update(userspace/engine): refactor falco_formats to accept non-lua callers

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

userspace/engine/formats.cpp

@@ -31,9 +31,9 @@ const static struct luaL_reg ll_falco [] =
 {
 	{"formatter", &falco_formats::formatter},
 	{"free_formatter", &falco_formats::free_formatter},
-	{"free_formatters", &falco_formats::free_formatters},
+	{"free_formatters", &falco_formats::free_formatters_lua},
-	{"format_event", &falco_formats::format_event},
+	{"format_event", &falco_formats::format_event_lua},
-	{"resolve_tokens", &falco_formats::resolve_tokens},
+	{"resolve_tokens", &falco_formats::resolve_tokens_lua},
 	{NULL,NULL}
 };
 
@@ -112,103 +112,78 @@ int falco_formats::free_formatter(lua_State *ls)
 	return 0;
 }
 
-int falco_formats::free_formatters(lua_State *ls)
+void falco_formats::free_formatters()
 {
 	if(s_formatters)
 	{
 		delete(s_formatters);
 		s_formatters = NULL;
 	}
+}
+
+int falco_formats::free_formatters_lua(lua_State *ls)
+{
+	free_formatters();
 	return 0;
 }
 
-int falco_formats::format_event (lua_State *ls)
+string falco_formats::format_event(const gen_event* evt, const std::string &rule, const std::string &source, 
+		const std::string &level, const std::string &format)
 {
+
 	string line;
 	string json_line;
-
-	if (!lua_isstring(ls, -1) ||
-	    !lua_isstring(ls, -2) ||
-	    !lua_isstring(ls, -3) ||
-	    !lua_isstring(ls, -4) ||
-	    !lua_islightuserdata(ls, -5)) {
-		lua_pushstring(ls, "Invalid arguments passed to format_event()");
-		lua_error(ls);
-	}
-	gen_event* evt = (gen_event*)lua_topointer(ls, 1);
-	const char *rule = (char *) lua_tostring(ls, 2);
-	const char *source = (char *) lua_tostring(ls, 3);
-	const char *level = (char *) lua_tostring(ls, 4);
-	const char *format = (char *) lua_tostring(ls, 5);
-
 	string sformat = format;
 
-	if(strcmp(source, "syscall") == 0)
+	if(strcmp(source.c_str(), "syscall") == 0)
 	{
-		try {
+		// This is "output"
-			// This is "output"
+		s_formatters->tostring((sinsp_evt *) evt, sformat, &line);
-			s_formatters->tostring((sinsp_evt *) evt, sformat, &line);
 
-			if(s_json_output)
+		if(s_json_output)
-			{
-				sinsp_evt::param_fmt cur_fmt = s_inspector->get_buffer_format();
-				switch(cur_fmt)
-				{
-					case sinsp_evt::PF_NORMAL:
-						s_inspector->set_buffer_format(sinsp_evt::PF_JSON);
-						break;
-					case sinsp_evt::PF_EOLS:
-						s_inspector->set_buffer_format(sinsp_evt::PF_JSONEOLS);
-						break;
-					case sinsp_evt::PF_HEX:
-						s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEX);
-						break;
-					case sinsp_evt::PF_HEXASCII:
-						s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEXASCII);
-						break;
-					case sinsp_evt::PF_BASE64:
-						s_inspector->set_buffer_format(sinsp_evt::PF_JSONBASE64);
-						break;
-					default:
-						// do nothing
-						break;
-				}
-				// This is output fields
-				s_formatters->tostring((sinsp_evt *) evt, sformat, &json_line);
-
-				// The formatted string might have a leading newline. If it does, remove it.
-				if (json_line[0] == '\n')
-				{
-					json_line.erase(0, 1);
-				}
-				s_inspector->set_buffer_format(cur_fmt);
-			}
-		}
-		catch (sinsp_exception& e)
 		{
-			string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'";
+			sinsp_evt::param_fmt cur_fmt = s_inspector->get_buffer_format();
-			lua_pushstring(ls, err.c_str());
+			switch(cur_fmt)
-			lua_error(ls);
+			{
+				case sinsp_evt::PF_NORMAL:
+					s_inspector->set_buffer_format(sinsp_evt::PF_JSON);
+					break;
+				case sinsp_evt::PF_EOLS:
+					s_inspector->set_buffer_format(sinsp_evt::PF_JSONEOLS);
+					break;
+				case sinsp_evt::PF_HEX:
+					s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEX);
+					break;
+				case sinsp_evt::PF_HEXASCII:
+					s_inspector->set_buffer_format(sinsp_evt::PF_JSONHEXASCII);
+					break;
+				case sinsp_evt::PF_BASE64:
+					s_inspector->set_buffer_format(sinsp_evt::PF_JSONBASE64);
+					break;
+				default:
+					// do nothing
+					break;
+			}
+			// This is output fields
+			s_formatters->tostring((sinsp_evt *) evt, sformat, &json_line);
+
+			// The formatted string might have a leading newline. If it does, remove it.
+			if (json_line[0] == '\n')
+			{
+				json_line.erase(0, 1);
+			}
+			s_inspector->set_buffer_format(cur_fmt);
 		}
 	}
 	else
 	{
-		try {
+		json_event_formatter formatter(s_engine->json_factory(), sformat);
 
-			json_event_formatter formatter(s_engine->json_factory(), sformat);
+		line = formatter.tostring((json_event *) evt);
 
-			line = formatter.tostring((json_event *) evt);
+		if(s_json_output)
-
-			if(s_json_output)
-			{
-				json_line = formatter.tojson((json_event *) evt);
-			}
-		}
-		catch (exception &e)
 		{
-			string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'";
+			json_line = formatter.tojson((json_event *) evt);
-			lua_pushstring(ls, err.c_str());
-			lua_error(ls);
 		}
 	}
 
@@ -261,11 +236,63 @@ int falco_formats::format_event (lua_State *ls)
 		line = full_line;
 	}
 
+	return line.c_str();
+}
+
+int falco_formats::format_event_lua(lua_State *ls)
+{
+	string line;
+	string json_line;
+
+	if (!lua_isstring(ls, -1) ||
+	    !lua_isstring(ls, -2) ||
+	    !lua_isstring(ls, -3) ||
+	    !lua_isstring(ls, -4) ||
+	    !lua_islightuserdata(ls, -5)) {
+		lua_pushstring(ls, "Invalid arguments passed to format_event()");
+		lua_error(ls);
+	}
+	gen_event* evt = (gen_event*)lua_topointer(ls, 1);
+	const char *rule = (char *) lua_tostring(ls, 2);
+	const char *source = (char *) lua_tostring(ls, 3);
+	const char *level = (char *) lua_tostring(ls, 4);
+	const char *format = (char *) lua_tostring(ls, 5);
+
+	string sformat = format;
+
+	try {
+		line = format_event(evt, rule, source, level, format);
+	}
+	catch (sinsp_exception& e)
+	{
+		string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'";
+		lua_pushstring(ls, err.c_str());
+		lua_error(ls);
+	}
+
 	lua_pushstring(ls, line.c_str());
 	return 1;
 }
 
-int falco_formats::resolve_tokens(lua_State *ls)
+map<string, string> falco_formats::resolve_tokens(const gen_event* evt, const std::string &source, const std::string &format)
+{
+	string sformat = format;
+	map<string, string> values;
+	if(source == "syscall")
+	{
+		s_formatters->resolve_tokens((sinsp_evt *)evt, sformat, values);
+	}
+	// k8s_audit
+	else
+	{
+		json_event_formatter json_formatter(s_engine->json_factory(), sformat);
+		values = json_formatter.tomap((json_event*) evt);
+	}
+	return values;
+}
+
+
+int falco_formats::resolve_tokens_lua(lua_State *ls)
 {
 	if(!lua_isstring(ls, -1) ||
 	   !lua_isstring(ls, -2) ||
@@ -280,16 +307,8 @@ int falco_formats::resolve_tokens(lua_State *ls)
 	string sformat = format;
 
 	map<string, string> values;
-	if(source == "syscall")
+	
-	{
+	values = resolve_tokens(evt, source, sformat);
-		s_formatters->resolve_tokens((sinsp_evt *)evt, sformat, values);
-	}
-	// k8s_audit
-	else
-	{
-		json_event_formatter json_formatter(s_engine->json_factory(), sformat);
-		values = json_formatter.tomap((json_event*) evt);
-	}
 
 	lua_newtable(ls);
 	for(auto const& v : values)

userspace/engine/formats.h

@@ -44,14 +44,22 @@ class falco_formats
 	// falco.free_formatter(formatter)
 	static int free_formatter(lua_State *ls);
 
+	static void free_formatters();
+
 	// falco.free_formatters()
-	static int free_formatters(lua_State *ls);
+	static int free_formatters_lua(lua_State *ls);
+
+	static string format_event(const gen_event* evt, const std::string &rule, const std::string &source, 
+		const std::string &level, const std::string &format);
 
 	// formatted_string = falco.format_event(evt, formatter)
-	static int format_event(lua_State *ls);
+	static int format_event_lua(lua_State *ls);
+
+	static map<string, string> resolve_tokens(const gen_event* evt, const std::string &source, 
+		const std::string &format);
 
 	// resolve_tokens = falco.resolve_tokens(evt, formatter)
-	static int resolve_tokens(lua_State *ls);
+	static int resolve_tokens_lua(lua_State *ls);
 
 	static sinsp* s_inspector;
 	static falco_engine *s_engine;