github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-16 14:58:31 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace/engine): json event to map type

Browse Source 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato
2019-09-23 13:21:59 +00:00
committed by Leo Di Donato
parent 0565ce2f50
commit 944b46cb67
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
userspace/engine/json_evt.cpp
View File

@@ -796,6 +796,7 @@ std::string json_event_formatter::tostring(json_event *ev)
std::string json_event_formatter::tojson(json_event *ev)
{
nlohmann::json ret;
// todo(leodido, fntlnz) > assign tomap() result to ret (implicit conversion using = operator)
std::list<std::pair<std::string, std::string>> resolved;
@@ -806,6 +807,7 @@ std::string json_event_formatter::tojson(json_event *ev)
// Only include the fields and not the raw text blocks.
if(!res.first.empty())
{
// todo(leodido, fntlnz) > do we want "<NA>" rather than empty res.second values?
ret[res.first] = res.second;
}
}
@@ -813,6 +815,29 @@ std::string json_event_formatter::tojson(json_event *ev)
return ret.dump();
}
std::map<std::string, std::string> json_event_formatter::tomap(json_event *ev)
{
std::map<std::string, std::string> ret;
std::list<std::pair<std::string, std::string>> res;
resolve_tokens(ev, res);
for(auto &r : res)
{
// Only include the fields and not the raw text blocks.
if(!r.first.empty())
{
if(r.second.empty())
{
r.second = "<NA>";
}
ret.insert(r);
}
}
return ret;
}
void json_event_formatter::parse_format()
{
string tformat = m_format;

1
userspace/engine/json_evt.h
View File

@@ -287,6 +287,7 @@ public:
std::string tostring(json_event *ev);
std::string tojson(json_event *ev);
std::map<std::string, std::string> tomap(json_event *ev);
void resolve_tokens(json_event *ev, std::list<std::pair<std::string,std::string>> &resolved);