github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-17 08:11:32 +00:00
Code Issues Projects Releases Wiki Activity

chore(userspace): added schema validation info to rule_loader::result as_json and as_string outputs.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2024-09-09 14:24:42 +02:00 committed by poiana
parent 1f9bea5a0b
commit 2f89a2c140
2 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
userspace/engine/rule_loader.cpp
View File

@ -363,6 +363,12 @@ const std::string& rule_loader::result::as_summary_string()
os << "Invalid";
}
// Only print schema validation info if any validation was requested
if (schema_validation_str != yaml_helper::validation_none)
{
os << " | schema validation: " << schema_validation_str;
}
if(!errors.empty())
{
os << std::endl;
@ -435,6 +441,12 @@ const std::string& rule_loader::result::as_verbose_string(const rules_contents_t
os << "Invalid";
}
// Only print schema validation info if any validation was requested
if (schema_validation_str != yaml_helper::validation_none)
{
os << " | schema validation: " << schema_validation_str;
}
if (!errors.empty())
{
os << std::endl;
@ -494,8 +506,19 @@ const nlohmann::json& rule_loader::result::as_json(const rules_contents_t& conte
j["name"] = name;
j["successful"] = success;
j["errors"] = nlohmann::json::array();
// Only print schema validation info if any validation was requested
if (schema_validation_str != yaml_helper::validation_none)
{
bool schema_valid = schema_validation_str == yaml_helper::validation_ok;
j["schema_valid"] = schema_valid;
j["schema_warnings"] = nlohmann::json::array();
if (!schema_valid)
{
j["schema_warnings"].push_back(schema_validation_str);
}
}
j["errors"] = nlohmann::json::array();
for(auto &err : errors)
{
nlohmann::json jerr;
@ -511,7 +534,6 @@ const nlohmann::json& rule_loader::result::as_json(const rules_contents_t& conte
}
j["warnings"] = nlohmann::json::array();
for(auto &warn : warnings)
{
nlohmann::json jwarn;

11
userspace/falco/app/actions/validate_rules_files.cpp
View File

@ -68,21 +68,22 @@ falco::app::run_result falco::app::actions::validate_rules_files(falco::app::sta
// printed when verbose is true.
std::string summary;
falco_logger::log(falco_logger::level::INFO, "Validating rules file(s):\n");
for(const auto& file : s.options.validate_rules_filenames)
{
falco_logger::log(falco_logger::level::INFO, " " + file + "\n");
}
// The json output encompasses all files so the
// validation result is a single json object.
std::string err = "";
nlohmann::json results = nlohmann::json::array();
falco_logger::log(falco_logger::level::INFO, "Validating rules file(s):\n");
for(auto &filename : s.options.validate_rules_filenames)
{
std::unique_ptr<falco::load_result> res;
res = s.engine->load_rules(rc.at(filename), filename);
auto priority = res->schema_validation() == yaml_helper::validation_ok ? falco_logger::level::INFO : falco_logger::level::WARNING;
falco_logger::log(priority, std::string(" ") + filename + " | schema validation: " + res->schema_validation() + "\n");
if (!check_rules_plugin_requirements(s, err))
{
return run_result::fatal(err);