mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-31 14:11:41 +00:00
cleanup: fix several warnings from a Clang build
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
This commit is contained in:
Federico Aponte
poiana
parent
13991f1ea7
commit
44b7352180
@ -37,17 +37,17 @@ TEST(MacroResolver, should_resolve_macros_on_a_filter_AST)
|
||||
{
|
||||
libsinsp::filter::ast::pos_info macro_pos(12, 85, 27);
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> macro = std::move(libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> macro = libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists");
|
||||
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> filter_and;
|
||||
filter_and.push_back(libsinsp::filter::ast::unary_check_expr::create("evt.name", "", "exists"));
|
||||
filter_and.push_back(libsinsp::filter::ast::not_expr::create(libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos)));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::and_expr::create(filter_and));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::and_expr::create(filter_and);
|
||||
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> expected_and;
|
||||
expected_and.push_back(libsinsp::filter::ast::unary_check_expr::create("evt.name", "", "exists"));
|
||||
expected_and.push_back(libsinsp::filter::ast::not_expr::create(clone(macro.get())));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> expected = std::move(libsinsp::filter::ast::and_expr::create(expected_and));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> expected = libsinsp::filter::ast::and_expr::create(expected_and);
|
||||
|
||||
filter_macro_resolver resolver;
|
||||
resolver.set_macro(MACRO_NAME, macro);
|
||||
@ -71,9 +71,9 @@ TEST(MacroResolver, should_resolve_macros_on_a_filter_AST_single_node)
|
||||
{
|
||||
libsinsp::filter::ast::pos_info macro_pos(12, 85, 27);
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> macro = std::move(libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> macro = libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists");
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos);
|
||||
|
||||
filter_macro_resolver resolver;
|
||||
resolver.set_macro(MACRO_NAME, macro);
|
||||
@ -102,18 +102,18 @@ TEST(MacroResolver, should_resolve_macros_on_a_filter_AST_multiple_macros)
|
||||
libsinsp::filter::ast::pos_info a_macro_pos(11, 75, 43);
|
||||
libsinsp::filter::ast::pos_info b_macro_pos(91, 21, 9);
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_macro = std::move(libsinsp::filter::ast::unary_check_expr::create("one.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> b_macro = std::move(libsinsp::filter::ast::unary_check_expr::create("another.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_macro = libsinsp::filter::ast::unary_check_expr::create("one.field", "", "exists");
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> b_macro = libsinsp::filter::ast::unary_check_expr::create("another.field", "", "exists");
|
||||
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> filter_or;
|
||||
filter_or.push_back(libsinsp::filter::ast::value_expr::create(MACRO_A_NAME, a_macro_pos));
|
||||
filter_or.push_back(libsinsp::filter::ast::value_expr::create(MACRO_B_NAME, b_macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::or_expr::create(filter_or));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::or_expr::create(filter_or);
|
||||
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> expected_or;
|
||||
expected_or.push_back(clone(a_macro.get()));
|
||||
expected_or.push_back(clone(b_macro.get()));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> expected_filter = std::move(libsinsp::filter::ast::or_expr::create(expected_or));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> expected_filter = libsinsp::filter::ast::or_expr::create(expected_or);
|
||||
|
||||
filter_macro_resolver resolver;
|
||||
resolver.set_macro(MACRO_A_NAME, a_macro);
|
||||
@ -149,17 +149,17 @@ TEST(MacroResolver, should_resolve_macros_on_a_filter_AST_nested_macros)
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> a_macro_and;
|
||||
a_macro_and.push_back(libsinsp::filter::ast::unary_check_expr::create("one.field", "", "exists"));
|
||||
a_macro_and.push_back(libsinsp::filter::ast::value_expr::create(MACRO_B_NAME, b_macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_macro = std::move(libsinsp::filter::ast::and_expr::create(a_macro_and));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_macro = libsinsp::filter::ast::and_expr::create(a_macro_and);
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> b_macro = std::move(
|
||||
libsinsp::filter::ast::unary_check_expr::create("another.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> b_macro =
|
||||
libsinsp::filter::ast::unary_check_expr::create("another.field", "", "exists");
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::value_expr::create(MACRO_A_NAME, a_macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::value_expr::create(MACRO_A_NAME, a_macro_pos);
|
||||
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> expected_and;
|
||||
expected_and.push_back(libsinsp::filter::ast::unary_check_expr::create("one.field", "", "exists"));
|
||||
expected_and.push_back(libsinsp::filter::ast::unary_check_expr::create("another.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> expected_filter = std::move(libsinsp::filter::ast::and_expr::create(expected_and));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> expected_filter = libsinsp::filter::ast::and_expr::create(expected_and);
|
||||
|
||||
filter_macro_resolver resolver;
|
||||
resolver.set_macro(MACRO_A_NAME, a_macro);
|
||||
@ -196,7 +196,7 @@ TEST(MacroResolver, should_find_unknown_macros)
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> filter_and;
|
||||
filter_and.push_back(libsinsp::filter::ast::unary_check_expr::create("evt.name", "", "exists"));
|
||||
filter_and.push_back(libsinsp::filter::ast::not_expr::create(libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos)));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::and_expr::create(filter_and));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::and_expr::create(filter_and);
|
||||
|
||||
filter_macro_resolver resolver;
|
||||
ASSERT_FALSE(resolver.run(filter));
|
||||
@ -214,9 +214,9 @@ TEST(MacroResolver, should_find_unknown_nested_macros)
|
||||
std::vector<std::unique_ptr<libsinsp::filter::ast::expr>> a_macro_and;
|
||||
a_macro_and.push_back(libsinsp::filter::ast::unary_check_expr::create("one.field", "", "exists"));
|
||||
a_macro_and.push_back(libsinsp::filter::ast::value_expr::create(MACRO_B_NAME, b_macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_macro = std::move(libsinsp::filter::ast::and_expr::create(a_macro_and));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_macro = libsinsp::filter::ast::and_expr::create(a_macro_and);
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::value_expr::create(MACRO_A_NAME, a_macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::value_expr::create(MACRO_A_NAME, a_macro_pos);
|
||||
auto expected_filter = clone(a_macro.get());
|
||||
|
||||
filter_macro_resolver resolver;
|
||||
@ -237,9 +237,9 @@ TEST(MacroResolver, should_undefine_macro)
|
||||
libsinsp::filter::ast::pos_info macro_pos_1(12, 9, 3);
|
||||
libsinsp::filter::ast::pos_info macro_pos_2(9, 6, 3);
|
||||
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> macro = std::move(libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_filter = std::move(libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos_1));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> b_filter = std::move(libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos_2));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> macro = libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists");
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> a_filter = libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos_1);
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> b_filter = libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos_2);
|
||||
filter_macro_resolver resolver;
|
||||
|
||||
resolver.set_macro(MACRO_NAME, macro);
|
||||
@ -262,8 +262,8 @@ TEST(MacroResolver, should_undefine_macro)
|
||||
TEST(MacroResolver, should_clone_macro_AST)
|
||||
{
|
||||
libsinsp::filter::ast::pos_info macro_pos(5, 2, 8888);
|
||||
std::shared_ptr<libsinsp::filter::ast::unary_check_expr> macro = std::move(libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists"));
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = std::move(libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos));
|
||||
std::shared_ptr<libsinsp::filter::ast::unary_check_expr> macro = libsinsp::filter::ast::unary_check_expr::create("test.field", "", "exists");
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> filter = libsinsp::filter::ast::value_expr::create(MACRO_NAME, macro_pos);
|
||||
filter_macro_resolver resolver;
|
||||
|
||||
resolver.set_macro(MACRO_NAME, macro);
|
||||
|
||||
@ -195,7 +195,7 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
|
||||
// read rules YAML file and collect its definitions
|
||||
rule_loader::reader reader;
|
||||
if (reader.read(cfg, m_rule_collector))
|
||||
{
|
||||
{
|
||||
// compile the definitions (resolve macro/list refs, exceptions, ...)
|
||||
m_last_compile_output = std::make_unique<rule_loader::compiler::compile_output>();
|
||||
rule_loader::compiler().compile(cfg, m_rule_collector, *m_last_compile_output.get());
|
||||
@ -384,7 +384,7 @@ libsinsp::events::set<ppm_sc_code> falco_engine::sc_codes_for_ruleset(const std:
|
||||
{
|
||||
return find_source(source)->ruleset->enabled_sc_codes(find_ruleset_id(ruleset));
|
||||
}
|
||||
|
||||
|
||||
libsinsp::events::set<ppm_event_code> falco_engine::event_codes_for_ruleset(const std::string &source, const std::string &ruleset)
|
||||
{
|
||||
return find_source(source)->ruleset->enabled_event_codes(find_ruleset_id(ruleset));
|
||||
@ -550,7 +550,7 @@ nlohmann::json falco_engine::describe_rule(std::string *rule, const std::vector<
|
||||
alternatives.push_back(std::move(alternative));
|
||||
}
|
||||
r["alternatives"] = std::move(alternatives);
|
||||
|
||||
|
||||
plugin_versions.push_back(std::move(r));
|
||||
}
|
||||
output["required_plugin_versions"] = std::move(plugin_versions);
|
||||
@ -565,7 +565,7 @@ nlohmann::json falco_engine::describe_rule(std::string *rule, const std::vector<
|
||||
rules_array.push_back(std::move(rule));
|
||||
}
|
||||
output["rules"] = std::move(rules_array);
|
||||
|
||||
|
||||
// Store information about macros
|
||||
nlohmann::json macros_array = nlohmann::json::array();
|
||||
for(const auto &m : m_last_compile_output->macros)
|
||||
@ -577,14 +577,14 @@ nlohmann::json falco_engine::describe_rule(std::string *rule, const std::vector<
|
||||
}
|
||||
output["macros"] = std::move(macros_array);
|
||||
|
||||
// Store information about lists
|
||||
// Store information about lists
|
||||
nlohmann::json lists_array = nlohmann::json::array();
|
||||
for(const auto &l : m_last_compile_output->lists)
|
||||
{
|
||||
auto info = m_rule_collector.lists().at(l.name);
|
||||
nlohmann::json list;
|
||||
get_json_details(list, l, *info, plugins);
|
||||
lists_array.push_back(std::move(list));
|
||||
lists_array.push_back(std::move(list));
|
||||
}
|
||||
output["lists"] = std::move(lists_array);
|
||||
}
|
||||
@ -619,12 +619,12 @@ void falco_engine::get_json_details(
|
||||
// Fill general rule information
|
||||
rule_info["name"] = r.name;
|
||||
rule_info["condition"] = info.cond;
|
||||
rule_info["priority"] = std::move(format_priority(r.priority, false));
|
||||
rule_info["priority"] = format_priority(r.priority, false);
|
||||
rule_info["output"] = info.output;
|
||||
rule_info["description"] = r.description;
|
||||
rule_info["enabled"] = info.enabled;
|
||||
rule_info["source"] = r.source;
|
||||
rule_info["tags"] = std::move(sequence_to_json_array(info.tags));
|
||||
rule_info["tags"] = sequence_to_json_array(info.tags);
|
||||
out["info"] = std::move(rule_info);
|
||||
|
||||
// Parse rule condition and build the non-compiled AST
|
||||
@ -648,19 +648,19 @@ void falco_engine::get_json_details(
|
||||
filter_details_resolver().run(ast.get(), details);
|
||||
filter_details_resolver().run(r.condition.get(), compiled_details);
|
||||
|
||||
out["details"]["macros"] = std::move(sequence_to_json_array(details.macros));
|
||||
out["details"]["lists"] = std::move(sequence_to_json_array(details.lists));
|
||||
out["details"]["condition_operators"] = std::move(sequence_to_json_array(compiled_details.operators));
|
||||
out["details"]["condition_fields"] = std::move(sequence_to_json_array(compiled_details.fields));
|
||||
out["details"]["macros"] = sequence_to_json_array(details.macros);
|
||||
out["details"]["lists"] = sequence_to_json_array(details.lists);
|
||||
out["details"]["condition_operators"] = sequence_to_json_array(compiled_details.operators);
|
||||
out["details"]["condition_fields"] = sequence_to_json_array(compiled_details.fields);
|
||||
|
||||
// Get fields from output string
|
||||
auto fmt = create_formatter(r.source, r.output);
|
||||
std::vector<std::string> out_fields;
|
||||
fmt->get_field_names(out_fields);
|
||||
out["details"]["output_fields"] = std::move(sequence_to_json_array(out_fields));
|
||||
out["details"]["output_fields"] = sequence_to_json_array(out_fields);
|
||||
|
||||
// Get fields from exceptions
|
||||
out["details"]["exception_fields"] = std::move(sequence_to_json_array(r.exception_fields));
|
||||
out["details"]["exception_fields"] = sequence_to_json_array(r.exception_fields);
|
||||
|
||||
// Get names and operators from exceptions
|
||||
std::unordered_set<std::string> exception_names;
|
||||
@ -689,10 +689,10 @@ void falco_engine::get_json_details(
|
||||
else
|
||||
{
|
||||
exception_operators.insert(e.comps.item);
|
||||
}
|
||||
}
|
||||
}
|
||||
out["details"]["exception_names"] = std::move(sequence_to_json_array(exception_names));
|
||||
out["details"]["exception_operators"] = std::move(sequence_to_json_array(exception_operators));
|
||||
out["details"]["exception_names"] = sequence_to_json_array(exception_names);
|
||||
out["details"]["exception_operators"] = sequence_to_json_array(exception_operators);
|
||||
|
||||
// Store event types
|
||||
nlohmann::json events;
|
||||
@ -700,7 +700,7 @@ void falco_engine::get_json_details(
|
||||
out["details"]["events"] = std::move(events);
|
||||
|
||||
// Store compiled condition and output
|
||||
out["details"]["condition_compiled"] = std::move(libsinsp::filter::ast::as_string(r.condition.get()));
|
||||
out["details"]["condition_compiled"] = libsinsp::filter::ast::as_string(r.condition.get());
|
||||
out["details"]["output_compiled"] = r.output;
|
||||
|
||||
// Compute the plugins that are actually used by this rule. This is involves:
|
||||
@ -750,10 +750,10 @@ void falco_engine::get_json_details(
|
||||
filter_details_resolver().run(m.condition.get(), compiled_details);
|
||||
|
||||
out["details"]["used"] = m.used;
|
||||
out["details"]["macros"] = std::move(sequence_to_json_array(details.macros));
|
||||
out["details"]["lists"] = std::move(sequence_to_json_array(details.lists));
|
||||
out["details"]["condition_operators"] = std::move(sequence_to_json_array(compiled_details.operators));
|
||||
out["details"]["condition_fields"] = std::move(sequence_to_json_array(compiled_details.fields));
|
||||
out["details"]["macros"] = sequence_to_json_array(details.macros);
|
||||
out["details"]["lists"] = sequence_to_json_array(details.lists);
|
||||
out["details"]["condition_operators"] = sequence_to_json_array(compiled_details.operators);
|
||||
out["details"]["condition_fields"] = sequence_to_json_array(compiled_details.fields);
|
||||
|
||||
// Store event types
|
||||
nlohmann::json events;
|
||||
@ -761,7 +761,7 @@ void falco_engine::get_json_details(
|
||||
out["details"]["events"] = std::move(events);
|
||||
|
||||
// Store compiled condition
|
||||
out["details"]["condition_compiled"] = std::move(libsinsp::filter::ast::as_string(m.condition.get()));
|
||||
out["details"]["condition_compiled"] = libsinsp::filter::ast::as_string(m.condition.get());
|
||||
|
||||
// Compute the plugins that are actually used by this macro.
|
||||
// Note: macros have no specific source, we need to set an empty list of used
|
||||
@ -769,7 +769,7 @@ void falco_engine::get_json_details(
|
||||
// if a macro uses a plugin's field, we can't be sure which plugin actually
|
||||
// is used until we resolve the macro ref in a rule providing a source for
|
||||
// disambiguation.
|
||||
out["details"]["plugins"] = std::move(nlohmann::json::array());
|
||||
out["details"]["plugins"] = nlohmann::json::array();
|
||||
}
|
||||
|
||||
void falco_engine::get_json_details(
|
||||
@ -800,9 +800,9 @@ void falco_engine::get_json_details(
|
||||
list_info["items"] = std::move(items);
|
||||
out["info"] = std::move(list_info);
|
||||
out["details"]["used"] = l.used;
|
||||
out["details"]["lists"] = std::move(sequence_to_json_array(lists));
|
||||
out["details"]["items_compiled"] = std::move(sequence_to_json_array(l.items));
|
||||
out["details"]["plugins"] = std::move(nlohmann::json::array()); // always empty
|
||||
out["details"]["lists"] = sequence_to_json_array(lists);
|
||||
out["details"]["items_compiled"] = sequence_to_json_array(l.items);
|
||||
out["details"]["plugins"] = nlohmann::json::array(); // always empty
|
||||
}
|
||||
|
||||
void falco_engine::get_json_evt_types(
|
||||
|
||||
@ -22,12 +22,12 @@ limitations under the License.
|
||||
#include <unordered_set>
|
||||
#include <unordered_map>
|
||||
|
||||
struct filter_details
|
||||
struct filter_details
|
||||
{
|
||||
// input macros and lists
|
||||
std::unordered_set<std::string> known_macros;
|
||||
std::unordered_set<std::string> known_lists;
|
||||
|
||||
|
||||
// output details
|
||||
std::unordered_set<std::string> fields;
|
||||
std::unordered_set<std::string> macros;
|
||||
@ -47,25 +47,23 @@ public:
|
||||
/*!
|
||||
\brief Visits a filter AST and stores details about macros, lists,
|
||||
fields and operators used.
|
||||
\param filter The filter AST to be processed.
|
||||
\param details Helper structure used to state known macros and
|
||||
\param filter The filter AST to be processed.
|
||||
\param details Helper structure used to state known macros and
|
||||
lists on input, and to store all the retrieved details as output.
|
||||
*/
|
||||
void run(libsinsp::filter::ast::expr* filter,
|
||||
filter_details& details);
|
||||
|
||||
|
||||
private:
|
||||
struct visitor : public libsinsp::filter::ast::expr_visitor
|
||||
{
|
||||
visitor(filter_details& details) :
|
||||
visitor(filter_details& details) :
|
||||
m_details(details),
|
||||
m_expect_list(false),
|
||||
m_expect_macro(false),
|
||||
m_expect_evtname(false) {}
|
||||
visitor(visitor&&) = default;
|
||||
visitor& operator = (visitor&&) = default;
|
||||
visitor(const visitor&) = delete;
|
||||
visitor& operator = (const visitor&) = delete;
|
||||
|
||||
void visit(libsinsp::filter::ast::and_expr* e) override;
|
||||
void visit(libsinsp::filter::ast::or_expr* e) override;
|
||||
|
||||
@ -61,7 +61,7 @@ class filter_macro_resolver
|
||||
|
||||
/*!
|
||||
\brief used in get_{resolved,unknown}_macros and get_errors
|
||||
to represent an identifier/string value along with an AST position.
|
||||
to represent an identifier/string value along with an AST position.
|
||||
*/
|
||||
typedef std::pair<std::string,libsinsp::filter::ast::pos_info> value_info;
|
||||
|
||||
@ -103,10 +103,6 @@ class filter_macro_resolver
|
||||
m_unknown_macros(unknown_macros),
|
||||
m_resolved_macros(resolved_macros),
|
||||
m_macros(macros) {}
|
||||
visitor(visitor&&) = default;
|
||||
visitor& operator = (visitor&&) = default;
|
||||
visitor(const visitor&) = delete;
|
||||
visitor& operator = (const visitor&) = delete;
|
||||
|
||||
std::vector<std::string> m_macros_path;
|
||||
std::unique_ptr<libsinsp::filter::ast::expr> m_node_substitute;
|
||||
|
||||
@ -562,10 +562,8 @@ rule_loader::rule_load_exception::~rule_load_exception()
|
||||
{
|
||||
}
|
||||
|
||||
const char* rule_loader::rule_load_exception::what()
|
||||
const char* rule_loader::rule_load_exception::what() const noexcept
|
||||
{
|
||||
errstr = falco::load_result::error_code_str(ec) + ": "
|
||||
+ msg.c_str();
|
||||
|
||||
return errstr.c_str();
|
||||
// const + noexcept: can't use functions that change the object or throw
|
||||
return msg.c_str();
|
||||
}
|
||||
|
||||
@ -209,18 +209,12 @@ namespace rule_loader
|
||||
public:
|
||||
rule_load_exception(falco::load_result::error_code ec, const std::string& msg, const context& ctx);
|
||||
virtual ~rule_load_exception();
|
||||
rule_load_exception(rule_load_exception&&) = default;
|
||||
rule_load_exception& operator = (rule_load_exception&&) = default;
|
||||
rule_load_exception(const rule_load_exception&) = default;
|
||||
rule_load_exception& operator = (const rule_load_exception&) = default;
|
||||
|
||||
const char* what();
|
||||
const char* what() const noexcept override;
|
||||
|
||||
falco::load_result::error_code ec;
|
||||
std::string msg;
|
||||
context ctx;
|
||||
|
||||
std::string errstr;
|
||||
};
|
||||
|
||||
/*!
|
||||
@ -278,10 +272,6 @@ namespace rule_loader
|
||||
{
|
||||
res.reset(new result(name));
|
||||
}
|
||||
configuration(configuration&&) = default;
|
||||
configuration& operator = (configuration&&) = default;
|
||||
configuration(const configuration&) = delete;
|
||||
configuration& operator = (const configuration&) = delete;
|
||||
|
||||
// inputs
|
||||
const std::string& content;
|
||||
|
||||
@ -50,12 +50,6 @@ static void paren_item(std::string& e)
|
||||
}
|
||||
}
|
||||
|
||||
static inline bool is_operator_defined(const std::string& op)
|
||||
{
|
||||
auto ops = libsinsp::filter::parser::supported_operators();
|
||||
return find(ops.begin(), ops.end(), op) != ops.end();
|
||||
}
|
||||
|
||||
static inline bool is_operator_for_list(const std::string& op)
|
||||
{
|
||||
auto ops = libsinsp::filter::parser::supported_operators(true);
|
||||
|
||||
@ -35,10 +35,6 @@ class stats_manager
|
||||
public:
|
||||
stats_manager();
|
||||
virtual ~stats_manager();
|
||||
stats_manager(stats_manager&&) = default;
|
||||
stats_manager& operator = (stats_manager&&) = default;
|
||||
stats_manager(const stats_manager&) = default;
|
||||
stats_manager& operator = (const stats_manager&) = default;
|
||||
|
||||
/*!
|
||||
\brief Erases the internal state and statistics data
|
||||
|
||||
@ -20,14 +20,6 @@ limitations under the License.
|
||||
#include <sys/stat.h>
|
||||
#include <filesystem>
|
||||
|
||||
#ifndef CPPPATH_SEP
|
||||
#ifdef _MSC_VER
|
||||
#define CPPPATH_SEP "\\"
|
||||
#else
|
||||
#define CPPPATH_SEP "/"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
using namespace falco::app;
|
||||
using namespace falco::app::actions;
|
||||
|
||||
|
||||
@ -15,8 +15,6 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
#include <nlohmann/json.hpp>
|
||||
|
||||
#include "actions.h"
|
||||
#include "../../versions_info.h"
|
||||
|
||||
|
||||
@ -45,16 +45,12 @@ class source_sync_context
|
||||
public:
|
||||
source_sync_context(falco::semaphore& s)
|
||||
: m_finished(false), m_joined(false), m_semaphore(s) { }
|
||||
source_sync_context(source_sync_context&&) = default;
|
||||
source_sync_context& operator = (source_sync_context&&) = default;
|
||||
source_sync_context(const source_sync_context&) = delete;
|
||||
source_sync_context& operator = (const source_sync_context&) = delete;
|
||||
|
||||
inline void finish()
|
||||
{
|
||||
bool v = false;
|
||||
while (!m_finished.compare_exchange_weak(
|
||||
v, true,
|
||||
v, true,
|
||||
std::memory_order_seq_cst,
|
||||
std::memory_order_seq_cst))
|
||||
{
|
||||
@ -70,7 +66,7 @@ public:
|
||||
{
|
||||
bool v = false;
|
||||
while (!m_joined.compare_exchange_weak(
|
||||
v, true,
|
||||
v, true,
|
||||
std::memory_order_seq_cst,
|
||||
std::memory_order_seq_cst))
|
||||
{
|
||||
@ -90,7 +86,7 @@ public:
|
||||
{
|
||||
return m_finished.load(std::memory_order_seq_cst);
|
||||
}
|
||||
|
||||
|
||||
private:
|
||||
// set to true when the event processing loop finishes
|
||||
std::atomic<bool> m_finished;
|
||||
@ -102,12 +98,6 @@ private:
|
||||
|
||||
struct live_context
|
||||
{
|
||||
live_context() = default;
|
||||
live_context(live_context&&) = default;
|
||||
live_context& operator = (live_context&&) = default;
|
||||
live_context(const live_context&) = default;
|
||||
live_context& operator = (const live_context&) = default;
|
||||
|
||||
// the name of the source of which events are processed
|
||||
std::string source;
|
||||
// the result of the event processing loop
|
||||
@ -269,7 +259,7 @@ static falco::app::run_result do_inspect(
|
||||
}
|
||||
return run_result::fatal(msg);
|
||||
}
|
||||
|
||||
|
||||
// for capture mode, the source name can change at every event
|
||||
stats_collector.collect(inspector, inspector->event_sources()[source_engine_idx], num_evts);
|
||||
}
|
||||
@ -325,7 +315,7 @@ static falco::app::run_result do_inspect(
|
||||
s.outputs->handle_event(rule_res.evt, rule_res.rule, rule_res.source, rule_res.priority_num, rule_res.format, rule_res.tags);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
num_evts++;
|
||||
}
|
||||
|
||||
|
||||
@ -57,15 +57,11 @@ public:
|
||||
m_watched_dirs(watch_dirs),
|
||||
m_watched_files(watch_files) { }
|
||||
virtual ~restart_handler();
|
||||
restart_handler(restart_handler&&) = default;
|
||||
restart_handler& operator = (restart_handler&&) = default;
|
||||
restart_handler(const restart_handler&) = delete;
|
||||
restart_handler& operator = (const restart_handler&) = delete;
|
||||
|
||||
bool start(std::string& err);
|
||||
void stop();
|
||||
void trigger();
|
||||
|
||||
|
||||
private:
|
||||
void watcher_loop() noexcept;
|
||||
|
||||
|
||||
@ -56,7 +56,7 @@ struct state
|
||||
source_info& operator = (source_info&&) = default;
|
||||
source_info(const source_info&) = default;
|
||||
source_info& operator = (const source_info&) = default;
|
||||
|
||||
|
||||
// The index of the given event source in the state's falco_engine,
|
||||
// as returned by falco_engine::add_source
|
||||
std::size_t engine_idx;
|
||||
@ -93,10 +93,6 @@ struct state
|
||||
}
|
||||
|
||||
~state() = default;
|
||||
state(state&&) = default;
|
||||
state& operator = (state&&) = default;
|
||||
state(const state&) = default;
|
||||
state& operator = (const state&) = default;
|
||||
|
||||
std::string cmdline;
|
||||
falco::app::options options;
|
||||
@ -145,7 +141,7 @@ struct state
|
||||
falco_webserver webserver;
|
||||
#endif
|
||||
|
||||
inline bool is_capture_mode() const
|
||||
inline bool is_capture_mode() const
|
||||
{
|
||||
return config->m_engine_mode == engine_kind_t::REPLAY;
|
||||
}
|
||||
@ -175,7 +171,7 @@ struct state
|
||||
return config->m_engine_mode == engine_kind_t::NONE;
|
||||
}
|
||||
|
||||
inline bool is_source_enabled(const std::string& src) const
|
||||
inline bool is_source_enabled(const std::string& src) const
|
||||
{
|
||||
return enabled_sources.find(falco_common::syscall_source) != enabled_sources.end();
|
||||
}
|
||||
|
||||
@ -30,13 +30,6 @@ namespace falco
|
||||
class atomic_signal_handler
|
||||
{
|
||||
public:
|
||||
atomic_signal_handler(): m_triggered(false), m_handled(false) { }
|
||||
atomic_signal_handler(atomic_signal_handler&&) = default;
|
||||
atomic_signal_handler& operator = (atomic_signal_handler&&) = default;
|
||||
atomic_signal_handler(const atomic_signal_handler&) = delete;
|
||||
atomic_signal_handler& operator = (const atomic_signal_handler&) = delete;
|
||||
~atomic_signal_handler() = default;
|
||||
|
||||
/**
|
||||
* @brief Returns true if the underlying atomic implementation
|
||||
* is lock-free as per C++ standard semantics.
|
||||
@ -95,7 +88,7 @@ namespace falco
|
||||
* performed. After the first handler has been performed, every
|
||||
* other invocation of handle() will be skipped and return false
|
||||
* up until the next invocation of reset().
|
||||
*
|
||||
*
|
||||
* @param f The action to perform.
|
||||
* @return true If the action has been performed.
|
||||
* @return false If the action has not been performed.
|
||||
@ -134,7 +127,7 @@ namespace falco
|
||||
|
||||
private:
|
||||
std::mutex m_mtx;
|
||||
std::atomic<bool> m_triggered;
|
||||
std::atomic<bool> m_handled;
|
||||
std::atomic<bool> m_triggered{false};
|
||||
std::atomic<bool> m_handled{false};
|
||||
};
|
||||
};
|
||||
|
||||
@ -55,45 +55,38 @@ enum class engine_kind_t : uint8_t
|
||||
class falco_configuration
|
||||
{
|
||||
public:
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
struct plugin_config {
|
||||
std::string m_name;
|
||||
std::string m_library_path;
|
||||
std::string m_init_config;
|
||||
std::string m_open_params;
|
||||
} plugin_config;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
struct kmod_config {
|
||||
int16_t m_buf_size_preset;
|
||||
bool m_drop_failed_exit;
|
||||
} kmod_config;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
struct ebpf_config {
|
||||
std::string m_probe_path;
|
||||
int16_t m_buf_size_preset;
|
||||
bool m_drop_failed_exit;
|
||||
} ebpf_config;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
struct modern_ebpf_config {
|
||||
uint16_t m_cpus_for_each_buffer;
|
||||
int16_t m_buf_size_preset;
|
||||
bool m_drop_failed_exit;
|
||||
} modern_ebpf_config;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
struct replay_config {
|
||||
std::string m_capture_file;
|
||||
} replay_config;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
struct gvisor_config {
|
||||
std::string m_config;
|
||||
std::string m_root;
|
||||
} gvisor_config;
|
||||
};
|
||||
|
||||
falco_configuration();
|
||||
virtual ~falco_configuration() = default;
|
||||
|
||||
@ -65,7 +65,7 @@ falco_outputs::falco_outputs(
|
||||
{
|
||||
add_output(output);
|
||||
}
|
||||
m_outputs_queue_num_drops = {0};
|
||||
m_outputs_queue_num_drops = 0;
|
||||
#ifndef __EMSCRIPTEN__
|
||||
m_queue.set_capacity(outputs_queue_capacity);
|
||||
m_worker_thread = std::thread(&falco_outputs::worker, this);
|
||||
|
||||
@ -32,11 +32,6 @@ namespace falco
|
||||
* @brief Creates a semaphore with the given initial counter value
|
||||
*/
|
||||
semaphore(int c = 0): count(c) {}
|
||||
semaphore(semaphore&&) = default;
|
||||
semaphore& operator = (semaphore&&) = default;
|
||||
semaphore(const semaphore&) = delete;
|
||||
semaphore& operator = (const semaphore&) = delete;
|
||||
~semaphore() = default;
|
||||
|
||||
/**
|
||||
* @brief Increments the internal counter and unblocks acquirers
|
||||
|
||||
@ -20,7 +20,6 @@ limitations under the License.
|
||||
#endif
|
||||
#include <ctime>
|
||||
#include <csignal>
|
||||
#include <nlohmann/json.hpp>
|
||||
#include <atomic>
|
||||
|
||||
#include <nlohmann/json.hpp>
|
||||
@ -40,8 +39,8 @@ static timer_t s_timerid;
|
||||
#else
|
||||
static uint16_t s_timerid;
|
||||
#endif
|
||||
// note: Workaround for older GLIBC versions (< 2.35), where calling timer_delete()
|
||||
// with an invalid timer ID not returned by timer_create() causes a segfault because of
|
||||
// note: Workaround for older GLIBC versions (< 2.35), where calling timer_delete()
|
||||
// with an invalid timer ID not returned by timer_create() causes a segfault because of
|
||||
// a bug in GLIBC (https://sourceware.org/bugzilla/show_bug.cgi?id=28257).
|
||||
// Just performing a nullptr check is not enough as even after creating the timer, s_timerid
|
||||
// remains a nullptr somehow.
|
||||
@ -132,7 +131,7 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
|
||||
// delete any previously set timer
|
||||
if (s_timerid_exists)
|
||||
{
|
||||
if (timer_delete(s_timerid) == -1)
|
||||
if (timer_delete(s_timerid) == -1)
|
||||
{
|
||||
err = std::string("Could not delete previous timer: ") + strerror(errno);
|
||||
return false;
|
||||
@ -140,7 +139,7 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
|
||||
s_timerid_exists = false;
|
||||
}
|
||||
|
||||
if (timer_create(CLOCK_MONOTONIC, &sev, &s_timerid) == -1)
|
||||
if (timer_create(CLOCK_MONOTONIC, &sev, &s_timerid) == -1)
|
||||
{
|
||||
err = std::string("Could not create periodic timer: ") + strerror(errno);
|
||||
return false;
|
||||
@ -151,7 +150,7 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
|
||||
timer.it_value.tv_nsec = (interval_msec % 1000) * 1000 * 1000;
|
||||
timer.it_interval = timer.it_value;
|
||||
|
||||
if (timer_settime(s_timerid, 0, &timer, NULL) == -1)
|
||||
if (timer_settime(s_timerid, 0, &timer, NULL) == -1)
|
||||
{
|
||||
err = std::string("Could not set up periodic timer: ") + strerror(errno);
|
||||
return false;
|
||||
@ -265,7 +264,7 @@ void stats_writer::worker() noexcept
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
// this helps waiting for the first tick
|
||||
tick = stats_writer::get_ticker();
|
||||
if (first_tick != tick)
|
||||
@ -302,7 +301,7 @@ void stats_writer::worker() noexcept
|
||||
}
|
||||
|
||||
stats_writer::collector::collector(const std::shared_ptr<stats_writer>& writer)
|
||||
: m_writer(writer), m_last_tick(0), m_samples(0),
|
||||
: m_writer(writer), m_last_tick(0),
|
||||
m_last_now(0), m_last_n_evts(0), m_last_n_drops(0), m_last_num_evts(0)
|
||||
{
|
||||
}
|
||||
|
||||
@ -50,7 +50,7 @@ public:
|
||||
This class is not thread-safe.
|
||||
*/
|
||||
class collector
|
||||
{
|
||||
{
|
||||
public:
|
||||
/*!
|
||||
\brief Initializes the collector with the given writer
|
||||
@ -74,11 +74,8 @@ public:
|
||||
*/
|
||||
void get_metrics_output_fields_additional(nlohmann::json& output_fields, const std::shared_ptr<sinsp>& inspector, double stats_snapshot_time_delta_sec, const std::string& src);
|
||||
|
||||
|
||||
std::shared_ptr<stats_writer> m_writer;
|
||||
stats_writer::ticker_t m_last_tick;
|
||||
uint64_t m_samples;
|
||||
scap_stats m_last_stats;
|
||||
uint64_t m_last_now;
|
||||
uint64_t m_last_n_evts;
|
||||
uint64_t m_last_n_drops;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user