github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-05 00:31:38 +00:00
Code Issues Projects Releases Wiki Activity

refactor(userspace/engine): leverage falco_rule def in stats manager

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2022-05-23 10:03:22 +00:00
committed by poiana
parent 50c2aa9c81
commit 833fec8537
2 changed files with 11 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
userspace/engine/stats_manager.cpp
View File

@@ -38,10 +38,9 @@ void stats_manager::clear()
void stats_manager::format( void stats_manager::format(
const indexed_vector<falco_rule>& rules, const indexed_vector<falco_rule>& rules,
string& out) string& out) const
{ {
string fmt; string fmt;
string name;
out = "Events detected: " + to_string(m_total) + "\n"; out = "Events detected: " + to_string(m_total) + "\n";
out += "Rule counts by severity:\n"; out += "Rule counts by severity:\n";
for (size_t i = 0; i < m_by_priority.size(); i++) for (size_t i = 0; i < m_by_priority.size(); i++)
@@ -66,27 +65,17 @@ void stats_manager::format(
} }
} }
void stats_manager::on_event( void stats_manager::on_event(const falco_rule& rule)
const indexed_vector<falco_rule>& rules,
uint32_t rule_id)
{ {
auto *rule = rules.at(rule_id); if (m_by_rule_id.size() <= rule.id)
if (!rule)
{ {
throw falco_exception( m_by_rule_id.resize(rule.id + 1, (uint64_t) 0);
"on_event(): event with invalid rule_id: " + rule_id);
} }
if (m_by_rule_id.size() <= rule_id) if (m_by_priority.size() <= (size_t) rule.priority)
{ {
m_by_rule_id.resize(rule_id + 1); m_by_priority.resize((size_t) rule.priority + 1, (uint64_t) 0);
m_by_rule_id[rule_id] = 0;
}
if (m_by_priority.size() <= (size_t) rule->priority)
{
m_by_priority.resize((size_t) rule->priority + 1);
m_by_priority[(size_t) rule->priority] = 0;
} }
m_total++; m_total++;
m_by_rule_id[rule_id]++; m_by_rule_id[rule.id]++;
m_by_priority[(size_t) rule->priority]++; m_by_priority[(size_t) rule.priority]++;
} }

8
userspace/engine/stats_manager.h
View File

@@ -36,18 +36,16 @@ public:
virtual void clear(); virtual void clear();
/*! /*!
\brief Callback for when a rule with a given index matches an event \brief Callback for when a given rule matches an event
*/ */
virtual void on_event( virtual void on_event(const falco_rule& rule);
const indexed_vector<falco_rule>& rules,
uint32_t index);
/*! /*!
\brief Formats the internal statistics into the out string \brief Formats the internal statistics into the out string
*/ */
virtual void format( virtual void format(
const indexed_vector<falco_rule>& rules, const indexed_vector<falco_rule>& rules,
std::string& out); std::string& out) const;
private: private:
uint64_t m_total; uint64_t m_total;