github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-25 04:11:59 +00:00
Code Issues Projects Releases Wiki Activity

refactor: remove refs to gen_event class family

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2024-02-01 13:10:13 +00:00
committed by poiana
parent 0613f11980
commit 4cffcedba1
21 changed files with 87 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
unit_tests/engine/test_add_source.cpp
View File

@@ -31,7 +31,7 @@ namespace
class test_ruleset_factory : public evttype_index_ruleset_factory
{
public:
test_ruleset_factory(std::shared_ptr<gen_event_filter_factory> factory):
test_ruleset_factory(std::shared_ptr<sinsp_filter_factory> factory):
evttype_index_ruleset_factory(factory)
{
ruleset = evttype_index_ruleset_factory::new_ruleset();
@@ -54,9 +54,9 @@ TEST(AddSource, basic)
sinsp inspector;
sinsp_filter_check_list filterchecks;
auto filter_factory = std::shared_ptr<gen_event_filter_factory>(
auto filter_factory = std::shared_ptr<sinsp_filter_factory>(
new sinsp_filter_factory(&inspector, filterchecks));
auto formatter_factory = std::shared_ptr<gen_event_formatter_factory>(
auto formatter_factory = std::shared_ptr<sinsp_evt_formatter_factory>(
new sinsp_evt_formatter_factory(&inspector, filterchecks));
test_ruleset_factory *test_factory = new test_ruleset_factory(filter_factory);
auto ruleset_factory = std::shared_ptr<filter_ruleset_factory>(test_factory);

14
unit_tests/engine/test_alt_rule_loader.cpp
View File

@@ -124,7 +124,7 @@ protected:
class test_ruleset : public evttype_index_ruleset
{
public:
test_ruleset(std::shared_ptr<gen_event_filter_factory> factory):
test_ruleset(std::shared_ptr<sinsp_filter_factory> factory):
evttype_index_ruleset(factory){};
virtual ~test_ruleset() = default;
@@ -154,7 +154,7 @@ public:
class test_ruleset_factory : public filter_ruleset_factory
{
public:
test_ruleset_factory(std::shared_ptr<gen_event_filter_factory> factory):
test_ruleset_factory(std::shared_ptr<sinsp_filter_factory> factory):
m_filter_factory(factory)
{
}
@@ -167,7 +167,7 @@ public:
return ret;
}
std::shared_ptr<gen_event_filter_factory> m_filter_factory;
std::shared_ptr<sinsp_filter_factory> m_filter_factory;
};
}; // namespace
@@ -235,9 +235,9 @@ static std::shared_ptr<rule_loader::configuration> create_configuration(sinsp& i
sinsp_filter_check_list& filterchecks,
indexed_vector<falco_source>& sources)
{
auto filter_factory = std::shared_ptr<gen_event_filter_factory>(
auto filter_factory = std::shared_ptr<sinsp_filter_factory>(
new sinsp_filter_factory(&inspector, filterchecks));
auto formatter_factory = std::shared_ptr<gen_event_formatter_factory>(
auto formatter_factory = std::shared_ptr<sinsp_evt_formatter_factory>(
new sinsp_evt_formatter_factory(&inspector, filterchecks));
auto ruleset_factory = std::shared_ptr<filter_ruleset_factory>(
new evttype_index_ruleset_factory(filter_factory));
@@ -330,9 +330,9 @@ TEST(engine_loader_alt_loader, falco_engine_alternate_loader)
sinsp inspector;
sinsp_filter_check_list filterchecks;
auto filter_factory = std::shared_ptr<gen_event_filter_factory>(
auto filter_factory = std::shared_ptr<sinsp_filter_factory>(
new sinsp_filter_factory(&inspector, filterchecks));
auto formatter_factory = std::shared_ptr<gen_event_formatter_factory>(
auto formatter_factory = std::shared_ptr<sinsp_evt_formatter_factory>(
new sinsp_evt_formatter_factory(&inspector, filterchecks));
auto ruleset_factory = std::shared_ptr<filter_ruleset_factory>(
new test_ruleset_factory(filter_factory));

4
unit_tests/engine/test_enable_rule.cpp
View File

@@ -56,9 +56,9 @@ static void load_rules(falco_engine& engine, sinsp& inspector, sinsp_filter_chec
{
std::unique_ptr<falco::load_result> res;
auto filter_factory = std::shared_ptr<gen_event_filter_factory>(
auto filter_factory = std::shared_ptr<sinsp_filter_factory>(
new sinsp_filter_factory(&inspector, filterchecks));
auto formatter_factory = std::shared_ptr<gen_event_formatter_factory>(
auto formatter_factory = std::shared_ptr<sinsp_evt_formatter_factory>(
new sinsp_evt_formatter_factory(&inspector, filterchecks));
engine.add_source("syscall", filter_factory, formatter_factory);

14
unit_tests/engine/test_rulesets.cpp
View File

@@ -23,31 +23,31 @@ limitations under the License.
#define RULESET_2 2
/* Helpers methods */
static std::shared_ptr<gen_event_filter_factory> create_factory(filter_check_list& list)
static std::shared_ptr<sinsp_filter_factory> create_factory(filter_check_list& list)
{
std::shared_ptr<gen_event_filter_factory> ret(new sinsp_filter_factory(NULL, list));
std::shared_ptr<sinsp_filter_factory> ret(new sinsp_filter_factory(NULL, list));
return ret;
}
static std::shared_ptr<filter_ruleset> create_ruleset(std::shared_ptr<gen_event_filter_factory> f)
static std::shared_ptr<filter_ruleset> create_ruleset(std::shared_ptr<sinsp_filter_factory> f)
{
std::shared_ptr<filter_ruleset> ret(new evttype_index_ruleset(f));
return ret;
}
static std::shared_ptr<libsinsp::filter::ast::expr> create_ast(std::shared_ptr<gen_event_filter_factory> f)
static std::shared_ptr<libsinsp::filter::ast::expr> create_ast(std::shared_ptr<sinsp_filter_factory> f)
{
libsinsp::filter::parser parser("evt.type=open");
std::shared_ptr<libsinsp::filter::ast::expr> ret(parser.parse());
return ret;
}
static std::shared_ptr<gen_event_filter> create_filter(
std::shared_ptr<gen_event_filter_factory> f,
static std::shared_ptr<sinsp_filter> create_filter(
std::shared_ptr<sinsp_filter_factory> f,
std::shared_ptr<libsinsp::filter::ast::expr> ast)
{
sinsp_filter_compiler compiler(f, ast.get());
std::shared_ptr<gen_event_filter> filter(compiler.compile());
std::shared_ptr<sinsp_filter> filter(compiler.compile());
return filter;
}

4
unit_tests/falco/app/actions/test_configure_interesting_sets.cpp
View File

@@ -79,9 +79,9 @@ static std::shared_ptr<falco_engine> mock_engine_from_filters(const strset_t& fi
// create a falco engine and load the ruleset
sinsp_filter_check_list filterlist;
std::shared_ptr<falco_engine> res(new falco_engine());
auto filter_factory = std::shared_ptr<gen_event_filter_factory>(
auto filter_factory = std::shared_ptr<sinsp_filter_factory>(
new sinsp_filter_factory(nullptr, filterlist));
auto formatter_factory = std::shared_ptr<gen_event_formatter_factory>(
auto formatter_factory = std::shared_ptr<sinsp_evt_formatter_factory>(
new sinsp_evt_formatter_factory(nullptr, filterlist));
res->add_source(s_sample_source, filter_factory, formatter_factory);
res->load_rules(dummy_rules, "dummy_rules.yaml");