update(userspace/engine): refactor falco_formats to accept non-lua callers

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

userspace/engine/formats.cpp

@@ -31,9 +31,9 @@ const static struct luaL_reg ll_falco [] =
 {
 	{"formatter", &falco_formats::formatter},
 	{"free_formatter", &falco_formats::free_formatter},
-	{"free_formatters", &falco_formats::free_formatters},
-	{"format_event", &falco_formats::format_event},
-	{"resolve_tokens", &falco_formats::resolve_tokens},
+	{"free_formatters", &falco_formats::free_formatters_lua},
+	{"format_event", &falco_formats::format_event_lua},
+	{"resolve_tokens", &falco_formats::resolve_tokens_lua},
 	{NULL,NULL}
 };
 
@@ -112,40 +112,31 @@ int falco_formats::free_formatter(lua_State *ls)
 	return 0;
 }
 
-int falco_formats::free_formatters(lua_State *ls)
+void falco_formats::free_formatters()
 {
 	if(s_formatters)
 	{
 		delete(s_formatters);
 		s_formatters = NULL;
 	}
+}
+
+int falco_formats::free_formatters_lua(lua_State *ls)
+{
+	free_formatters();
 	return 0;
 }
 
-int falco_formats::format_event (lua_State *ls)
+string falco_formats::format_event(const gen_event* evt, const std::string &rule, const std::string &source, 
+		const std::string &level, const std::string &format)
 {
+
 	string line;
 	string json_line;
-
-	if (!lua_isstring(ls, -1) ||
-	    !lua_isstring(ls, -2) ||
-	    !lua_isstring(ls, -3) ||
-	    !lua_isstring(ls, -4) ||
-	    !lua_islightuserdata(ls, -5)) {
-		lua_pushstring(ls, "Invalid arguments passed to format_event()");
-		lua_error(ls);
-	}
-	gen_event* evt = (gen_event*)lua_topointer(ls, 1);
-	const char *rule = (char *) lua_tostring(ls, 2);
-	const char *source = (char *) lua_tostring(ls, 3);
-	const char *level = (char *) lua_tostring(ls, 4);
-	const char *format = (char *) lua_tostring(ls, 5);
-
 	string sformat = format;
 
-	if(strcmp(source, "syscall") == 0)
+	if(strcmp(source.c_str(), "syscall") == 0)
 	{
-		try {
 		// This is "output"
 		s_formatters->tostring((sinsp_evt *) evt, sformat, &line);
 
@@ -184,17 +175,8 @@ int falco_formats::format_event (lua_State *ls)
 			s_inspector->set_buffer_format(cur_fmt);
 		}
 	}
-		catch (sinsp_exception& e)
-		{
-			string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'";
-			lua_pushstring(ls, err.c_str());
-			lua_error(ls);
-		}
-	}
 	else
 	{
-		try {
-
 		json_event_formatter formatter(s_engine->json_factory(), sformat);
 
 		line = formatter.tostring((json_event *) evt);
@@ -204,13 +186,6 @@ int falco_formats::format_event (lua_State *ls)
 			json_line = formatter.tojson((json_event *) evt);
 		}
 	}
-		catch (exception &e)
-		{
-			string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'";
-			lua_pushstring(ls, err.c_str());
-			lua_error(ls);
-		}
-	}
 
 	// For JSON output, the formatter returned a json-as-text
 	// object containing all the fields in the original format
@@ -261,11 +236,63 @@ int falco_formats::format_event (lua_State *ls)
 		line = full_line;
 	}
 
+	return line.c_str();
+}
+
+int falco_formats::format_event_lua(lua_State *ls)
+{
+	string line;
+	string json_line;
+
+	if (!lua_isstring(ls, -1) ||
+	    !lua_isstring(ls, -2) ||
+	    !lua_isstring(ls, -3) ||
+	    !lua_isstring(ls, -4) ||
+	    !lua_islightuserdata(ls, -5)) {
+		lua_pushstring(ls, "Invalid arguments passed to format_event()");
+		lua_error(ls);
+	}
+	gen_event* evt = (gen_event*)lua_topointer(ls, 1);
+	const char *rule = (char *) lua_tostring(ls, 2);
+	const char *source = (char *) lua_tostring(ls, 3);
+	const char *level = (char *) lua_tostring(ls, 4);
+	const char *format = (char *) lua_tostring(ls, 5);
+
+	string sformat = format;
+
+	try {
+		line = format_event(evt, rule, source, level, format);
+	}
+	catch (sinsp_exception& e)
+	{
+		string err = "Invalid output format '" + sformat + "': '" + string(e.what()) + "'";
+		lua_pushstring(ls, err.c_str());
+		lua_error(ls);
+	}
+
 	lua_pushstring(ls, line.c_str());
 	return 1;
 }
 
-int falco_formats::resolve_tokens(lua_State *ls)
+map<string, string> falco_formats::resolve_tokens(const gen_event* evt, const std::string &source, const std::string &format)
+{
+	string sformat = format;
+	map<string, string> values;
+	if(source == "syscall")
+	{
+		s_formatters->resolve_tokens((sinsp_evt *)evt, sformat, values);
+	}
+	// k8s_audit
+	else
+	{
+		json_event_formatter json_formatter(s_engine->json_factory(), sformat);
+		values = json_formatter.tomap((json_event*) evt);
+	}
+	return values;
+}
+
+
+int falco_formats::resolve_tokens_lua(lua_State *ls)
 {
 	if(!lua_isstring(ls, -1) ||
 	   !lua_isstring(ls, -2) ||
@@ -280,16 +307,8 @@ int falco_formats::resolve_tokens(lua_State *ls)
 	string sformat = format;
 
 	map<string, string> values;
-	if(source == "syscall")
-	{
-		s_formatters->resolve_tokens((sinsp_evt *)evt, sformat, values);
-	}
-	// k8s_audit
-	else
-	{
-		json_event_formatter json_formatter(s_engine->json_factory(), sformat);
-		values = json_formatter.tomap((json_event*) evt);
-	}
+	
+	values = resolve_tokens(evt, source, sformat);
 
 	lua_newtable(ls);
 	for(auto const& v : values)

userspace/engine/formats.h

@@ -44,14 +44,22 @@ class falco_formats
 	// falco.free_formatter(formatter)
 	static int free_formatter(lua_State *ls);
 
+	static void free_formatters();
+
 	// falco.free_formatters()
-	static int free_formatters(lua_State *ls);
+	static int free_formatters_lua(lua_State *ls);
+
+	static string format_event(const gen_event* evt, const std::string &rule, const std::string &source, 
+		const std::string &level, const std::string &format);
 
 	// formatted_string = falco.format_event(evt, formatter)
-	static int format_event(lua_State *ls);
+	static int format_event_lua(lua_State *ls);
+
+	static map<string, string> resolve_tokens(const gen_event* evt, const std::string &source, 
+		const std::string &format);
 
 	// resolve_tokens = falco.resolve_tokens(evt, formatter)
-	static int resolve_tokens(lua_State *ls);
+	static int resolve_tokens_lua(lua_State *ls);
 
 	static sinsp* s_inspector;
 	static falco_engine *s_engine;