diff --git a/userspace/engine/banned.h b/userspace/engine/banned.h new file mode 100644 index 00000000..21dfdb2c --- /dev/null +++ b/userspace/engine/banned.h @@ -0,0 +1,25 @@ +/* +Copyright (C) 2019 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#pragma once + +// BAN macro defines `function` as an invalid token that says using +// the function is banned. This throws a compile time error when the +// function is used. +#define BAN(function) using_##function##_is_banned + +#undef strcpy +#define strcpy(a, b) BAN(strcpy) diff --git a/userspace/engine/falco_common.cpp b/userspace/engine/falco_common.cpp index 810066a0..f8cbeb98 100644 --- a/userspace/engine/falco_common.cpp +++ b/userspace/engine/falco_common.cpp @@ -18,6 +18,7 @@ limitations under the License. #include "config_falco_engine.h" #include "falco_common.h" +#include "banned.h" std::vector falco_common::priority_names = { "Emergency", @@ -117,4 +118,3 @@ void falco_common::add_lua_path(string &path) lua_pop(m_ls, 1); } - diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index b8a9adda..aa298a7e 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -32,6 +32,7 @@ extern "C" { } #include "utils.h" +#include "banned.h" string lua_on_event = "on_event"; diff --git a/userspace/engine/falco_utils.cpp b/userspace/engine/falco_utils.cpp index dff6fd44..bc0ea08d 100644 --- a/userspace/engine/falco_utils.cpp +++ b/userspace/engine/falco_utils.cpp @@ -18,6 +18,7 @@ limitations under the License. */ #include "falco_utils.h" +#include "banned.h" namespace falco { diff --git a/userspace/engine/formats.cpp b/userspace/engine/formats.cpp index b95a78c2..ca33753d 100644 --- a/userspace/engine/formats.cpp +++ b/userspace/engine/formats.cpp @@ -18,6 +18,7 @@ limitations under the License. #include "formats.h" #include "falco_engine.h" +#include "banned.h" sinsp* falco_formats::s_inspector = NULL; diff --git a/userspace/engine/json_evt.cpp b/userspace/engine/json_evt.cpp index a15d2114..5e2de857 100644 --- a/userspace/engine/json_evt.cpp +++ b/userspace/engine/json_evt.cpp @@ -21,6 +21,7 @@ limitations under the License. #include "falco_common.h" #include "json_evt.h" +#include "banned.h" using json = nlohmann::json; using namespace std; diff --git a/userspace/engine/rules.cpp b/userspace/engine/rules.cpp index 24267069..914fc4f5 100644 --- a/userspace/engine/rules.cpp +++ b/userspace/engine/rules.cpp @@ -24,6 +24,8 @@ extern "C" { } #include "falco_engine.h" +#include "banned.h" + const static struct luaL_reg ll_falco_rules [] = { {"clear_filters", &falco_rules::clear_filters}, @@ -480,4 +482,3 @@ falco_rules::~falco_rules() delete m_sinsp_lua_parser; delete m_json_lua_parser; } - diff --git a/userspace/engine/ruleset.cpp b/userspace/engine/ruleset.cpp index 5d7f9af0..127f9a6f 100644 --- a/userspace/engine/ruleset.cpp +++ b/userspace/engine/ruleset.cpp @@ -15,6 +15,7 @@ limitations under the License. */ #include "ruleset.h" +#include "banned.h" using namespace std; diff --git a/userspace/engine/token_bucket.cpp b/userspace/engine/token_bucket.cpp index 0d676dc4..b6ec1ac2 100644 --- a/userspace/engine/token_bucket.cpp +++ b/userspace/engine/token_bucket.cpp @@ -20,6 +20,7 @@ limitations under the License. #include "token_bucket.h" #include "utils.h" +#include "banned.h" token_bucket::token_bucket(): token_bucket(sinsp_utils::get_current_time_ns) diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 95b36b62..f1f5c30e 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -23,6 +23,7 @@ limitations under the License. #include "configuration.h" #include "logger.h" +#include "banned.h" using namespace std; diff --git a/userspace/falco/event_drops.cpp b/userspace/falco/event_drops.cpp index 5218c061..2f0f9dd0 100644 --- a/userspace/falco/event_drops.cpp +++ b/userspace/falco/event_drops.cpp @@ -15,6 +15,7 @@ limitations under the License. */ #include "event_drops.h" +#include "banned.h" syscall_evt_drop_mgr::syscall_evt_drop_mgr(): m_num_syscall_evt_drops(0), diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 1a0a7861..e4088ae9 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -45,6 +45,7 @@ limitations under the License. #include "statsfilewriter.h" #include "webserver.h" #include "grpc_server.h" +#include "banned.h" typedef function open_t; @@ -895,7 +896,7 @@ int falco_init(int argc, char **argv) printf("%s\n", support.dump().c_str()); goto exit; } - + // read hostname string hostname; if(char* env_hostname = getenv("FALCO_GRPC_HOSTNAME")) diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index d3f1895f..ddc76d44 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -23,6 +23,7 @@ limitations under the License. #include "formats.h" #include "logger.h" #include "falco_output_queue.h" +#include "banned.h" using namespace std; using namespace falco::output; diff --git a/userspace/falco/grpc_context.cpp b/userspace/falco/grpc_context.cpp index 60e47f19..cbf01142 100644 --- a/userspace/falco/grpc_context.cpp +++ b/userspace/falco/grpc_context.cpp @@ -17,6 +17,7 @@ limitations under the License. #include #include "grpc_context.h" +#include "banned.h" falco::grpc::context::context(::grpc::ServerContext* ctx): m_ctx(ctx) diff --git a/userspace/falco/grpc_server.cpp b/userspace/falco/grpc_server.cpp index 34607fba..36eec4d5 100644 --- a/userspace/falco/grpc_server.cpp +++ b/userspace/falco/grpc_server.cpp @@ -24,6 +24,7 @@ limitations under the License. #include "grpc_server.h" #include "grpc_context.h" #include "utils.h" +#include "banned.h" #define REGISTER_STREAM(req, res, svc, rpc, impl, num) \ std::vector> rpc##_contexts(num); \ diff --git a/userspace/falco/grpc_server_impl.cpp b/userspace/falco/grpc_server_impl.cpp index 1e172bf0..861388c9 100644 --- a/userspace/falco/grpc_server_impl.cpp +++ b/userspace/falco/grpc_server_impl.cpp @@ -16,6 +16,7 @@ limitations under the License. #include "grpc_server_impl.h" #include "falco_output_queue.h" +#include "banned.h" bool falco::grpc::server_impl::is_running() { diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp index 770d1929..da4d6cf3 100644 --- a/userspace/falco/logger.cpp +++ b/userspace/falco/logger.cpp @@ -19,6 +19,7 @@ limitations under the License. #include "chisel_api.h" #include "falco_common.h" +#include "banned.h" const static struct luaL_reg ll_falco [] = { @@ -158,5 +159,3 @@ void falco_logger::log(int priority, const string msg) } } } - - diff --git a/userspace/falco/statsfilewriter.cpp b/userspace/falco/statsfilewriter.cpp index dcb7260a..9da61f9f 100644 --- a/userspace/falco/statsfilewriter.cpp +++ b/userspace/falco/statsfilewriter.cpp @@ -18,6 +18,7 @@ limitations under the License. #include #include "statsfilewriter.h" +#include "banned.h" using namespace std; diff --git a/userspace/falco/utils.cpp b/userspace/falco/utils.cpp index 6400729f..af657a96 100644 --- a/userspace/falco/utils.cpp +++ b/userspace/falco/utils.cpp @@ -15,6 +15,7 @@ limitations under the License. */ #include "utils.h" +#include "banned.h" void falco::utils::read(const std::string& filename, std::string& data) { diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index f4a511a9..1c0f2812 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -20,6 +20,7 @@ limitations under the License. #include "falco_common.h" #include "webserver.h" #include "json_evt.h" +#include "banned.h" using json = nlohmann::json; using namespace std;