refactor(falco/app): apply early return pattern in actions code

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

userspace/falco/app/actions/init_falco_engine.cpp

@@ -170,7 +170,9 @@ falco::app::run_result falco::app::actions::init_falco_engine(falco::app::state&
 	if(s.is_capture_mode()) {
 		auto manager = s.offline_inspector->get_plugin_manager();
 		for(const auto& p : manager->plugins()) {
-			if(p->caps() & CAP_SOURCING && p->id() != 0) {
+			if((p->caps() & CAP_SOURCING) == 0 || p->id() == 0) {
+				continue;
+			}
 			bool added = false;
 			auto source_idx = manager->source_idx_by_plugin_id(p->id(), added);
 			auto engine_idx = s.source_infos.at(p->event_source())->engine_idx;
@@ -180,7 +182,6 @@ falco::app::run_result falco::app::actions::init_falco_engine(falco::app::state&
 			}
 		}
 	}
-	}
 
 	configure_output_format(s);
 	s.engine->set_min_priority(s.config->m_min_priority);

userspace/falco/app/actions/init_inspectors.cpp

@@ -147,13 +147,14 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 	std::string err;
 	std::unordered_set<std::string> used_plugins;
 	const auto& all_plugins = s.offline_inspector->get_plugin_manager()->plugins();
+	const bool is_capture_mode = s.is_capture_mode();
 
 	for(const auto& src : s.loaded_sources) {
 		auto src_info = s.source_infos.at(src);
 
 		// in capture mode, every event source uses the offline inspector.
 		// in live mode, we create a new inspector for each event source
-		if(s.is_capture_mode()) {
+		if(is_capture_mode) {
 			src_info->inspector = s.offline_inspector;
 		} else {
 			src_info->inspector =
@@ -174,15 +175,16 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 			                ((p->id() != 0 && src == p->event_source()) ||
 			                 (p->id() == 0 && src == falco_common::syscall_source));
 
-			if(s.is_capture_mode()) {
+			if(is_capture_mode) {
 				// in capture mode, every plugin is already registered
 				// in the offline inspector by the load_plugins action
 				plugin = p;
 			} else {
-				// in live mode, for the inspector assigned to the given
+				// in live mode, for the inspector assigned to the given event source, we must
-				// event source, we must register the plugin supporting
+				// register a plugin if one of the following condition applies to it:
-				// that event source and also plugins with field extraction
+				// - it has event sourcing capability for the given event source
-				// capability that are compatible with that event source
+				// - it has one among field extraction, event parsing and async events capabilities
+				//   and is compatible (with respect to that capability) with the given event source
 				if(is_input ||
 				   (p->caps() & CAP_EXTRACTION &&
 				    sinsp_plugin::is_source_compatible(p->extract_event_sources(), src)) ||
@@ -194,12 +196,14 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 				}
 			}
 
-			// init the plugin, if we registered it into an inspector
+			if(!plugin) {
-			// (in capture mode, this is true for every plugin)
+				continue;
-			if(plugin) {
+			}
-				// avoid initializing the same plugin twice in the same
+
+			// init the plugin only if we registered it into an inspector (in capture mode, this is
+			// true for every plugin). Avoid initializing the same plugin twice in the same
 			// inspector if we're in capture mode
-				if(!s.is_capture_mode() || used_plugins.find(p->name()) == used_plugins.end()) {
+			if(!is_capture_mode || used_plugins.find(p->name()) == used_plugins.end()) {
 				if(!plugin->init(config->m_init_config, err)) {
 					return run_result::fatal(err);
 				}
@@ -210,7 +214,6 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 			}
 			used_plugins.insert(plugin->name());
 		}
-		}
 
 		// populate filtercheck list for this inspector
 		if(!populate_filterchecks(src_info->inspector,
@@ -221,10 +224,13 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 			return run_result::fatal(err);
 		}
 
-		// in live mode, each inspector should have registered at most two event sources:
+		if(is_capture_mode) {
-		// the "syscall" on, loaded at default at index 0, and optionally another
+			continue;
-		// one defined by a plugin, at index 1
+		}
-		if(!s.is_capture_mode()) {
+
+		// in live mode, each inspector should have registered at most two event sources: the
+		// "syscall" on, loaded at default at index 0, and optionally another one defined by a
+		// plugin, at index 1
 		const auto& sources = src_info->inspector->event_sources();
 		if(sources.size() == 0 || sources.size() > 2 ||
 		   sources[0] != falco_common::syscall_source) {
@@ -232,9 +238,8 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 			for(const auto& source : sources) {
 				err += (err.empty() ? "" : ", ") + source;
 			}
-				return run_result::fatal("Illegal sources setup in live inspector for source '" +
+			return run_result::fatal("Illegal sources setup in live inspector for source '" + src +
-				                         src + "': " + err);
+			                         "': " + err);
-			}
 		}
 	}
 

userspace/falco/app/actions/list_fields.cpp

@@ -21,17 +21,18 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::list_fields(falco::app::state& s) {
-	if(s.options.list_fields) {
+	if(!s.options.list_fields) {
+		return run_result::ok();
+	}
+
 	if(s.options.list_source_fields != "" &&
 	   !s.engine->is_source_valid(s.options.list_source_fields)) {
 		return run_result::fatal("Value for --list must be a valid source type");
 	}
+
 	s.engine->list_fields(s.options.list_source_fields,
 	                      s.options.verbose,
 	                      s.options.names_only,
 	                      s.options.markdown);
 	return run_result::exit();
-	}
-
-	return run_result::ok();
 }

userspace/falco/app/actions/list_plugins.cpp

@@ -24,7 +24,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::list_plugins(const falco::app::state& s) {
-	if(s.options.list_plugins) {
+	if(!s.options.list_plugins) {
+		return run_result::ok();
+	}
+
 	std::ostringstream os;
 	sinsp inspector;
 	const auto& configs = s.config->m_plugins;
@@ -37,7 +40,4 @@ falco::app::run_result falco::app::actions::list_plugins(const falco::app::state
 
 	printf("%lu Plugins Loaded:\n\n%s\n", configs.size(), os.str().c_str());
 	return run_result::exit();
-	}
-
-	return run_result::ok();
 }

userspace/falco/app/actions/load_plugins.cpp

@@ -51,16 +51,18 @@ falco::app::run_result falco::app::actions::load_plugins(falco::app::state& s) {
 		                  "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
 		auto plugin = s.offline_inspector->register_plugin(p.m_library_path);
 		s.plugin_configs.insert(p, plugin->name());
-		if(plugin->caps() & CAP_SOURCING && plugin->id() != 0) {
+		if((plugin->caps() & CAP_SOURCING) == 0 || plugin->id() == 0) {
+			continue;
+		}
+		// Account the plugin event source
 		state::source_info src_info;
 		src_info.filterchecks = std::make_shared<filter_check_list>();
-			auto sname = plugin->event_source();
+		auto src_name = plugin->event_source();
-			s.source_infos.insert(src_info, sname);
+		s.source_infos.insert(src_info, src_name);
 		// note: this avoids duplicate values
-			if(std::find(s.loaded_sources.begin(), s.loaded_sources.end(), sname) ==
+		if(std::find(s.loaded_sources.begin(), s.loaded_sources.end(), src_name) ==
 		   s.loaded_sources.end()) {
-				s.loaded_sources.push_back(sname);
+			s.loaded_sources.push_back(src_name);
-			}
 		}
 	}
 

userspace/falco/app/actions/pidfile.cpp

@@ -30,7 +30,10 @@ falco::app::run_result falco::app::actions::pidfile(const falco::app::state& sta
 		return run_result::ok();
 	}
 
-	if(!state.options.pidfilename.empty()) {
+	if(state.options.pidfilename.empty()) {
+		return run_result::ok();
+	}
+
 	int64_t self_pid = getpid();
 
 	std::ofstream stream;
@@ -44,7 +47,6 @@ falco::app::run_result falco::app::actions::pidfile(const falco::app::state& sta
 	}
 	stream << self_pid;
 	stream.close();
-	}
 
 	return run_result::ok();
 }

userspace/falco/app/actions/print_config_schema.cpp

@@ -21,9 +21,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_config_schema(falco::app::state &s) {
-	if(s.options.print_config_schema) {
+	if(!s.options.print_config_schema) {
+		return run_result::ok();
+	}
+
 	printf("%s", s.config->m_config_schema.dump(2).c_str());
 	return run_result::exit();
-	}
-	return run_result::ok();
 }

userspace/falco/app/actions/print_generated_gvisor_config.cpp

@@ -22,12 +22,13 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_generated_gvisor_config(falco::app::state& s) {
-	if(!s.options.gvisor_generate_config_with_socket.empty()) {
+	if(s.options.gvisor_generate_config_with_socket.empty()) {
+		return run_result::ok();
+	}
+
 	sinsp i;
 	std::string gvisor_config =
 	        i.generate_gvisor_config(s.options.gvisor_generate_config_with_socket);
 	printf("%s\n", gvisor_config.c_str());
 	return run_result::exit();
-	}
-	return run_result::ok();
 }

userspace/falco/app/actions/print_help.cpp

@@ -21,9 +21,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_help(falco::app::state& s) {
-	if(s.options.help) {
+	if(!s.options.help) {
+		return run_result::ok();
+	}
+
 	printf("%s", s.options.usage().c_str());
 	return run_result::exit();
-	}
-	return run_result::ok();
 }

userspace/falco/app/actions/print_kernel_version.cpp

@@ -28,14 +28,18 @@ using namespace falco::app::actions;
 falco::app::run_result falco::app::actions::print_kernel_version(const falco::app::state& s) {
 #ifdef __linux__
 	// We print this info only when a kernel driver is injected
-	if(s.is_modern_ebpf() || s.is_ebpf() || s.is_kmod()) {
+	bool const is_kernel_driver_injected = s.is_modern_ebpf() || s.is_ebpf() || s.is_kmod();
+	if(!is_kernel_driver_injected) {
+		return run_result::ok();
+	}
+
 	std::ifstream input_file("/proc/version");
 	if(!input_file.is_open()) {
 		// We don't want to fail, we just need to log something
-			falco_logger::log(falco_logger::level::INFO,
+		falco_logger::log(
-			                  "Cannot read under '/proc/version' (err_message: '" +
+		        falco_logger::level::INFO,
-			                          std::string(strerror(errno)) + "', err_code: " +
+		        "Cannot read under '/proc/version' (err_message: '" + std::string(strerror(errno)) +
-			                          std::to_string(errno) + "). No info provided, go on.");
+		                "', err_code: " + std::to_string(errno) + "). No info provided, go on.");
 		return run_result::ok();
 	}
 
@@ -43,7 +47,6 @@ falco::app::run_result falco::app::actions::print_kernel_version(const falco::ap
 	buffer << input_file.rdbuf();
 	std::string contents(buffer.str());
 	falco_logger::log(falco_logger::level::INFO, "System info: " + contents);
-	}
 #endif
 	return run_result::ok();
 }

userspace/falco/app/actions/print_page_size.cpp

@@ -24,7 +24,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_page_size(const falco::app::state& s) {
-	if(s.options.print_page_size) {
+	if(!s.options.print_page_size) {
+		return run_result::ok();
+	}
+
 #ifndef _WIN32
 	long page_size = getpagesize();
 #else
@@ -35,14 +38,10 @@ falco::app::run_result falco::app::actions::print_page_size(const falco::app::st
 	long page_size = sysInfo.dwPageSize;
 #endif
 	if(page_size <= 0) {
-			return run_result::fatal(
+		return run_result::fatal("\nUnable to get the system page size through 'getpagesize()'\n");
-			        "\nUnable to get the system page size through 'getpagesize()'\n");
+	}
-		} else {
+
-			falco_logger::log(
+	falco_logger::log(falco_logger::level::INFO,
-			        falco_logger::level::INFO,
 	                  "Your system page size is: " + std::to_string(page_size) + " bytes\n");
-		}
 	return run_result::exit();
-	}
-	return run_result::ok();
 }

userspace/falco/app/actions/print_plugin_info.cpp

@@ -24,12 +24,18 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_plugin_info(const falco::app::state &s) {
-	if(!s.options.print_plugin_info.empty()) {
+	if(s.options.print_plugin_info.empty()) {
+		return run_result::ok();
+	}
+
 	sinsp inspector;
 	for(auto &pc : s.config->m_plugins) {
-			if(pc.m_name == s.options.print_plugin_info ||
+		if(pc.m_name != s.options.print_plugin_info &&
-			   pc.m_library_path == s.options.print_plugin_info) {
+		   pc.m_library_path != s.options.print_plugin_info) {
-				// load the plugin
+			continue;
+		}
+
+		// found matching plugin; load it
 		auto p = inspector.register_plugin(pc.m_library_path);
 
 		// print plugin descriptive info
@@ -92,10 +98,7 @@ falco::app::run_result falco::app::actions::print_plugin_info(const falco::app::
 		// exit
 		return run_result::exit();
 	}
-		}
+
 	return run_result::fatal("can't find plugin and print its info: " +
 	                         s.options.print_plugin_info);
-	}
-
-	return run_result::ok();
 }

userspace/falco/app/actions/print_rule_schema.cpp

@@ -21,9 +21,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_rule_schema(falco::app::state &s) {
-	if(s.options.print_rule_schema) {
+	if(!s.options.print_rule_schema) {
+		return run_result::ok();
+	}
+
 	printf("%s", s.engine->m_rule_schema.dump(2).c_str());
 	return run_result::exit();
-	}
-	return run_result::ok();
 }

userspace/falco/app/actions/print_support.cpp

@@ -88,7 +88,10 @@ static int get_sysinfo(nlohmann::json& support) {
 #endif
 
 falco::app::run_result falco::app::actions::print_support(falco::app::state& s) {
-	if(s.options.print_support) {
+	if(!s.options.print_support) {
+		return run_result::ok();
+	}
+
 	nlohmann::json support;
 
 	if(get_sysinfo(support) != 0) {
@@ -110,9 +113,5 @@ falco::app::run_result falco::app::actions::print_support(falco::app::state& s)
 		support["rules_files"].push_back(finfo);
 	}
 	printf("%s\n", support.dump().c_str());
-
 	return run_result::exit();
-	}
-
-	return run_result::ok();
 }

userspace/falco/app/actions/print_syscall_events.cpp

@@ -157,13 +157,15 @@ static void print_events(const std::vector<event_entry>& events, bool markdown)
 }
 
 falco::app::run_result falco::app::actions::print_syscall_events(falco::app::state& s) {
-	if(s.options.list_syscall_events) {
+	if(!s.options.list_syscall_events) {
+		return run_result::ok();
+	}
+
 	const falco::versions_info info(s.offline_inspector);
 	printf("The events below are valid for Falco *Schema Version*: %s\n",
 	       info.driver_schema_version.c_str());
 
-		const libsinsp::events::set<ppm_event_code> available =
+	const libsinsp::events::set<ppm_event_code> available = libsinsp::events::all_event_set().diff(
-		        libsinsp::events::all_event_set().diff(
 	        sc_set_to_event_set(falco::app::ignored_sc_set()));
 	const struct events_by_category events_bc = get_event_entries_by_category(true, available);
 
@@ -180,7 +182,4 @@ falco::app::run_result falco::app::actions::print_syscall_events(falco::app::sta
 	print_events(events_bc.metaevents, s.options.markdown);
 
 	return run_result::exit();
-	}
-
-	return run_result::ok();
 }

userspace/falco/app/actions/print_version.cpp

@@ -22,7 +22,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::print_version(falco::app::state& s) {
-	if(s.options.print_version_info) {
+	if(!s.options.print_version_info) {
+		return run_result::ok();
+	}
+
 	const falco::versions_info info(s.offline_inspector);
 	if(s.config->m_json_output) {
 		printf("%s\n", info.as_json().dump().c_str());
@@ -37,7 +40,4 @@ falco::app::run_result falco::app::actions::print_version(falco::app::state& s)
 		printf("  Default driver: %s\n", info.default_driver_version.c_str());
 	}
 	return run_result::exit();
-	}
-
-	return run_result::ok();
 }

userspace/falco/app/actions/start_grpc_server.cpp

@@ -27,10 +27,12 @@ using namespace falco::app::actions;
 falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state& s) {
 #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	// gRPC server
-	if(s.config->m_grpc_enabled) {
+	if(!s.config->m_grpc_enabled) {
+		return run_result::ok();
+	}
+
 	if(s.options.dry_run) {
-			falco_logger::log(falco_logger::level::DEBUG,
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping starting gRPC server in dry-run\n");
-			                  "Skipping starting gRPC server in dry-run\n");
 		return run_result::ok();
 	}
 
@@ -47,17 +49,18 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state&
 	                   s.config->m_grpc_root_certs,
 	                   s.config->m_log_level);
 	s.grpc_server_thread = std::thread([&s] { s.grpc_server.run(); });
-	}
 #endif
 	return run_result::ok();
 }
 
 falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state& s) {
 #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
-	if(s.config->m_grpc_enabled) {
+	if(!s.config->m_grpc_enabled) {
+		return run_result::ok();
+	}
+
 	if(s.options.dry_run) {
-			falco_logger::log(falco_logger::level::DEBUG,
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping gRPC server in dry-run\n");
-			                  "Skipping stopping gRPC server in dry-run\n");
 		return run_result::ok();
 	}
 
@@ -65,7 +68,6 @@ falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state&
 		s.grpc_server.shutdown();
 		s.grpc_server_thread.join();
 	}
-	}
 #endif
 	return run_result::ok();
 }

userspace/falco/app/actions/start_webserver.cpp

@@ -26,10 +26,12 @@ using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::start_webserver(falco::app::state& state) {
 #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
-	if(!state.is_capture_mode() && state.config->m_webserver_enabled) {
+	if(state.is_capture_mode() || !state.config->m_webserver_enabled) {
+		return run_result::ok();
+	}
+
 	if(state.options.dry_run) {
-			falco_logger::log(falco_logger::level::DEBUG,
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping starting webserver in dry-run\n");
-			                  "Skipping starting webserver in dry-run\n");
 		return run_result::ok();
 	}
 
@@ -37,28 +39,27 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s
 	std::string ssl_option = (webserver_config.m_ssl_enabled ? " (SSL)" : "");
 	falco_logger::log(falco_logger::level::INFO,
 	                  "Starting health webserver with threadiness " +
-		                          std::to_string(webserver_config.m_threadiness) +
+	                          std::to_string(webserver_config.m_threadiness) + ", listening on " +
-		                          ", listening on " + webserver_config.m_listen_address + ":" +
+	                          webserver_config.m_listen_address + ":" +
-		                          std::to_string(webserver_config.m_listen_port) + ssl_option +
+	                          std::to_string(webserver_config.m_listen_port) + ssl_option + "\n");
-		                          "\n");
 
 	state.webserver.start(state, webserver_config);
-	}
 #endif
 	return run_result::ok();
 }
 
 falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& state) {
 #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
-	if(!state.is_capture_mode() && state.config->m_webserver_enabled) {
+	if(state.is_capture_mode() || !state.config->m_webserver_enabled) {
+		return run_result::ok();
+	}
+
 	if(state.options.dry_run) {
-			falco_logger::log(falco_logger::level::DEBUG,
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping webserver in dry-run\n");
-			                  "Skipping stopping webserver in dry-run\n");
 		return run_result::ok();
 	}
 
 	state.webserver.stop();
-	}
 #endif
 	return run_result::ok();
 }

userspace/falco/app/actions/validate_rules_files.cpp

@@ -26,7 +26,10 @@ using namespace falco::app;
 using namespace falco::app::actions;
 
 falco::app::run_result falco::app::actions::validate_rules_files(falco::app::state& s) {
-	if(s.options.validate_rules_filenames.size() > 0) {
+	if(s.options.validate_rules_filenames.size() == 0) {
+		return run_result::ok();
+	}
+
 	std::vector<std::string> rules_contents;
 	falco::load_result::rules_contents_t rc;
 
@@ -108,8 +111,7 @@ falco::app::run_result falco::app::actions::validate_rules_files(falco::app::sta
 	// printout of `-L` option
 	nlohmann::json describe_res;
 	if(successful && (s.options.describe_all_rules || !s.options.describe_rule.empty())) {
-			std::string* rptr =
+		std::string* rptr = !s.options.describe_rule.empty() ? &(s.options.describe_rule) : nullptr;
-			        !s.options.describe_rule.empty() ? &(s.options.describe_rule) : nullptr;
 		const auto& plugins = s.offline_inspector->get_plugin_manager()->plugins();
 		describe_res = s.engine->describe_rule(rptr, plugins);
 	}
@@ -129,12 +131,8 @@ falco::app::run_result falco::app::actions::validate_rules_files(falco::app::sta
 		}
 	}
 
-		if(successful) {
+	if(!successful) {
-			return run_result::exit();
-		} else {
 		return run_result::fatal(summary);
 	}
-	}
+	return run_result::exit();
-
-	return run_result::ok();
 }