github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-25 20:30:47 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace,unit_tests): deny main config to include itself.

Browse Source 
Moreover, added a couple more tests.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Federico Di Pierro
2024-02-08 09:51:06 +01:00
committed by poiana
parent 8112f6210b
commit 45754fda9f
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
unit_tests/falco/test_configuration.cpp
View File

@@ -278,6 +278,39 @@ TEST(Configuration, configuration_include_files)
ASSERT_TRUE(conf.is_defined("base_value_2.id"));
ASSERT_EQ(conf.get_scalar<int>("base_value_2.id", 0), 2);
/* Test that empty includes list is accepted */
const std::string main_conf_yaml_empty_includes =
"includes:\n"
"foo: bar\n"
"base_value:\n"
" id: 1\n"
" name: foo\n";
outfile.open("main.yaml");
outfile << main_conf_yaml_empty_includes;
outfile.close();
ASSERT_NO_THROW(conf.load_from_file("main.yaml"));
ASSERT_TRUE(conf.is_defined("foo"));
ASSERT_EQ(conf.get_scalar<std::string>("foo", ""), "bar");
ASSERT_TRUE(conf.is_defined("base_value.id"));
ASSERT_EQ(conf.get_scalar<int>("base_value.id", 0), 1);
ASSERT_TRUE(conf.is_defined("base_value.name"));
ASSERT_EQ(conf.get_scalar<std::string>("base_value.name", ""), "foo");
/* Test that empty includes list is accepted */
const std::string main_conf_yaml_include_itself =
"includes: main.yaml\n"
"foo: bar\n"
"base_value:\n"
" id: 1\n"
" name: foo\n";
outfile.open("main.yaml");
outfile << main_conf_yaml_include_itself;
outfile.close();
ASSERT_ANY_THROW(conf.load_from_file("main.yaml"));
// Cleanup everything
std::filesystem::remove("main.yaml");
std::filesystem::remove("conf_2.yaml");

4
userspace/falco/yaml_helper.h
View File

@@ -109,6 +109,10 @@ public:
{
include_file_path = config_folder / include_file;
}
if (include_file_path == ppath)
{
throw std::runtime_error("Config error: 'includes' directive tried to recursively include main config file: " + path + ".");
}
if (std::filesystem::exists(include_file_path) && std::filesystem::is_regular_file(include_file_path))
{
auto loaded_nodes = load_from_file_int(include_file_path.string());