diff --git a/userspace/engine/formats.cpp b/userspace/engine/formats.cpp index 65f83744..254e77a3 100644 --- a/userspace/engine/formats.cpp +++ b/userspace/engine/formats.cpp @@ -20,24 +20,19 @@ limitations under the License. #include "falco_engine.h" #include "banned.h" // This raises a compilation error when certain functions are used - -sinsp* falco_formats::s_inspector = NULL; +sinsp *falco_formats::s_inspector = NULL; falco_engine *falco_formats::s_engine = NULL; bool falco_formats::s_json_output = false; bool falco_formats::s_json_include_output_property = true; sinsp_evt_formatter_cache *falco_formats::s_formatters = NULL; -const static struct luaL_reg ll_falco [] = -{ - {"formatter", &falco_formats::formatter}, - {"free_formatter", &falco_formats::free_formatter}, - {"free_formatters", &falco_formats::free_formatters_lua}, - {"format_event", &falco_formats::format_event_lua}, - {"resolve_tokens", &falco_formats::resolve_tokens_lua}, - {NULL,NULL} -}; +const static struct luaL_reg ll_falco[] = + { + {"formatter", &falco_formats::lua_formatter}, + {"free_formatter", &falco_formats::lua_free_formatter}, + {NULL, NULL}}; -void falco_formats::init(sinsp* inspector, +void falco_formats::init(sinsp *inspector, falco_engine *engine, lua_State *ls, bool json_output, @@ -55,7 +50,7 @@ void falco_formats::init(sinsp* inspector, luaL_openlib(ls, "formats", ll_falco, 0); } -int falco_formats::formatter(lua_State *ls) +int falco_formats::lua_formatter(lua_State *ls) { string source = luaL_checkstring(ls, -2); string format = luaL_checkstring(ls, -1); @@ -64,7 +59,7 @@ int falco_formats::formatter(lua_State *ls) { if(source == "syscall") { - sinsp_evt_formatter* formatter; + sinsp_evt_formatter *formatter; formatter = new sinsp_evt_formatter(s_inspector, format); lua_pushlightuserdata(ls, formatter); } @@ -75,11 +70,11 @@ int falco_formats::formatter(lua_State *ls) lua_pushlightuserdata(ls, formatter); } } - catch(sinsp_exception& e) + catch(sinsp_exception &e) { luaL_error(ls, "Invalid output format '%s': '%s'", format.c_str(), e.what()); } - catch(falco_exception& e) + catch(falco_exception &e) { luaL_error(ls, "Invalid output format '%s': '%s'", format.c_str(), e.what()); } @@ -87,10 +82,10 @@ int falco_formats::formatter(lua_State *ls) return 1; } -int falco_formats::free_formatter(lua_State *ls) +int falco_formats::lua_free_formatter(lua_State *ls) { - if (!lua_islightuserdata(ls, -1) || - !lua_isstring(ls, -2)) + if(!lua_islightuserdata(ls, -1) || + !lua_isstring(ls, -2)) { luaL_error(ls, "Invalid argument passed to free_formatter"); @@ -100,12 +95,12 @@ int falco_formats::free_formatter(lua_State *ls) if(source == "syscall") { - sinsp_evt_formatter *formatter = (sinsp_evt_formatter *) lua_topointer(ls, -1); + sinsp_evt_formatter *formatter = (sinsp_evt_formatter *)lua_topointer(ls, -1); delete(formatter); } else { - json_event_formatter *formatter = (json_event_formatter *) lua_topointer(ls, -1); + json_event_formatter *formatter = (json_event_formatter *)lua_topointer(ls, -1); delete(formatter); } @@ -121,14 +116,8 @@ void falco_formats::free_formatters() } } -int falco_formats::free_formatters_lua(lua_State *ls) -{ - free_formatters(); - return 0; -} - -string falco_formats::format_event(const gen_event* evt, const std::string &rule, const std::string &source, - const std::string &level, const std::string &format) +string falco_formats::format_event(const gen_event *evt, const std::string &rule, const std::string &source, + const std::string &level, const std::string &format) { string line; @@ -138,37 +127,37 @@ string falco_formats::format_event(const gen_event* evt, const std::string &rule if(strcmp(source.c_str(), "syscall") == 0) { // This is "output" - s_formatters->tostring((sinsp_evt *) evt, sformat, &line); + s_formatters->tostring((sinsp_evt *)evt, sformat, &line); if(s_json_output) { sinsp_evt::param_fmt cur_fmt = s_inspector->get_buffer_format(); switch(cur_fmt) { - case sinsp_evt::PF_NORMAL: - s_inspector->set_buffer_format(sinsp_evt::PF_JSON); - break; - case sinsp_evt::PF_EOLS: - s_inspector->set_buffer_format(sinsp_evt::PF_JSONEOLS); - break; - case sinsp_evt::PF_HEX: - s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEX); - break; - case sinsp_evt::PF_HEXASCII: - s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEXASCII); - break; - case sinsp_evt::PF_BASE64: - s_inspector->set_buffer_format(sinsp_evt::PF_JSONBASE64); - break; - default: - // do nothing - break; + case sinsp_evt::PF_NORMAL: + s_inspector->set_buffer_format(sinsp_evt::PF_JSON); + break; + case sinsp_evt::PF_EOLS: + s_inspector->set_buffer_format(sinsp_evt::PF_JSONEOLS); + break; + case sinsp_evt::PF_HEX: + s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEX); + break; + case sinsp_evt::PF_HEXASCII: + s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEXASCII); + break; + case sinsp_evt::PF_BASE64: + s_inspector->set_buffer_format(sinsp_evt::PF_JSONBASE64); + break; + default: + // do nothing + break; } // This is output fields - s_formatters->tostring((sinsp_evt *) evt, sformat, &json_line); + s_formatters->tostring((sinsp_evt *)evt, sformat, &json_line); // The formatted string might have a leading newline. If it does, remove it. - if (json_line[0] == '\n') + if(json_line[0] == '\n') { json_line.erase(0, 1); } @@ -179,11 +168,11 @@ string falco_formats::format_event(const gen_event* evt, const std::string &rule { json_event_formatter formatter(s_engine->json_factory(), sformat); - line = formatter.tostring((json_event *) evt); + line = formatter.tostring((json_event *)evt); if(s_json_output) { - json_line = formatter.tojson((json_event *) evt); + json_line = formatter.tojson((json_event *)evt); } } @@ -192,15 +181,16 @@ string falco_formats::format_event(const gen_event* evt, const std::string &rule // message as well as the event time in ns. Use this to build // a more detailed object containing the event time, rule, // severity, full output, and fields. - if (s_json_output) { + if(s_json_output) + { Json::Value event; Json::FastWriter writer; string full_line; // Convert the time-as-nanoseconds to a more json-friendly ISO8601. - time_t evttime = evt->get_ts()/1000000000; + time_t evttime = evt->get_ts() / 1000000000; char time_sec[20]; // sizeof "YYYY-MM-DDTHH:MM:SS" - char time_ns[12]; // sizeof ".sssssssssZ" + char time_ns[12]; // sizeof ".sssssssssZ" string iso8601evttime; strftime(time_sec, sizeof(time_sec), "%FT%T", gmtime(&evttime)); @@ -221,9 +211,9 @@ string falco_formats::format_event(const gen_event* evt, const std::string &rule // Json::FastWriter may add a trailing newline. If it // does, remove it. - if (full_line[full_line.length()-1] == '\n') + if(full_line[full_line.length() - 1] == '\n') { - full_line.resize(full_line.length()-1); + full_line.resize(full_line.length() - 1); } // Cheat-graft the output from the formatter into this @@ -239,42 +229,7 @@ string falco_formats::format_event(const gen_event* evt, const std::string &rule return line.c_str(); } -int falco_formats::format_event_lua(lua_State *ls) -{ - string line; - string json_line; - - if (!lua_isstring(ls, -1) || - !lua_isstring(ls, -2) || - !lua_isstring(ls, -3) || - !lua_isstring(ls, -4) || - !lua_islightuserdata(ls, -5)) { - lua_pushstring(ls, "Invalid arguments passed to format_event()"); - lua_error(ls); - } - gen_event* evt = (gen_event*)lua_topointer(ls, 1); - const char *rule = (char *) lua_tostring(ls, 2); - const char *source = (char *) lua_tostring(ls, 3); - const char *level = (char *) lua_tostring(ls, 4); - const char *format = (char *) lua_tostring(ls, 5); - - string sformat = format; - - try { - line = format_event(evt, rule, source, level, format); - } - catch (sinsp_exception& e) - { - string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'"; - lua_pushstring(ls, err.c_str()); - lua_error(ls); - } - - lua_pushstring(ls, line.c_str()); - return 1; -} - -map falco_formats::resolve_tokens(const gen_event* evt, const std::string &source, const std::string &format) +map falco_formats::resolve_tokens(const gen_event *evt, const std::string &source, const std::string &format) { string sformat = format; map values; @@ -286,37 +241,7 @@ map falco_formats::resolve_tokens(const gen_event* evt, const st else { json_event_formatter json_formatter(s_engine->json_factory(), sformat); - values = json_formatter.tomap((json_event*) evt); + values = json_formatter.tomap((json_event *)evt); } return values; } - - -int falco_formats::resolve_tokens_lua(lua_State *ls) -{ - if(!lua_isstring(ls, -1) || - !lua_isstring(ls, -2) || - !lua_islightuserdata(ls, -3)) - { - lua_pushstring(ls, "Invalid arguments passed to resolve_tokens()"); - lua_error(ls); - } - gen_event *evt = (gen_event *)lua_topointer(ls, 1); - string source = luaL_checkstring(ls, 2); - const char *format = (char *)lua_tostring(ls, 3); - string sformat = format; - - map values; - - values = resolve_tokens(evt, source, sformat); - - lua_newtable(ls); - for(auto const& v : values) - { - lua_pushstring(ls, v.first.c_str()); - lua_pushstring(ls, v.second.c_str()); - lua_settable(ls, -3); - } - - return 1; -} diff --git a/userspace/engine/formats.h b/userspace/engine/formats.h index 18c845f7..37f867e5 100644 --- a/userspace/engine/formats.h +++ b/userspace/engine/formats.h @@ -18,7 +18,8 @@ limitations under the License. #include "sinsp.h" -extern "C" { +extern "C" +{ #include "lua.h" #include "lualib.h" #include "lauxlib.h" @@ -31,37 +32,28 @@ class sinsp_evt_formatter; class falco_formats { - public: - static void init(sinsp* inspector, +public: + static void init(sinsp *inspector, falco_engine *engine, lua_State *ls, bool json_output, bool json_include_output_property); // formatter = falco.formatter(format_string) - static int formatter(lua_State *ls); + static int lua_formatter(lua_State *ls); // falco.free_formatter(formatter) - static int free_formatter(lua_State *ls); + static int lua_free_formatter(lua_State *ls); static void free_formatters(); - // falco.free_formatters() - static int free_formatters_lua(lua_State *ls); + static string format_event(const gen_event *evt, const std::string &rule, const std::string &source, + const std::string &level, const std::string &format); - static string format_event(const gen_event* evt, const std::string &rule, const std::string &source, - const std::string &level, const std::string &format); + static map resolve_tokens(const gen_event *evt, const std::string &source, + const std::string &format); - // formatted_string = falco.format_event(evt, formatter) - static int format_event_lua(lua_State *ls); - - static map resolve_tokens(const gen_event* evt, const std::string &source, - const std::string &format); - - // resolve_tokens = falco.resolve_tokens(evt, formatter) - static int resolve_tokens_lua(lua_State *ls); - - static sinsp* s_inspector; + static sinsp *s_inspector; static falco_engine *s_engine; static sinsp_evt_formatter_cache *s_formatters; static bool s_json_output;