github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-04 08:04:49 +00:00
Code Issues Projects Releases Wiki Activity

update(rule_loader): deprecate all non-SemVer compatible values

Browse Source 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
This commit is contained in:
Andrea Terzolo
2024-01-04 17:06:52 +01:00
committed by poiana
parent 2367d36867
commit 5ac005bd4d
3 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
unit_tests/engine/test_rule_loader.cpp
View File

@@ -549,3 +549,57 @@ TEST_F(engine_loader_test, rewrite_rule)
auto rule_description = m_engine->describe_rule(&rule_name, {}); auto rule_description = m_engine->describe_rule(&rule_name, {});
ASSERT_EQ(rule_description["rules"][0]["details"]["condition_compiled"].template get<std::string>(), "proc.name = cat"); ASSERT_EQ(rule_description["rules"][0]["details"]["condition_compiled"].template get<std::string>(), "proc.name = cat");
} }
TEST_F(engine_loader_test, required_engine_version_semver)
{
std::string rules_content = R"END(
- required_engine_version: 0.26.0
- rule: test_rule
desc: test rule description
condition: evt.type = close
output: user=%user.name command=%proc.cmdline file=%fd.name
priority: INFO
enabled: false
)END";
ASSERT_TRUE(load_rules(rules_content, "rules.yaml"));
ASSERT_FALSE(has_warnings());
}
TEST_F(engine_loader_test, required_engine_version_not_semver)
{
std::string rules_content = R"END(
- required_engine_version: 26
- rule: test_rule
desc: test rule description
condition: evt.type = close
output: user=%user.name command=%proc.cmdline file=%fd.name
priority: INFO
enabled: false
)END";
ASSERT_TRUE(load_rules(rules_content, "rules.yaml"));
ASSERT_TRUE(check_warning_message(WARNING_ENGINE_VERSION_NOT_SEMVER));
}
TEST_F(engine_loader_test, required_engine_version_invalid)
{
std::string rules_content = R"END(
- required_engine_version: seven
- rule: test_rule
desc: test rule description
condition: evt.type = close
output: user=%user.name command=%proc.cmdline file=%fd.name
priority: INFO
enabled: false
)END";
ASSERT_FALSE(load_rules(rules_content, "rules.yaml"));
ASSERT_TRUE(check_error_message("Unable to parse engine version"));
}

1
userspace/engine/rule_loader_reader.cpp
View File

@@ -368,6 +368,7 @@ static void read_item(
// Build proper semver representation // Build proper semver representation
v.version = rule_loader::reader::get_implicit_engine_version(ver); v.version = rule_loader::reader::get_implicit_engine_version(ver);
cfg.res->add_warning(falco::load_result::LOAD_DEPRECATED_ITEM, WARNING_ENGINE_VERSION_NOT_SEMVER, ctx);
} }
catch(std::exception& e) catch(std::exception& e)
{ {

3
userspace/engine/rule_loader_reader.h
View File

@@ -32,6 +32,9 @@ limitations under the License.
// Warning message used when `enabled` is used without override. // Warning message used when `enabled` is used without override.
#define WARNING_ENABLED_MESSAGE "The standalone 'enabled' key usage is deprecated. The correct approach requires also a 'replace' entry under the 'override' key (i.e. 'enabled: replace')." #define WARNING_ENABLED_MESSAGE "The standalone 'enabled' key usage is deprecated. The correct approach requires also a 'replace' entry under the 'override' key (i.e. 'enabled: replace')."
// Warning message used when the `required_engine_version` is not semver compatible.
#define WARNING_ENGINE_VERSION_NOT_SEMVER "The 'required_engine_version' should be SemVer compatible. All non-SemVer compatible values are deprecated."
namespace rule_loader namespace rule_loader
{ {