mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-25 09:28:55 +00:00
update(build): bump libs version to caa0e4d0044fdaaebab086592a97f0c7f32aeaa9
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
parent
df219b5e1d
commit
481e32cab9
@ -24,8 +24,8 @@ else()
|
||||
# default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake
|
||||
# -DFALCOSECURITY_LIBS_VERSION=dev ..`
|
||||
if(NOT FALCOSECURITY_LIBS_VERSION)
|
||||
set(FALCOSECURITY_LIBS_VERSION "b7eb0dd65226a8dc254d228c8d950d07bf3521d2")
|
||||
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=0f6dcdc3b94243c91294698ee343806539af81c5b33c60c6acf83fc1aa455e85")
|
||||
set(FALCOSECURITY_LIBS_VERSION "caa0e4d0044fdaaebab086592a97f0c7f32aeaa9")
|
||||
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=a0cea9996b708109ff9538f343500d30b6e7ec5a860f714c61425d4598a0534d")
|
||||
endif()
|
||||
|
||||
# cd /path/to/build && cmake /path/to/source
|
||||
|
@ -591,13 +591,15 @@ const json_event_filter_check::values_t &json_event_filter_check::extracted_valu
|
||||
|
||||
bool json_event_filter_check::compare(gen_event *evt)
|
||||
{
|
||||
auto jevt = (json_event *)evt;
|
||||
auto jevt = (json_event *) evt;
|
||||
std::vector<extract_value_t> values;
|
||||
if (!extract(jevt, values))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
auto evalues = (const extracted_values_t *) values[0].ptr;
|
||||
|
||||
uint32_t len;
|
||||
|
||||
auto evalues = (const extracted_values_t *) extract(jevt, &len);
|
||||
values_set_t setvals;
|
||||
|
||||
switch(m_cmpop)
|
||||
{
|
||||
case CO_EQ:
|
||||
@ -712,7 +714,7 @@ void json_event_filter_check::add_extracted_value_num(int64_t val)
|
||||
m_evalues.second.emplace(json_event_value(val));
|
||||
}
|
||||
|
||||
uint8_t *json_event_filter_check::extract(gen_event *evt, uint32_t *len, bool sanitize_strings)
|
||||
bool json_event_filter_check::extract(gen_event *evt, std::vector<extract_value_t>& values, bool sanitize_strings)
|
||||
{
|
||||
m_evalues.first.clear();
|
||||
m_evalues.second.clear();
|
||||
@ -723,9 +725,8 @@ uint8_t *json_event_filter_check::extract(gen_event *evt, uint32_t *len, bool sa
|
||||
m_evalues.second.clear();
|
||||
add_extracted_value(no_value);
|
||||
}
|
||||
|
||||
*len = sizeof(m_evalues);
|
||||
return (uint8_t *)&m_evalues;
|
||||
values.push_back({(uint8_t *)&m_evalues, sizeof(m_evalues)});
|
||||
return true;
|
||||
}
|
||||
|
||||
bool json_event_filter_check::extract_values(json_event *jevt)
|
||||
@ -1659,13 +1660,13 @@ void json_event_formatter::parse_format()
|
||||
|
||||
void json_event_formatter::resolve_format(json_event *ev, std::list<std::pair<std::string, std::string>> &resolved)
|
||||
{
|
||||
vector<extract_value_t> values;
|
||||
for(auto tok : m_tokens)
|
||||
{
|
||||
if(tok.check)
|
||||
{
|
||||
uint32_t len;
|
||||
|
||||
(void) tok.check->extract(ev, &len);
|
||||
values.clear();
|
||||
tok.check->extract(ev, values);
|
||||
|
||||
const json_event_filter_check::values_t &evals =
|
||||
tok.check->extracted_values();
|
||||
|
@ -179,8 +179,16 @@ public:
|
||||
void add_filter_value(const char *str, uint32_t len, uint32_t i = 0);
|
||||
bool compare(gen_event *evt);
|
||||
|
||||
// This always returns a const extracted_values_t *. The pointer points to m_evalues;
|
||||
uint8_t* extract(gen_event *evt, uint32_t* len, bool sanitize_strings = true) final;
|
||||
// This is adapted to support the new extract() method signature that
|
||||
// supports extracting list of values, however json_evt was implemented
|
||||
// to support this feature in the first place through the
|
||||
// extracted_values_t structure. As such, for now this is only used for
|
||||
// signature compliance, and always pushes a single value. The value pushed
|
||||
// in the vector is a a const extracted_values_t* that points to the
|
||||
// internal m_evalues. This is a temporary workaround to sync with the
|
||||
// latest falcosecurity/libs development without re-designing the whole K8S
|
||||
// support, which will eventually be refactored as a plugin in the future anyway.
|
||||
bool extract(gen_event *evt, std::vector<extract_value_t>& values, bool sanitize_strings = true) final;
|
||||
|
||||
const std::string &field();
|
||||
const std::string &idx();
|
||||
|
Loading…
Reference in New Issue
Block a user