github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-17 08:11:32 +00:00
Code Issues Projects Releases Wiki Activity

refactor(userspace/engine)!: rename some description details outputs

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2023-09-06 13:25:24 +00:00 committed by poiana
parent b67ad907a7
commit aae114c331
1 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
userspace/engine/falco_engine.cpp
View File

@ -686,7 +686,7 @@ void falco_engine::get_json_details(
out["details"]["macros"] = sequence_to_json_array(details.macros); out["details"]["macros"] = sequence_to_json_array(details.macros);
out["details"]["lists"] = sequence_to_json_array(details.lists); out["details"]["lists"] = sequence_to_json_array(details.lists);
out["details"]["operators"] = sequence_to_json_array(compiled_details.operators); out["details"]["condition_operators"] = sequence_to_json_array(compiled_details.operators);
out["details"]["condition_fields"] = sequence_to_json_array(compiled_details.fields); out["details"]["condition_fields"] = sequence_to_json_array(compiled_details.fields);
// Get fields from output string // Get fields from output string
@ -699,11 +699,11 @@ void falco_engine::get_json_details(
out["details"]["exception_fields"] = sequence_to_json_array(r.exception_fields); out["details"]["exception_fields"] = sequence_to_json_array(r.exception_fields);
// Get names and operators from exceptions // Get names and operators from exceptions
Json::Value exception_names = Json::arrayValue; std::unordered_set<std::string> exception_names;
Json::Value exception_operators = Json::arrayValue; std::unordered_set<std::string> exception_operators;
for(const auto &e : info.exceptions) for(const auto &e : info.exceptions)
{ {
exception_names.append(e.name); exception_names.insert(e.name);
if(e.comps.is_list) if(e.comps.is_list)
{ {
for(const auto& c : e.comps.items) for(const auto& c : e.comps.items)
@ -713,22 +713,22 @@ void falco_engine::get_json_details(
// considering max two levels of lists // considering max two levels of lists
for(const auto& i : c.items) for(const auto& i : c.items)
{ {
exception_operators.append(i.item); exception_operators.insert(i.item);
} }
} }
else else
{ {
exception_operators.append(c.item); exception_operators.insert(c.item);
} }
} }
} }
else else
{ {
exception_operators.append(e.comps.item); exception_operators.insert(e.comps.item);
} }
} }
out["details"]["exceptions"] = exception_names; out["details"]["exception_names"] = sequence_to_json_array(exception_names);
out["details"]["exception_operators"] = exception_operators; out["details"]["exception_operators"] = sequence_to_json_array(exception_operators);
// Store event types // Store event types
Json::Value events; Json::Value events;
@ -788,7 +788,7 @@ void falco_engine::get_json_details(
out["details"]["used"] = m.used; out["details"]["used"] = m.used;
out["details"]["macros"] = sequence_to_json_array(details.macros); out["details"]["macros"] = sequence_to_json_array(details.macros);
out["details"]["lists"] = sequence_to_json_array(details.lists); out["details"]["lists"] = sequence_to_json_array(details.lists);
out["details"]["operators"] = sequence_to_json_array(compiled_details.operators); out["details"]["condition_operators"] = sequence_to_json_array(compiled_details.operators);
out["details"]["condition_fields"] = sequence_to_json_array(compiled_details.fields); out["details"]["condition_fields"] = sequence_to_json_array(compiled_details.fields);
// Store event types // Store event types
@ -819,7 +819,7 @@ void falco_engine::get_json_details(
// note: the syntactic definitions still has the list refs unresolved // note: the syntactic definitions still has the list refs unresolved
Json::Value items = Json::arrayValue; Json::Value items = Json::arrayValue;
Json::Value lists = Json::arrayValue; std::unordered_set<std::string> lists;
for(const auto &i : info.items) for(const auto &i : info.items)
{ {
// if an item is present in the syntactic def of a list, but not // if an item is present in the syntactic def of a list, but not
@ -827,7 +827,7 @@ void falco_engine::get_json_details(
// being a resolved list ref // being a resolved list ref
if(std::find(l.items.begin(), l.items.end(), i) == l.items.end()) if(std::find(l.items.begin(), l.items.end(), i) == l.items.end())
{ {
lists.append(i); lists.insert(i);
continue; continue;
} }
items.append(i); items.append(i);
@ -836,7 +836,7 @@ void falco_engine::get_json_details(
list_info["items"] = items; list_info["items"] = items;
out["info"] = list_info; out["info"] = list_info;
out["details"]["used"] = l.used; out["details"]["used"] = l.used;
out["details"]["lists"] = lists; out["details"]["lists"] = sequence_to_json_array(lists);
out["details"]["items_compiled"] = sequence_to_json_array(l.items); out["details"]["items_compiled"] = sequence_to_json_array(l.items);
out["details"]["plugins"] = Json::arrayValue; // always empty out["details"]["plugins"] = Json::arrayValue; // always empty
} }
@ -884,7 +884,7 @@ void falco_engine::get_json_used_plugins(
fieldnames.insert(f); fieldnames.insert(f);
} }
out = Json::arrayValue; std::unordered_set<std::string> used_plugins;
for (const auto& p : plugins) for (const auto& p : plugins)
{ {
bool used = false; bool used = false;
@ -896,7 +896,7 @@ void falco_engine::get_json_used_plugins(
// they will both be included in the list. // they will both be included in the list.
if (!used && p->event_source() == source) if (!used && p->event_source() == source)
{ {
out.append(p->name()); used_plugins.insert(p->name());
used = true; used = true;
} }
} }
@ -913,7 +913,7 @@ void falco_engine::get_json_used_plugins(
{ {
if (!used && fieldnames.find(f.m_name) != fieldnames.end()) if (!used && fieldnames.find(f.m_name) != fieldnames.end())
{ {
out.append(p->name()); used_plugins.insert(p->name());
used = true; used = true;
break; break;
} }
@ -932,7 +932,7 @@ void falco_engine::get_json_used_plugins(
{ {
if (!used && evtnames.find(n) != evtnames.end()) if (!used && evtnames.find(n) != evtnames.end())
{ {
out.append(p->name()); used_plugins.insert(p->name());
used = true; used = true;
break; break;
} }
@ -940,6 +940,8 @@ void falco_engine::get_json_used_plugins(
} }
} }
} }
out = sequence_to_json_array(used_plugins);
} }
void falco_engine::print_stats() const void falco_engine::print_stats() const