github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-04 08:04:49 +00:00
Code Issues Projects Releases Wiki Activity

chore(falco): apply code formatting

Browse Source 
Signed-off-by: Poiana <poiana.bot@gmail.com>
This commit is contained in:
Poiana
2024-09-30 10:53:51 +02:00
committed by poiana
parent 11bac9dbd2
commit 50b98b30e5
169 changed files with 8681 additions and 9539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
userspace/engine/rule_loader_collector.cpp
View File

@@ -22,102 +22,86 @@ limitations under the License.
#include "rule_loader_collector.h"
#include "rule_loading_messages.h"
#define THROW(cond, err, ctx) { if ((cond)) { throw rule_loader::rule_load_exception(falco::load_result::LOAD_ERR_VALIDATE, (err), (ctx)); } }
#define THROW(cond, err, ctx) \
{ \
if((cond)) { \
throw rule_loader::rule_load_exception(falco::load_result::LOAD_ERR_VALIDATE, \
(err), \
(ctx)); \
} \
}
static inline bool is_operator_defined(const std::string& op)
{
static inline bool is_operator_defined(const std::string& op) {
auto ops = libsinsp::filter::parser::supported_operators();
return find(ops.begin(), ops.end(), op) != ops.end();
}
template <typename T>
static inline void define_info(indexed_vector<T>& infos, T& info, uint32_t id)
{
template<typename T>
static inline void define_info(indexed_vector<T>& infos, T& info, uint32_t id) {
auto prev = infos.at(info.name);
if (prev)
{
if(prev) {
info.index = prev->index;
info.visibility = id;
*prev = info;
}
else
{
} else {
info.index = id;
info.visibility = id;
infos.insert(info, info.name);
}
}
template <typename T, typename U>
static inline void append_info(T* prev, U& info, uint32_t id)
{
template<typename T, typename U>
static inline void append_info(T* prev, U& info, uint32_t id) {
prev->visibility = id;
}
template <typename T, typename U>
static inline void replace_info(T* prev, U& info, uint32_t id)
{
template<typename T, typename U>
static inline void replace_info(T* prev, U& info, uint32_t id) {
prev->visibility = id;
}
static void validate_exception_info(
const falco_source* source,
rule_loader::rule_exception_info &ex)
{
if (ex.fields.is_list)
{
if (!ex.comps.is_valid())
{
static void validate_exception_info(const falco_source* source,
rule_loader::rule_exception_info& ex) {
if(ex.fields.is_list) {
if(!ex.comps.is_valid()) {
ex.comps.is_list = true;
for (size_t i = 0; i < ex.fields.items.size(); i++)
{
for(size_t i = 0; i < ex.fields.items.size(); i++) {
ex.comps.items.push_back(rule_loader::rule_exception_info::entry("="));
}
}
THROW(ex.fields.items.size() != ex.comps.items.size(),
"Fields and comps lists must have equal length",
ex.ctx);
for (const auto &v : ex.comps.items)
{
"Fields and comps lists must have equal length",
ex.ctx);
for(const auto& v : ex.comps.items) {
THROW(!is_operator_defined(v.item),
std::string("'") + v.item + "' is not a supported comparison operator",
ex.ctx);
}
if (source)
{
for (const auto &v : ex.fields.items)
{
if(source) {
for(const auto& v : ex.fields.items) {
THROW(!source->is_valid_lhs_field(v.item),
std::string("'") + v.item + "' is not a supported filter field",
ex.ctx);
std::string("'") + v.item + "' is not a supported filter field",
ex.ctx);
}
}
}
else
{
if (!ex.comps.is_valid())
{
} else {
if(!ex.comps.is_valid()) {
ex.comps.is_list = false;
ex.comps.item = "in";
}
THROW(ex.comps.is_list,
"Fields and comps must both be strings",
ex.ctx);
THROW(ex.comps.is_list, "Fields and comps must both be strings", ex.ctx);
THROW((ex.comps.item != "in" && ex.comps.item != "pmatch" && ex.comps.item != "intersects"),
"When fields is a single value, comps must be one of (in, pmatch, intersects)",
ex.ctx);
if (source)
{
if(source) {
THROW(!source->is_valid_lhs_field(ex.fields.item),
std::string("'") + ex.fields.item + "' is not a supported filter field",
ex.ctx);
std::string("'") + ex.fields.item + "' is not a supported filter field",
ex.ctx);
}
}
}
void rule_loader::collector::clear()
{
void rule_loader::collector::clear() {
m_cur_index = 0;
m_rule_infos.clear();
m_list_infos.clear();
@@ -125,84 +109,71 @@ void rule_loader::collector::clear()
m_required_plugin_versions.clear();
}
const std::vector<rule_loader::plugin_version_info::requirement_alternatives>& rule_loader::collector::required_plugin_versions() const
{
const std::vector<rule_loader::plugin_version_info::requirement_alternatives>&
rule_loader::collector::required_plugin_versions() const {
return m_required_plugin_versions;
}
const rule_loader::engine_version_info& rule_loader::collector::required_engine_version() const
{
const rule_loader::engine_version_info& rule_loader::collector::required_engine_version() const {
return m_required_engine_version;
}
const indexed_vector<rule_loader::list_info>& rule_loader::collector::lists() const
{
const indexed_vector<rule_loader::list_info>& rule_loader::collector::lists() const {
return m_list_infos;
}
const indexed_vector<rule_loader::macro_info>& rule_loader::collector::macros() const
{
const indexed_vector<rule_loader::macro_info>& rule_loader::collector::macros() const {
return m_macro_infos;
}
const indexed_vector<rule_loader::rule_info>& rule_loader::collector::rules() const
{
const indexed_vector<rule_loader::rule_info>& rule_loader::collector::rules() const {
return m_rule_infos;
}
void rule_loader::collector::define(configuration& cfg, engine_version_info& info)
{
void rule_loader::collector::define(configuration& cfg, engine_version_info& info) {
auto v = falco_engine::engine_version();
THROW(!v.compatible_with(info.version), "Rules require engine version "
+ info.version.as_string() + ", but engine version is " + v.as_string(),
THROW(!v.compatible_with(info.version),
"Rules require engine version " + info.version.as_string() + ", but engine version is " +
v.as_string(),
info.ctx);
// Store max required_engine_version
if(m_required_engine_version.version < info.version)
{
if(m_required_engine_version.version < info.version) {
m_required_engine_version = info;
}
}
void rule_loader::collector::define(configuration& cfg, plugin_version_info& info)
{
void rule_loader::collector::define(configuration& cfg, plugin_version_info& info) {
std::unordered_set<std::string> plugin_names;
for (const auto& req : info.alternatives)
{
for(const auto& req : info.alternatives) {
sinsp_version plugin_version(req.version);
THROW(!plugin_version.is_valid(),
"Invalid required version '" + req.version
+ "' for plugin '" + req.name + "'",
info.ctx);
"Invalid required version '" + req.version + "' for plugin '" + req.name + "'",
info.ctx);
THROW(plugin_names.find(req.name) != plugin_names.end(),
"Defined multiple alternative version requirements for plugin '"
+ req.name + "'",
info.ctx);
"Defined multiple alternative version requirements for plugin '" + req.name + "'",
info.ctx);
plugin_names.insert(req.name);
}
m_required_plugin_versions.push_back(info.alternatives);
}
void rule_loader::collector::define(configuration& cfg, list_info& info)
{
void rule_loader::collector::define(configuration& cfg, list_info& info) {
define_info(m_list_infos, info, m_cur_index++);
}
void rule_loader::collector::append(configuration& cfg, list_info& info)
{
void rule_loader::collector::append(configuration& cfg, list_info& info) {
auto prev = m_list_infos.at(info.name);
THROW(!prev, ERROR_NO_PREVIOUS_LIST, info.ctx);
prev->items.insert(prev->items.end(), info.items.begin(), info.items.end());
append_info(prev, info, m_cur_index++);
}
void rule_loader::collector::define(configuration& cfg, macro_info& info)
{
void rule_loader::collector::define(configuration& cfg, macro_info& info) {
define_info(m_macro_infos, info, m_cur_index++);
}
void rule_loader::collector::append(configuration& cfg, macro_info& info)
{
void rule_loader::collector::append(configuration& cfg, macro_info& info) {
auto prev = m_macro_infos.at(info.name);
THROW(!prev, ERROR_NO_PREVIOUS_MACRO, info.ctx);
prev->cond += " ";
@@ -210,108 +181,92 @@ void rule_loader::collector::append(configuration& cfg, macro_info& info)
append_info(prev, info, m_cur_index++);
}
void rule_loader::collector::define(configuration& cfg, rule_info& info)
{
void rule_loader::collector::define(configuration& cfg, rule_info& info) {
const auto* prev = m_rule_infos.at(info.name);
THROW(prev && prev->source != info.source,
"Rule has been re-defined with a different source",
info.ctx);
"Rule has been re-defined with a different source",
info.ctx);
const auto* source = cfg.sources.at(info.source);
if (!source)
{
if(!source) {
info.unknown_source = true;
cfg.res->add_warning(falco::load_result::LOAD_UNKNOWN_SOURCE,
"Unknown source " + info.source + ", skipping",
info.ctx);
"Unknown source " + info.source + ", skipping",
info.ctx);
}
for (auto &ex : info.exceptions)
{
for(auto& ex : info.exceptions) {
THROW(!ex.fields.is_valid(),
"Rule exception item must have fields property with a list of fields",
ex.ctx);
"Rule exception item must have fields property with a list of fields",
ex.ctx);
validate_exception_info(source, ex);
}
define_info(m_rule_infos, info, m_cur_index++);
}
void rule_loader::collector::append(configuration& cfg, rule_update_info& info)
{
void rule_loader::collector::append(configuration& cfg, rule_update_info& info) {
auto prev = m_rule_infos.at(info.name);
THROW(!prev, ERROR_NO_PREVIOUS_RULE_APPEND, info.ctx);
THROW(!info.has_any_value(),
"Appended rule must have exceptions or condition property",
// "Appended rule must have at least one field that can be appended to", // TODO replace with this and update testing
info.ctx);
"Appended rule must have exceptions or condition property",
// "Appended rule must have at least one field that can be appended to", // TODO replace
// with this and update testing
info.ctx);
// note: source can be nullptr in case we've collected a
// rule for which the source is unknown
const falco_source* source = nullptr;
if (!prev->unknown_source)
{
if(!prev->unknown_source) {
// note: if the source is not unknown, this should not return nullptr
source = cfg.sources.at(prev->source);
THROW(!source,
std::string("Unknown source ") + prev->source,
info.ctx);
THROW(!source, std::string("Unknown source ") + prev->source, info.ctx);
}
if (info.cond.has_value() && !info.cond->empty())
{
if(info.cond.has_value() && !info.cond->empty()) {
prev->cond += " ";
prev->cond += *info.cond;
}
if (info.output.has_value() && !info.output->empty())
{
if(info.output.has_value() && !info.output->empty()) {
prev->output += " ";
prev->output += *info.output;
}
if (info.desc.has_value() && !info.desc->empty())
{
if(info.desc.has_value() && !info.desc->empty()) {
prev->desc += " ";
prev->desc += *info.desc;
}
if (info.tags.has_value())
{
for (auto &tag: *info.tags)
{
if(info.tags.has_value()) {
for(auto& tag : *info.tags) {
prev->tags.insert(tag);
}
}
if (info.exceptions.has_value())
{
for (auto &ex : *info.exceptions)
{
auto prev_ex = find_if(prev->exceptions.begin(), prev->exceptions.end(),
[&ex](const rule_loader::rule_exception_info& i)
{ return i.name == ex.name; });
if (prev_ex == prev->exceptions.end())
{
if(info.exceptions.has_value()) {
for(auto& ex : *info.exceptions) {
auto prev_ex = find_if(
prev->exceptions.begin(),
prev->exceptions.end(),
[&ex](const rule_loader::rule_exception_info& i) { return i.name == ex.name; });
if(prev_ex == prev->exceptions.end()) {
THROW(!ex.fields.is_valid(),
"Rule exception must have fields property with a list of fields",
ex.ctx);
"Rule exception must have fields property with a list of fields",
ex.ctx);
THROW(ex.values.empty(),
"Rule exception must have values property with a list of values",
ex.ctx);
"Rule exception must have values property with a list of values",
ex.ctx);
validate_exception_info(source, ex);
prev->exceptions.push_back(ex);
}
else
{
} else {
THROW(ex.fields.is_valid(),
"Can not append exception fields to existing exception, only values",
ex.ctx);
"Can not append exception fields to existing exception, only values",
ex.ctx);
THROW(ex.comps.is_valid(),
"Can not append exception comps to existing exception, only values",
ex.ctx);
prev_ex->values.insert(
prev_ex->values.end(), ex.values.begin(), ex.values.end());
"Can not append exception comps to existing exception, only values",
ex.ctx);
prev_ex->values.insert(prev_ex->values.end(), ex.values.begin(), ex.values.end());
}
}
}
@@ -319,80 +274,64 @@ void rule_loader::collector::append(configuration& cfg, rule_update_info& info)
append_info(prev, info, m_cur_index++);
}
void rule_loader::collector::selective_replace(configuration& cfg, rule_update_info& info)
{
void rule_loader::collector::selective_replace(configuration& cfg, rule_update_info& info) {
auto prev = m_rule_infos.at(info.name);
THROW(!prev, ERROR_NO_PREVIOUS_RULE_REPLACE, info.ctx);
THROW(!info.has_any_value(),
"The rule must have at least one field that can be replaced",
info.ctx);
"The rule must have at least one field that can be replaced",
info.ctx);
// note: source can be nullptr in case we've collected a
// rule for which the source is unknown
const falco_source* source = nullptr;
if (!prev->unknown_source)
{
if(!prev->unknown_source) {
// note: if the source is not unknown, this should not return nullptr
source = cfg.sources.at(prev->source);
THROW(!source,
std::string("Unknown source ") + prev->source,
info.ctx);
THROW(!source, std::string("Unknown source ") + prev->source, info.ctx);
}
if (info.cond.has_value())
{
if(info.cond.has_value()) {
prev->cond = *info.cond;
}
if (info.output.has_value())
{
if(info.output.has_value()) {
prev->output = *info.output;
}
if (info.desc.has_value())
{
if(info.desc.has_value()) {
prev->desc = *info.desc;
}
if (info.tags.has_value())
{
if(info.tags.has_value()) {
prev->tags = *info.tags;
}
if (info.exceptions.has_value())
{
if(info.exceptions.has_value()) {
prev->exceptions = *info.exceptions;
}
if (info.priority.has_value())
{
if(info.priority.has_value()) {
prev->priority = *info.priority;
}
if (info.enabled.has_value())
{
if(info.enabled.has_value()) {
prev->enabled = *info.enabled;
}
if (info.warn_evttypes.has_value())
{
if(info.warn_evttypes.has_value()) {
prev->warn_evttypes = *info.warn_evttypes;
}
if (info.skip_if_unknown_filter.has_value())
{
if(info.skip_if_unknown_filter.has_value()) {
prev->skip_if_unknown_filter = *info.skip_if_unknown_filter;
}
replace_info(prev, info, m_cur_index++);
}
void rule_loader::collector::enable(configuration& cfg, rule_info& info)
{
void rule_loader::collector::enable(configuration& cfg, rule_info& info) {
auto prev = m_rule_infos.at(info.name);
THROW(!prev,
"Rule has 'enabled' key but no rule by that name already exists",
info.ctx);
THROW(!prev, "Rule has 'enabled' key but no rule by that name already exists", info.ctx);
prev->enabled = info.enabled;
}