github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-19 17:14:26 +00:00
Code Issues Projects Releases Wiki Activity

Use well-defined object keys

Browse Source 
Instead of oveloading the exception item name as the key of the object,
just have a flat array of object with a name property.

A bit more verbose, but makes it easier to understand what the schema is.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm
2020-10-02 10:35:30 -07:00
committed by poiana
parent 8831c7f3c7
commit 1916314583
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
proposals/20200828-structured-exception-handling.md
View File

@@ -142,10 +142,10 @@ To address some of these problems, we will add the notion of Exceptions as top l
and not python_running_ms_oms and not python_running_ms_oms
and not user_known_write_below_binary_dir_activities and not user_known_write_below_binary_dir_activities
exceptions: exceptions:
- proc_writer: - name: proc_writer
- fields: [proc.name, fd.directory] fields: [proc.name, fd.directory]
- container_writer: - name: container_writer
- fields: [container.image.repository, fd.directory] fields: [container.image.repository, fd.directory]
comps: [=, startswith] comps: [=, startswith]
``` ```
@@ -160,10 +160,12 @@ We'll add a new object exception that defines exceptions to a rule:
``` ```
- exception: Write below binary dir - exception: Write below binary dir
items: items:
- proc_writer: - name: proc_writer
values:
- [apk, /usr/lib/alpine] - [apk, /usr/lib/alpine]
- [npm, /usr/node/bin] - [npm, /usr/node/bin]
- container_writer: - name: container_writer
values:
- [docker.io/alpine, /usr/libexec/alpine] - [docker.io/alpine, /usr/libexec/alpine]
``` ```