github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 23:27:20 +00:00
Code Issues Projects Releases Wiki Activity

chore(userspace/falco): remove lua code for outputs

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2020-09-21 18:43:24 +02:00 committed by poiana
parent 85aa337b63
commit ac2a9a35cb
3 changed files with 0 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
userspace/falco/lua/.gitignore vendored
View File

@ -1 +0,0 @@
lyaml*

271
userspace/falco/lua/output.lua
View File

@ -1,271 +0,0 @@
-- Copyright (C) 2019 The Falco Authors.
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
local mod = {}
local outputs = {}
function mod.stdout(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.stdout_message(priority, priority_num, msg, options)
end
function mod.stdout_message(priority, priority_num, msg, options)
if options.buffered == 0 then
io.stdout:setvbuf "no"
end
print(msg)
end
function mod.stdout_cleanup()
io.stdout:flush()
end
-- Note: not actually closing/reopening stdout
function mod.stdout_reopen(options)
end
function mod.file_validate(options)
if (not type(options.filename) == "string") then
error("File output needs to be configured with a valid filename")
end
local file, err = io.open(options.filename, "a+")
if file == nil then
error("Error with file output: " .. err)
end
file:close()
end
function mod.file_open(options)
if ffile == nil then
ffile = io.open(options.filename, "a+")
if options.buffered == 0 then
ffile:setvbuf "no"
end
end
end
function mod.file(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.file_message(priority, priority_num, msg, options)
end
function mod.file_message(priority, priority_num, msg, options)
if options.keep_alive == "true" then
mod.file_open(options)
else
ffile = io.open(options.filename, "a+")
end
ffile:write(msg, "\n")
if options.keep_alive == nil or options.keep_alive ~= "true" then
ffile:close()
ffile = nil
end
end
function mod.file_cleanup()
if ffile ~= nil then
ffile:flush()
ffile:close()
ffile = nil
end
end
function mod.file_reopen(options)
if options.keep_alive == "true" then
mod.file_cleanup()
mod.file_open(options)
end
end
function mod.syslog(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.syslog_message(priority, priority_num, msg, options)
end
function mod.syslog_message(priority, priority_num, msg, options)
falco.syslog(priority_num, msg)
end
function mod.syslog_cleanup()
end
function mod.syslog_reopen()
end
function mod.program_open(options)
if pfile == nil then
pfile = io.popen(options.program, "w")
if options.buffered == 0 then
pfile:setvbuf "no"
end
end
end
function mod.program(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.program_message(priority, priority_num, msg, options)
end
function mod.program_message(priority, priority_num, msg, options)
-- XXX Ideally we'd check that the program ran
-- successfully. However, the luajit we're using returns true even
-- when the shell can't run the program.
-- Note: options are all strings
if options.keep_alive == "true" then
mod.program_open(options)
else
pfile = io.popen(options.program, "w")
end
pfile:write(msg, "\n")
if options.keep_alive == nil or options.keep_alive ~= "true" then
pfile:close()
pfile = nil
end
end
function mod.program_cleanup()
if pfile ~= nil then
pfile:flush()
pfile:close()
pfile = nil
end
end
function mod.program_reopen(options)
if options.keep_alive == "true" then
mod.program_cleanup()
mod.program_open(options)
end
end
function mod.http(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.http_message(priority, priority_num, msg, options)
end
function mod.http_message(priority, priority_num, msg, options)
c_outputs.handle_http(options.url, msg)
end
function mod.http_cleanup()
end
function mod.http_reopen()
end
function mod.grpc(event, rule, source, priority, priority_num, msg, format, hostname, options)
fields = formats.resolve_tokens(event, source, format)
c_outputs.handle_grpc(event, rule, source, priority, msg, fields, hostname, options)
end
function mod.grpc_message(priority, priority_num, msg, options)
-- todo(fntlnz, leodido) > gRPC does not support subscribing to dropped events yet
end
function mod.grpc_cleanup()
end
function mod.grpc_reopen()
end
function output_event(event, rule, source, priority, priority_num, format, hostname)
-- If format starts with a *, remove it, as we're adding our own
-- prefix here.
if format:sub(1, 1) == "*" then
format = format:sub(2)
end
-- time_format_iso_8601 will be the same for all output channels
time_format_iso_8601 = 0
for index, o in ipairs(outputs) do
time_format_iso_8601 = o.options.time_format_iso_8601
break
end
if source == "syscall" then
if time_format_iso_8601 == 1 then
format = "*%evt.time.iso8601: " .. priority .. " " .. format
else
format = "*%evt.time: " .. priority .. " " .. format
end
else
if time_format_iso_8601 == 1 then
format = "*%jevt.time.iso8601: " .. priority .. " " .. format
else
format = "*%jevt.time: " .. priority .. " " .. format
end
end
msg = formats.format_event(event, rule, source, priority, format)
for index, o in ipairs(outputs) do
o.output(event, rule, source, priority, priority_num, msg, format, hostname, o.options)
end
end
function output_msg(msg, priority, priority_num)
for index, o in ipairs(outputs) do
o.message(priority, priority_num, msg, o.options)
end
end
function output_cleanup()
formats.free_formatters()
for index, o in ipairs(outputs) do
o.cleanup()
end
end
function output_reopen()
for index, o in ipairs(outputs) do
o.reopen(o.options)
end
end
function add_output(output_name, buffered, time_format_iso_8601, options)
if not (type(mod[output_name]) == "function") then
error("rule_loader.add_output(): invalid output_name: " .. output_name)
end
-- outputs can optionally define a validation function so that we don't
-- find out at runtime (when an event finally matches a rule!) that the options are invalid
if (type(mod[output_name .. "_validate"]) == "function") then
mod[output_name .. "_validate"](options)
end
if options == nil then
options = {}
end
options.buffered = buffered
options.time_format_iso_8601 = time_format_iso_8601
table.insert(
outputs,
{
output = mod[output_name],
cleanup = mod[output_name .. "_cleanup"],
reopen = mod[output_name .. "_reopen"],
message = mod[output_name .. "_message"],
options = options
}
)
end
return mod

44
userspace/falco/lua/test.lua
View File

@ -1,44 +0,0 @@
-- Copyright (C) 2019 The Falco Authors.
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
local parser = require "parser"
if #arg ~= 1 then
print("Usage: test.lua <string>")
os.exit(1)
end
local macros = {}
local ast
local function doit(line)
ast = parser.parse_filter(line)
if not ast then
print("error", error_msg)
os.exit(1)
end
end
for str in string.gmatch(arg[1], "([^;]+)") do
doit(str)
end
if (ast and ast.type) then
parser.print_ast(ast)
end
os.exit(0)