github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-06 01:00:36 +00:00
Code Issues Projects Releases Wiki Activity

Use enums for rules content item type

Browse Source 
Use an enum instead of a string for the item_type aka "parts of a
rules file" field of contexts.

The set of values is mostly defined by the contexts that were already
created. There are a couple of forward-looking values for rule
outputs/macro conditions/etc. that may be useful for later.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm
2022-08-22 16:15:48 -07:00
committed by poiana
parent 7a5a4c32ee
commit 0f45cf49db
3 changed files with 99 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
userspace/engine/rule_loader.h
View File

@@ -33,9 +33,40 @@ limitations under the License.
class rule_loader
{
public:
class context
{
public:
// The kinds of items that can be in rules
// content. These generally map to yaml items but a
// few are more specific (e.g. "within condition
// expression", "value for yaml node", etc.)
enum item_type {
VALUE_FOR = 0,
EXCEPTIONS,
EXCEPTION,
EXCEPTION_VALUES,
EXCEPTION_VALUE,
RULES_CONTENT,
RULES_CONTENT_ITEM,
REQUIRED_ENGINE_VERSION,
REQUIRED_PLUGIN_VERSIONS,
REQUIRED_PLUGIN_VERSIONS_ENTRY,
REQUIRED_PLUGIN_VERSIONS_ALTERNATIVE,
LIST,
LIST_ITEM,
MACRO,
MACRO_CONDITION,
RULE,
RULE_CONDITION,
CONDITION_EXPRESSION,
RULE_OUTPUT,
RULE_OUTPUT_EXPRESSION,
RULE_PRIORITY
};
static const std::string& item_type_as_string(enum item_type it);
static const size_t default_snippet_width = 160;
struct position
@@ -61,7 +92,7 @@ public:
// The kind of item at this location
// (e.g. "list", "macro", "rule", "exception", etc)
std::string item_type;
context::item_type item_type;
// The name of this item (e.g. "Write Below Etc",
// etc).
@@ -70,7 +101,7 @@ public:
context(const std::string& name);
context(const YAML::Node& item,
const std::string item_type,
item_type item_type,
const std::string item_name,
const context& parent);
@@ -106,7 +137,7 @@ public:
private:
void init(const std::string& name,
const position& pos,
const std::string item_type,
const item_type item_type,
const std::string item_name,
const context& parent);