mirror of
https://github.com/falcosecurity/falco.git
synced 2025-09-12 21:16:33 +00:00
refactor: remove refs to gen_event class family
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
poiana
@@ -20,7 +20,7 @@ limitations under the License.
|
||||
#include <algorithm>
|
||||
|
||||
evttype_index_ruleset::evttype_index_ruleset(
|
||||
std::shared_ptr<gen_event_filter_factory> f): m_filter_factory(f)
|
||||
std::shared_ptr<sinsp_filter_factory> f): m_filter_factory(f)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -111,7 +111,7 @@ uint64_t evttype_index_ruleset::ruleset_filters::num_filters()
|
||||
return m_filters.size();
|
||||
}
|
||||
|
||||
bool evttype_index_ruleset::ruleset_filters::run(gen_event *evt, falco_rule& match)
|
||||
bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, falco_rule& match)
|
||||
{
|
||||
if(evt->get_type() < m_filter_by_event_type.size())
|
||||
{
|
||||
@@ -138,7 +138,7 @@ bool evttype_index_ruleset::ruleset_filters::run(gen_event *evt, falco_rule& mat
|
||||
return false;
|
||||
}
|
||||
|
||||
bool evttype_index_ruleset::ruleset_filters::run(gen_event *evt, std::vector<falco_rule>& matches)
|
||||
bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, std::vector<falco_rule>& matches)
|
||||
{
|
||||
bool match_found = false;
|
||||
|
||||
@@ -194,7 +194,7 @@ libsinsp::events::set<ppm_event_code> evttype_index_ruleset::ruleset_filters::ev
|
||||
|
||||
void evttype_index_ruleset::add(
|
||||
const falco_rule& rule,
|
||||
std::shared_ptr<gen_event_filter> filter,
|
||||
std::shared_ptr<sinsp_filter> filter,
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> condition)
|
||||
{
|
||||
try
|
||||
@@ -332,7 +332,7 @@ uint64_t evttype_index_ruleset::enabled_count(uint16_t ruleset_id)
|
||||
return m_rulesets[ruleset_id]->num_filters();
|
||||
}
|
||||
|
||||
bool evttype_index_ruleset::run(gen_event *evt, falco_rule& match, uint16_t ruleset_id)
|
||||
bool evttype_index_ruleset::run(sinsp_evt *evt, falco_rule& match, uint16_t ruleset_id)
|
||||
{
|
||||
if(m_rulesets.size() < (size_t)ruleset_id + 1)
|
||||
{
|
||||
@@ -342,7 +342,7 @@ bool evttype_index_ruleset::run(gen_event *evt, falco_rule& match, uint16_t rule
|
||||
return m_rulesets[ruleset_id]->run(evt, match);
|
||||
}
|
||||
|
||||
bool evttype_index_ruleset::run(gen_event *evt, std::vector<falco_rule>& matches, uint16_t ruleset_id)
|
||||
bool evttype_index_ruleset::run(sinsp_evt *evt, std::vector<falco_rule>& matches, uint16_t ruleset_id)
|
||||
{
|
||||
if(m_rulesets.size() < (size_t)ruleset_id + 1)
|
||||
{
|
||||
|
||||
@@ -27,7 +27,6 @@ limitations under the License.
|
||||
#include <libsinsp/sinsp.h>
|
||||
#include <libsinsp/filter.h>
|
||||
#include <libsinsp/event.h>
|
||||
#include <libsinsp/gen_filter.h>
|
||||
|
||||
/*!
|
||||
\brief A filter_ruleset that indexes enabled rules by event type,
|
||||
@@ -36,18 +35,18 @@ limitations under the License.
|
||||
class evttype_index_ruleset: public filter_ruleset
|
||||
{
|
||||
public:
|
||||
evttype_index_ruleset(std::shared_ptr<gen_event_filter_factory> factory);
|
||||
evttype_index_ruleset(std::shared_ptr<sinsp_filter_factory> factory);
|
||||
virtual ~evttype_index_ruleset();
|
||||
|
||||
void add(
|
||||
const falco_rule& rule,
|
||||
std::shared_ptr<gen_event_filter> filter,
|
||||
std::shared_ptr<sinsp_filter> filter,
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> condition) override;
|
||||
|
||||
void clear() override;
|
||||
|
||||
bool run(gen_event *evt, falco_rule& match, uint16_t ruleset_id) override;
|
||||
bool run(gen_event *evt, std::vector<falco_rule>&matches, uint16_t ruleset_id) override;
|
||||
bool run(sinsp_evt *evt, falco_rule& match, uint16_t ruleset_id) override;
|
||||
bool run(sinsp_evt *evt, std::vector<falco_rule>&matches, uint16_t ruleset_id) override;
|
||||
|
||||
uint64_t enabled_count(uint16_t ruleset_id) override;
|
||||
|
||||
@@ -102,7 +101,7 @@ private:
|
||||
falco_rule rule;
|
||||
libsinsp::events::set<ppm_sc_code> sc_codes;
|
||||
libsinsp::events::set<ppm_event_code> event_codes;
|
||||
std::shared_ptr<gen_event_filter> filter;
|
||||
std::shared_ptr<sinsp_filter> filter;
|
||||
};
|
||||
|
||||
typedef std::list<std::shared_ptr<filter_wrapper>> filter_wrapper_list;
|
||||
@@ -121,11 +120,11 @@ private:
|
||||
|
||||
// Evaluate an event against the ruleset and return the first rule
|
||||
// that matched.
|
||||
bool run(gen_event *evt, falco_rule& match);
|
||||
bool run(sinsp_evt *evt, falco_rule& match);
|
||||
|
||||
// Evaluate an event against the ruleset and return all the
|
||||
// matching rules.
|
||||
bool run(gen_event *evt, std::vector<falco_rule>& matches);
|
||||
bool run(sinsp_evt *evt, std::vector<falco_rule>& matches);
|
||||
|
||||
libsinsp::events::set<ppm_sc_code> sc_codes();
|
||||
|
||||
@@ -152,7 +151,7 @@ private:
|
||||
// All filters added. The set of enabled filters is held in m_rulesets
|
||||
std::set<std::shared_ptr<filter_wrapper>> m_filters;
|
||||
|
||||
std::shared_ptr<gen_event_filter_factory> m_filter_factory;
|
||||
std::shared_ptr<sinsp_filter_factory> m_filter_factory;
|
||||
std::vector<std::string> m_ruleset_names;
|
||||
};
|
||||
|
||||
@@ -160,7 +159,7 @@ class evttype_index_ruleset_factory: public filter_ruleset_factory
|
||||
{
|
||||
public:
|
||||
inline evttype_index_ruleset_factory(
|
||||
std::shared_ptr<gen_event_filter_factory> factory
|
||||
std::shared_ptr<sinsp_filter_factory> factory
|
||||
): m_filter_factory(factory) { }
|
||||
|
||||
inline std::shared_ptr<filter_ruleset> new_ruleset() override
|
||||
@@ -171,5 +170,5 @@ public:
|
||||
}
|
||||
|
||||
private:
|
||||
std::shared_ptr<gen_event_filter_factory> m_filter_factory;
|
||||
std::shared_ptr<sinsp_filter_factory> m_filter_factory;
|
||||
};
|
||||
|
||||
@@ -115,7 +115,7 @@ std::shared_ptr<rule_loader::compiler> falco_engine::get_rule_compiler()
|
||||
|
||||
// Return a key that uniquely represents a field class.
|
||||
// For now, we assume name + shortdesc is unique.
|
||||
static std::string fieldclass_key(const gen_event_filter_factory::filter_fieldclass_info &fld_info)
|
||||
static std::string fieldclass_key(const sinsp_filter_factory::filter_fieldclass_info &fld_info)
|
||||
{
|
||||
return fld_info.name + fld_info.shortdesc;
|
||||
}
|
||||
@@ -372,14 +372,14 @@ libsinsp::events::set<ppm_event_code> falco_engine::event_codes_for_ruleset(cons
|
||||
return find_source(source)->ruleset->enabled_event_codes(find_ruleset_id(ruleset));
|
||||
}
|
||||
|
||||
std::shared_ptr<gen_event_formatter> falco_engine::create_formatter(const std::string &source,
|
||||
std::shared_ptr<sinsp_evt_formatter> falco_engine::create_formatter(const std::string &source,
|
||||
const std::string &output) const
|
||||
{
|
||||
return find_source(source)->formatter_factory->create_formatter(output);
|
||||
}
|
||||
|
||||
std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_event(std::size_t source_idx,
|
||||
gen_event *ev, uint16_t ruleset_id, falco_common::rule_matching strategy)
|
||||
sinsp_evt *ev, uint16_t ruleset_id, falco_common::rule_matching strategy)
|
||||
{
|
||||
// note: there are no thread-safety guarantees on the filter_ruleset::run()
|
||||
// method, but the thread-safety assumptions of falco_engine::process_event()
|
||||
@@ -437,14 +437,14 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
|
||||
}
|
||||
|
||||
std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_event(std::size_t source_idx,
|
||||
gen_event *ev, falco_common::rule_matching strategy)
|
||||
sinsp_evt *ev, falco_common::rule_matching strategy)
|
||||
{
|
||||
return process_event(source_idx, ev, m_default_ruleset_id, strategy);
|
||||
}
|
||||
|
||||
std::size_t falco_engine::add_source(const std::string &source,
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory,
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory)
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory,
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory)
|
||||
{
|
||||
// evttype_index_ruleset is the default ruleset implementation
|
||||
std::shared_ptr<filter_ruleset_factory> ruleset_factory(
|
||||
@@ -460,8 +460,8 @@ std::size_t falco_engine::add_source(const std::string &source,
|
||||
}
|
||||
|
||||
std::size_t falco_engine::add_source(const std::string &source,
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory,
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory,
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory,
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory,
|
||||
std::shared_ptr<filter_ruleset_factory> ruleset_factory)
|
||||
{
|
||||
falco_source src;
|
||||
@@ -892,22 +892,22 @@ bool falco_engine::is_source_valid(const std::string &source) const
|
||||
return m_sources.at(source) != nullptr;
|
||||
}
|
||||
|
||||
std::shared_ptr<gen_event_filter_factory> falco_engine::filter_factory_for_source(const std::string& source)
|
||||
std::shared_ptr<sinsp_filter_factory> falco_engine::filter_factory_for_source(const std::string& source)
|
||||
{
|
||||
return find_source(source)->filter_factory;
|
||||
}
|
||||
|
||||
std::shared_ptr<gen_event_filter_factory> falco_engine::filter_factory_for_source(std::size_t source_idx)
|
||||
std::shared_ptr<sinsp_filter_factory> falco_engine::filter_factory_for_source(std::size_t source_idx)
|
||||
{
|
||||
return find_source(source_idx)->filter_factory;
|
||||
}
|
||||
|
||||
std::shared_ptr<gen_event_formatter_factory> falco_engine::formatter_factory_for_source(const std::string& source)
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> falco_engine::formatter_factory_for_source(const std::string& source)
|
||||
{
|
||||
return find_source(source)->formatter_factory;
|
||||
}
|
||||
|
||||
std::shared_ptr<gen_event_formatter_factory> falco_engine::formatter_factory_for_source(std::size_t source_idx)
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> falco_engine::formatter_factory_for_source(std::size_t source_idx)
|
||||
{
|
||||
return find_source(source_idx)->formatter_factory;
|
||||
}
|
||||
|
||||
@@ -15,12 +15,6 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Gen filtering TODO
|
||||
// - DONE Clean up use/sharing of factories amongst engine-related classes.
|
||||
// - DONE Fix outputs to actually use factories
|
||||
// - Review gen_filter apis to see if they have only the required interfaces
|
||||
// - Fix json filterchecks to split json and evt.time filterchecks.
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <atomic>
|
||||
@@ -30,7 +24,6 @@ limitations under the License.
|
||||
|
||||
#include <nlohmann/json.hpp>
|
||||
|
||||
#include <libsinsp/gen_filter.h>
|
||||
#include "filter_ruleset.h"
|
||||
#include "rule_loader.h"
|
||||
#include "rule_loader_reader.h"
|
||||
@@ -180,7 +173,7 @@ public:
|
||||
// Represents the result of matching an event against a set of
|
||||
// rules.
|
||||
struct rule_result {
|
||||
gen_event *evt;
|
||||
sinsp_evt *evt;
|
||||
std::string rule;
|
||||
std::string source;
|
||||
falco_common::priority_type priority_num;
|
||||
@@ -214,7 +207,7 @@ public:
|
||||
// concurrently with the same source_idx would inherently cause data races
|
||||
// and lead to undefined behavior.
|
||||
std::unique_ptr<std::vector<rule_result>> process_event(std::size_t source_idx,
|
||||
gen_event *ev, uint16_t ruleset_id, falco_common::rule_matching strategy);
|
||||
sinsp_evt *ev, uint16_t ruleset_id, falco_common::rule_matching strategy);
|
||||
|
||||
//
|
||||
// Wrapper assuming the default ruleset.
|
||||
@@ -222,7 +215,7 @@ public:
|
||||
// This inherits the same thread-safety guarantees.
|
||||
//
|
||||
std::unique_ptr<std::vector<rule_result>> process_event(std::size_t source_idx,
|
||||
gen_event *ev, falco_common::rule_matching strategy);
|
||||
sinsp_evt *ev, falco_common::rule_matching strategy);
|
||||
|
||||
//
|
||||
// Configure the engine to support events with the provided
|
||||
@@ -230,16 +223,16 @@ public:
|
||||
// Return source index for fast lookup.
|
||||
//
|
||||
std::size_t add_source(const std::string &source,
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory,
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory);
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory,
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory);
|
||||
|
||||
//
|
||||
// Equivalent to above, but allows specifying a ruleset factory
|
||||
// for the newly added source.
|
||||
//
|
||||
std::size_t add_source(const std::string &source,
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory,
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory,
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory,
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory,
|
||||
std::shared_ptr<filter_ruleset_factory> ruleset_factory);
|
||||
|
||||
// Return whether or not there is a valid filter/formatter
|
||||
@@ -250,15 +243,15 @@ public:
|
||||
// Given a source, return a formatter factory that can create
|
||||
// filters for events of that source.
|
||||
//
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory_for_source(const std::string& source);
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory_for_source(std::size_t source_idx);
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory_for_source(const std::string& source);
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory_for_source(std::size_t source_idx);
|
||||
|
||||
//
|
||||
// Given a source, return a formatter factory that can create
|
||||
// formatters for an event.
|
||||
//
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory_for_source(const std::string& source);
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory_for_source(std::size_t source_idx);
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory_for_source(const std::string& source);
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory_for_source(std::size_t source_idx);
|
||||
|
||||
//
|
||||
// Given a source, return a ruleset factory that can create
|
||||
@@ -300,10 +293,10 @@ public:
|
||||
|
||||
//
|
||||
// Given a source and output string, return an
|
||||
// gen_event_formatter that can format output strings for an
|
||||
// sinsp_evt_formatter that can format output strings for an
|
||||
// event.
|
||||
//
|
||||
std::shared_ptr<gen_event_formatter> create_formatter(const std::string &source,
|
||||
std::shared_ptr<sinsp_evt_formatter> create_formatter(const std::string &source,
|
||||
const std::string &output) const;
|
||||
|
||||
// The rule loader definition is aliased as it is exactly what we need
|
||||
|
||||
@@ -83,5 +83,5 @@ struct falco_rule
|
||||
std::set<std::string> exception_fields;
|
||||
falco_common::priority_type priority;
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> condition;
|
||||
std::shared_ptr<gen_event_filter> filter;
|
||||
std::shared_ptr<sinsp_filter> filter;
|
||||
};
|
||||
|
||||
@@ -49,8 +49,8 @@ struct falco_source
|
||||
std::string name;
|
||||
std::shared_ptr<filter_ruleset> ruleset;
|
||||
std::shared_ptr<filter_ruleset_factory> ruleset_factory;
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory;
|
||||
std::shared_ptr<gen_event_formatter_factory> formatter_factory;
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory;
|
||||
std::shared_ptr<sinsp_evt_formatter_factory> formatter_factory;
|
||||
|
||||
// Used by the filter_ruleset interface. Filled in when a rule
|
||||
// matches an event.
|
||||
|
||||
@@ -22,7 +22,6 @@ limitations under the License.
|
||||
#include <libsinsp/filter/ast.h>
|
||||
#include <libsinsp/filter.h>
|
||||
#include <libsinsp/event.h>
|
||||
#include <libsinsp/gen_filter.h>
|
||||
#include <libsinsp/events/sinsp_events.h>
|
||||
|
||||
/*!
|
||||
@@ -61,7 +60,7 @@ public:
|
||||
*/
|
||||
virtual void add(
|
||||
const falco_rule& rule,
|
||||
std::shared_ptr<gen_event_filter> filter,
|
||||
std::shared_ptr<sinsp_filter> filter,
|
||||
std::shared_ptr<libsinsp::filter::ast::expr> condition) = 0;
|
||||
|
||||
/*!
|
||||
@@ -114,7 +113,7 @@ public:
|
||||
\param ruleset_id The id of the ruleset to be used
|
||||
*/
|
||||
virtual bool run(
|
||||
gen_event *evt,
|
||||
sinsp_evt *evt,
|
||||
falco_rule& match,
|
||||
uint16_t ruleset_id) = 0;
|
||||
|
||||
@@ -127,7 +126,7 @@ public:
|
||||
\param ruleset_id The id of the ruleset to be used
|
||||
*/
|
||||
virtual bool run(
|
||||
gen_event *evt,
|
||||
sinsp_evt *evt,
|
||||
std::vector<falco_rule>& matches,
|
||||
uint16_t ruleset_id) = 0;
|
||||
|
||||
|
||||
@@ -33,20 +33,20 @@ falco_formats::~falco_formats()
|
||||
{
|
||||
}
|
||||
|
||||
std::string falco_formats::format_event(gen_event *evt, const std::string &rule, const std::string &source,
|
||||
std::string falco_formats::format_event(sinsp_evt *evt, const std::string &rule, const std::string &source,
|
||||
const std::string &level, const std::string &format, std::set<std::string> &tags,
|
||||
const std::string &hostname) const
|
||||
{
|
||||
std::string line;
|
||||
|
||||
std::shared_ptr<gen_event_formatter> formatter;
|
||||
std::shared_ptr<sinsp_evt_formatter> formatter;
|
||||
|
||||
formatter = m_falco_engine->create_formatter(source, format);
|
||||
|
||||
// Format the original output string, regardless of output format
|
||||
formatter->tostring_withformat(evt, line, gen_event_formatter::OF_NORMAL);
|
||||
formatter->tostring_withformat(evt, line, sinsp_evt_formatter::OF_NORMAL);
|
||||
|
||||
if(formatter->get_output_format() == gen_event_formatter::OF_JSON)
|
||||
if(formatter->get_output_format() == sinsp_evt_formatter::OF_JSON)
|
||||
{
|
||||
std::string json_line;
|
||||
|
||||
@@ -131,10 +131,10 @@ std::string falco_formats::format_event(gen_event *evt, const std::string &rule,
|
||||
return line.c_str();
|
||||
}
|
||||
|
||||
std::map<std::string, std::string> falco_formats::get_field_values(gen_event *evt, const std::string &source,
|
||||
std::map<std::string, std::string> falco_formats::get_field_values(sinsp_evt *evt, const std::string &source,
|
||||
const std::string &format) const
|
||||
{
|
||||
std::shared_ptr<gen_event_formatter> formatter;
|
||||
std::shared_ptr<sinsp_evt_formatter> formatter;
|
||||
|
||||
formatter = m_falco_engine->create_formatter(source, format);
|
||||
|
||||
|
||||
@@ -19,7 +19,6 @@ limitations under the License.
|
||||
|
||||
#include <string>
|
||||
#include <map>
|
||||
#include <libsinsp/gen_filter.h>
|
||||
#include "falco_engine.h"
|
||||
|
||||
class falco_formats
|
||||
@@ -30,11 +29,11 @@ public:
|
||||
bool json_include_tags_property);
|
||||
virtual ~falco_formats();
|
||||
|
||||
std::string format_event(gen_event *evt, const std::string &rule, const std::string &source,
|
||||
std::string format_event(sinsp_evt *evt, const std::string &rule, const std::string &source,
|
||||
const std::string &level, const std::string &format, std::set<std::string> &tags,
|
||||
const std::string &hostname) const;
|
||||
|
||||
std::map<std::string, std::string> get_field_values(gen_event *evt, const std::string &source,
|
||||
std::map<std::string, std::string> get_field_values(sinsp_evt *evt, const std::string &source,
|
||||
const std::string &format) const ;
|
||||
|
||||
protected:
|
||||
|
||||
@@ -60,7 +60,7 @@ static bool is_format_valid(const falco_source& source, std::string fmt, std::st
|
||||
{
|
||||
try
|
||||
{
|
||||
std::shared_ptr<gen_event_formatter> formatter;
|
||||
std::shared_ptr<sinsp_evt_formatter> formatter;
|
||||
formatter = source.formatter_factory->create_formatter(fmt);
|
||||
return true;
|
||||
}
|
||||
@@ -410,13 +410,13 @@ bool rule_loader::compiler::compile_condition(
|
||||
indexed_vector<falco_list>& lists,
|
||||
const indexed_vector<rule_loader::macro_info>& macros,
|
||||
const std::string& condition,
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory,
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory,
|
||||
rule_loader::context cond_ctx,
|
||||
rule_loader::context parent_ctx,
|
||||
bool allow_unknown_fields,
|
||||
indexed_vector<falco_macro>& macros_out,
|
||||
std::shared_ptr<libsinsp::filter::ast::expr>& ast_out,
|
||||
std::shared_ptr<gen_event_filter>& filter_out) const
|
||||
std::shared_ptr<sinsp_filter>& filter_out) const
|
||||
{
|
||||
std::set<falco::load_result::load_result::warning_code> warn_codes;
|
||||
filter_warning_resolver warn_resolver;
|
||||
|
||||
@@ -64,13 +64,13 @@ protected:
|
||||
indexed_vector<falco_list>& lists,
|
||||
const indexed_vector<rule_loader::macro_info>& macros,
|
||||
const std::string& condition,
|
||||
std::shared_ptr<gen_event_filter_factory> filter_factory,
|
||||
std::shared_ptr<sinsp_filter_factory> filter_factory,
|
||||
rule_loader::context cond_ctx,
|
||||
rule_loader::context parent_ctx,
|
||||
bool allow_unknown_fields,
|
||||
indexed_vector<falco_macro>& macros_out,
|
||||
std::shared_ptr<libsinsp::filter::ast::expr>& ast_out,
|
||||
std::shared_ptr<gen_event_filter>& filter_out) const;
|
||||
std::shared_ptr<sinsp_filter>& filter_out) const;
|
||||
|
||||
private:
|
||||
void compile_list_infos(
|
||||
|
||||
Reference in New Issue
Block a user