update(build): bump libs version to caa0e4d0044fdaaebab086592a97f0c7f32aeaa9

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-03-18 10:11:12 +00:00 committed by poiana
parent df219b5e1d
commit 481e32cab9
3 changed files with 25 additions and 16 deletions

View File

@ -24,8 +24,8 @@ else()
# default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake
# -DFALCOSECURITY_LIBS_VERSION=dev ..`
if(NOT FALCOSECURITY_LIBS_VERSION)
set(FALCOSECURITY_LIBS_VERSION "b7eb0dd65226a8dc254d228c8d950d07bf3521d2")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=0f6dcdc3b94243c91294698ee343806539af81c5b33c60c6acf83fc1aa455e85")
set(FALCOSECURITY_LIBS_VERSION "caa0e4d0044fdaaebab086592a97f0c7f32aeaa9")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=a0cea9996b708109ff9538f343500d30b6e7ec5a860f714c61425d4598a0534d")
endif()
# cd /path/to/build && cmake /path/to/source

View File

@ -591,13 +591,15 @@ const json_event_filter_check::values_t &json_event_filter_check::extracted_valu
bool json_event_filter_check::compare(gen_event *evt)
{
auto jevt = (json_event *)evt;
auto jevt = (json_event *) evt;
std::vector<extract_value_t> values;
if (!extract(jevt, values))
{
return false;
}
auto evalues = (const extracted_values_t *) values[0].ptr;
uint32_t len;
auto evalues = (const extracted_values_t *) extract(jevt, &len);
values_set_t setvals;
switch(m_cmpop)
{
case CO_EQ:
@ -712,7 +714,7 @@ void json_event_filter_check::add_extracted_value_num(int64_t val)
m_evalues.second.emplace(json_event_value(val));
}
uint8_t *json_event_filter_check::extract(gen_event *evt, uint32_t *len, bool sanitize_strings)
bool json_event_filter_check::extract(gen_event *evt, std::vector<extract_value_t>& values, bool sanitize_strings)
{
m_evalues.first.clear();
m_evalues.second.clear();
@ -723,9 +725,8 @@ uint8_t *json_event_filter_check::extract(gen_event *evt, uint32_t *len, bool sa
m_evalues.second.clear();
add_extracted_value(no_value);
}
*len = sizeof(m_evalues);
return (uint8_t *)&m_evalues;
values.push_back({(uint8_t *)&m_evalues, sizeof(m_evalues)});
return true;
}
bool json_event_filter_check::extract_values(json_event *jevt)
@ -1659,13 +1660,13 @@ void json_event_formatter::parse_format()
void json_event_formatter::resolve_format(json_event *ev, std::list<std::pair<std::string, std::string>> &resolved)
{
vector<extract_value_t> values;
for(auto tok : m_tokens)
{
if(tok.check)
{
uint32_t len;
(void) tok.check->extract(ev, &len);
values.clear();
tok.check->extract(ev, values);
const json_event_filter_check::values_t &evals =
tok.check->extracted_values();

View File

@ -179,8 +179,16 @@ public:
void add_filter_value(const char *str, uint32_t len, uint32_t i = 0);
bool compare(gen_event *evt);
// This always returns a const extracted_values_t *. The pointer points to m_evalues;
uint8_t* extract(gen_event *evt, uint32_t* len, bool sanitize_strings = true) final;
// This is adapted to support the new extract() method signature that
// supports extracting list of values, however json_evt was implemented
// to support this feature in the first place through the
// extracted_values_t structure. As such, for now this is only used for
// signature compliance, and always pushes a single value. The value pushed
// in the vector is a a const extracted_values_t* that points to the
// internal m_evalues. This is a temporary workaround to sync with the
// latest falcosecurity/libs development without re-designing the whole K8S
// support, which will eventually be refactored as a plugin in the future anyway.
bool extract(gen_event *evt, std::vector<extract_value_t>& values, bool sanitize_strings = true) final;
const std::string &field();
const std::string &idx();