_string(ts, &timestr, false, true);
cmsg.msg = timestr + ": " + falco_common::priority_names[priority] + " " + msg + " ("; cmsg.msg = timestr + ": " + falco_common::format_priority(priority) + " " + msg + " (";
for(auto &pair : output_fields) for(auto &pair : output_fields)
{ {
if(first) if(first)

2
userspace/falco/outputs_grpc.cpp
View File

@ -67,7 +67,7 @@ void falco::outputs::output_grpc::output(const message *msg)
// priority // priority
falco::schema::priority p = falco::schema::priority::EMERGENCY; falco::schema::priority p = falco::schema::priority::EMERGENCY;
if(!falco::schema::priority_Parse(falco_common::priority_names[msg->priority], &p)) if(!falco::schema::priority_Parse(falco_common::format_priority(msg->priority), &p))
{ {
throw falco_exception("Unknown priority passed to output_grpc::output()"); throw falco_exception("Unknown priority passed to output_grpc::output()");
} }