github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-25 06:12:06 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(metrics): use filesystem lib to derive file names + build fix

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2024-05-09 16:48:11 +00:00 committed by poiana
parent 34ecd39113
commit 67a5015be7
6 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
userspace/engine/falco_utils.cpp
View File

@ -22,8 +22,9 @@ limitations under the License.
#include <libsinsp/utils.h> #include <libsinsp/utils.h>
#include <re2/re2.h> #include <re2/re2.h>
#if defined(__linux__)
#include <openssl/sha.h> #include <openssl/sha.h>
#endif
#include <cstring> #include <cstring>
#include <fstream> #include <fstream>
#include <iomanip> #include <iomanip>
@ -118,6 +119,7 @@ uint64_t parse_prometheus_interval(std::string interval_str)
return interval; return interval;
} }
#if defined(__linux__)
std::string calculate_file_sha256sum(const std::string& filename) std::string calculate_file_sha256sum(const std::string& filename)
{ {
std::ifstream file(filename, std::ios::binary); std::ifstream file(filename, std::ios::binary);
@ -147,6 +149,7 @@ std::string calculate_file_sha256sum(const std::string& filename)
} }
return ss.str(); return ss.str();
} }
#endif
std::string wrap_text(const std::string& in, uint32_t indent, uint32_t line_len) std::string wrap_text(const std::string& in, uint32_t indent, uint32_t line_len)
{ {

2
userspace/engine/falco_utils.h
View File

@ -27,7 +27,9 @@ namespace falco::utils
{ {
uint64_t parse_prometheus_interval(std::string interval_str); uint64_t parse_prometheus_interval(std::string interval_str);
#if defined(__linux__)
std::string calculate_file_sha256sum(const std::string& filename); std::string calculate_file_sha256sum(const std::string& filename);
#endif
std::string wrap_text(const std::string& in, uint32_t indent, uint32_t linelen); std::string wrap_text(const std::string& in, uint32_t indent, uint32_t linelen);

2
userspace/falco/app/actions/load_rules_files.cpp
View File

@ -84,7 +84,9 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
{ {
falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n"); falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n");
} }
#if defined(__linux__)
s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename));
#endif
} }
// note: we have an egg-and-chicken problem here. We would like to check // note: we have an egg-and-chicken problem here. We would like to check

2
userspace/falco/configuration.cpp
View File

@ -161,10 +161,12 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st
} }
} }
#if defined(__linux__)
for(auto &filename : m_loaded_configs_filenames) for(auto &filename : m_loaded_configs_filenames)
{ {
m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename));
} }
#endif
} }
void falco_configuration::init_logger() void falco_configuration::init_logger()

13
userspace/falco/falco_metrics.cpp
View File

@ -20,7 +20,8 @@ limitations under the License.
#include "app/state.h" #include "app/state.h"
#include <libsinsp/sinsp.h> #include <libsinsp/sinsp.h>
#include <re2/re2.h>
namespace fs = std::filesystem;
/*! /*!
\class falco_metrics \class falco_metrics
@ -83,12 +84,13 @@ std::string falco_metrics::to_text(const falco::app::state& state)
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("kernel_release", "falcosecurity", "falco", {{"kernel_release", agent_info->uname_r}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("kernel_release", "falcosecurity", "falco", {{"kernel_release", agent_info->uname_r}});
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}});
#if defined(__linux__)
auto it_filename = state.config.get()->m_loaded_rules_filenames.begin(); auto it_filename = state.config.get()->m_loaded_rules_filenames.begin();
auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin(); auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin();
while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end()) while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end())
{ {
std::string metric_name_file_sha256 = *it_filename; fs::path fs_path = *it_filename;
RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); std::string metric_name_file_sha256 = fs_path.filename().stem();
metric_name_file_sha256 = "sha256_rule_file_" + metric_name_file_sha256; metric_name_file_sha256 = "sha256_rule_file_" + metric_name_file_sha256;
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}});
++it_filename; ++it_filename;
@ -99,13 +101,14 @@ std::string falco_metrics::to_text(const falco::app::state& state)
it_sha256 = state.config.get()->m_loaded_configs_filenames_sha256sum.begin(); it_sha256 = state.config.get()->m_loaded_configs_filenames_sha256sum.begin();
while (it_filename != state.config.get()->m_loaded_configs_filenames.end() && it_sha256 != state.config.get()->m_loaded_configs_filenames_sha256sum.end()) while (it_filename != state.config.get()->m_loaded_configs_filenames.end() && it_sha256 != state.config.get()->m_loaded_configs_filenames_sha256sum.end())
{ {
std::string metric_name_file_sha256 = *it_filename; fs::path fs_path = *it_filename;
RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); std::string metric_name_file_sha256 = fs_path.filename().stem();
metric_name_file_sha256 = "sha256_config_file_" + metric_name_file_sha256; metric_name_file_sha256 = "sha256_config_file_" + metric_name_file_sha256;
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}});
++it_filename; ++it_filename;
++it_sha256; ++it_sha256;
} }
#endif
for (const std::string& source: inspector->event_sources()) for (const std::string& source: inspector->event_sources())
{ {

14
userspace/falco/stats_writer.cpp
View File

@ -23,7 +23,6 @@ limitations under the License.
#include <atomic> #include <atomic>
#include <nlohmann/json.hpp> #include <nlohmann/json.hpp>
#include <re2/re2.h>
#include "falco_common.h" #include "falco_common.h"
#include "stats_writer.h" #include "stats_writer.h"
@ -32,6 +31,8 @@ limitations under the License.
#include <libscap/strl.h> #include <libscap/strl.h>
#include <libscap/scap_vtable.h> #include <libscap/scap_vtable.h>
namespace fs = std::filesystem;
// note: ticker_t is an uint16_t, which is enough because we don't care about // note: ticker_t is an uint16_t, which is enough because we don't care about
// overflows here. Threads calling stats_writer::handle() will just // overflows here. Threads calling stats_writer::handle() will just
// check that this value changed since their last observation. // check that this value changed since their last observation.
@ -329,12 +330,13 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
output_fields["falco.host_num_cpus"] = machine_info->num_cpus; output_fields["falco.host_num_cpus"] = machine_info->num_cpus;
output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops(); output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops();
#if defined(__linux__)
auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin(); auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin();
auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin(); auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin();
while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end()) while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end())
{ {
std::string metric_name_file_sha256 = *it_filename; fs::path fs_path = *it_filename;
RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); std::string metric_name_file_sha256 = fs_path.filename().stem();
metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256; metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256;
output_fields[metric_name_file_sha256] = *it_sha256; output_fields[metric_name_file_sha256] = *it_sha256;
++it_filename; ++it_filename;
@ -345,14 +347,14 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
it_sha256 = m_writer->m_config->m_loaded_configs_filenames_sha256sum.begin(); it_sha256 = m_writer->m_config->m_loaded_configs_filenames_sha256sum.begin();
while (it_filename != m_writer->m_config->m_loaded_configs_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_configs_filenames_sha256sum.end()) while (it_filename != m_writer->m_config->m_loaded_configs_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_configs_filenames_sha256sum.end())
{ {
std::string metric_name_file_sha256 = *it_filename; fs::path fs_path = *it_filename;
RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); std::string metric_name_file_sha256 = fs_path.filename().stem();
metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256; metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256;
output_fields[metric_name_file_sha256] = *it_sha256; output_fields[metric_name_file_sha256] = *it_sha256;
++it_filename; ++it_filename;
++it_sha256; ++it_sha256;
} }
#endif
output_fields["evt.source"] = src; output_fields["evt.source"] = src;
for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++) for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++)
{ {