github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-03 15:46:33 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace): accessing a (json) object can throw exceptions because of wrong types

Browse Source 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato
2019-08-01 18:59:26 +00:00
committed by Lorenzo Fontana
parent 330d7ef2d7
commit 723bc1cabf
1 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
userspace/engine/falco_engine.cpp
View File

@@ -365,46 +365,54 @@ unique_ptr<falco_engine::rule_result> falco_engine::process_k8s_audit_event(json
bool falco_engine::parse_k8s_audit_json(nlohmann::json &j, std::list<json_event> &evts) bool falco_engine::parse_k8s_audit_json(nlohmann::json &j, std::list<json_event> &evts)
{ {
// If the Kind is EventList, split it into individual events. // Note that nlohmann::basic_json::value can throw nlohmann::basic_json::type_error (302, 306)
if(j.value("kind", "<NA>") == "EventList") try
{ {
for(auto &je : j["items"]) // If the kind is EventList, split it into individual events
if(j.value("kind", "<NA>") == "EventList")
{
for(auto &je : j["items"])
{
evts.emplace_back();
je["kind"] = "Event";
uint64_t ns = 0;
if(!sinsp_utils::parse_iso_8601_utc_string(je.value(k8s_audit_time, "<NA>"), ns))
{
return false;
}
std::string tmp;
sinsp_utils::ts_to_string(ns, &tmp, false, true);
evts.back().set_jevt(je, ns);
}
return true;
}
else if(j.value("kind", "<NA>") == "Event")
{ {
evts.emplace_back(); evts.emplace_back();
je["kind"] = "Event";
uint64_t ns = 0; uint64_t ns = 0;
if(!sinsp_utils::parse_iso_8601_utc_string(je.value(k8s_audit_time, "<NA>"), ns)) if(!sinsp_utils::parse_iso_8601_utc_string(j.value(k8s_audit_time, "<NA>"), ns))
{ {
return false; return false;
} }
std::string tmp; evts.back().set_jevt(j, ns);
sinsp_utils::ts_to_string(ns, &tmp, false, true); return true;
evts.back().set_jevt(je, ns);
} }
else
return true;
}
else if(j.value("kind", "<NA>") == "Event")
{
evts.emplace_back();
uint64_t ns = 0;
if(!sinsp_utils::parse_iso_8601_utc_string(j.value(k8s_audit_time, "<NA>"), ns))
{ {
return false; return false;
} }
evts.back().set_jevt(j, ns);
return true;
} }
else catch(exception &e)
{ {
// Propagate the exception
rethrow_exception(current_exception());
return false; return false;
} }
} }
unique_ptr<falco_engine::rule_result> falco_engine::process_k8s_audit_event(json_event *ev) unique_ptr<falco_engine::rule_result> falco_engine::process_k8s_audit_event(json_event *ev)