github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 07:37:32 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/engine): formatting and auto declarations

Browse Source 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
Lorenzo Fontana 2020-02-06 14:25:40 +01:00 committed by poiana
parent 5b9001d1d5
commit af3d89b706
2 changed files with 4 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
userspace/engine/json_evt.cpp
View File

@ -512,31 +512,27 @@ const json_event_filter_check::values_t &json_event_filter_check::extracted_valu
bool json_event_filter_check::compare(gen_event *evt) bool json_event_filter_check::compare(gen_event *evt)
{ {
json_event *jevt = (json_event *)evt; auto jevt = (json_event *)evt;
uint32_t len; uint32_t len;
const extracted_values_t *evalues = (const extracted_values_t *) extract(jevt, &len); auto evalues = (const extracted_values_t *) extract(jevt, &len);
values_set_t setvals; values_set_t setvals;
switch(m_cmpop) switch(m_cmpop)
{ {
case CO_EQ: case CO_EQ:
return evalues->second == m_values; return evalues->second == m_values;
break;
case CO_NE: case CO_NE:
return evalues->second != m_values; return evalues->second != m_values;
break;
case CO_STARTSWITH: case CO_STARTSWITH:
return (evalues->first.size() == 1 && return (evalues->first.size() == 1 &&
m_values.size() == 1 && m_values.size() == 1 &&
evalues->first.at(0).startswith(*(m_values.begin()))); evalues->first.at(0).startswith(*(m_values.begin())));
break;
case CO_CONTAINS: case CO_CONTAINS:
return (evalues->first.size() == 1 && return (evalues->first.size() == 1 &&
m_values.size() == 1 && m_values.size() == 1 &&
evalues->first.at(0).contains(*(m_values.begin()))); evalues->first.at(0).contains(*(m_values.begin())));
break;
case CO_IN: case CO_IN:
for(auto &item : evalues->second) for(auto &item : evalues->second)
{ {
@ -546,7 +542,6 @@ bool json_event_filter_check::compare(gen_event *evt)
} }
} }
return true; return true;
break;
case CO_PMATCH: case CO_PMATCH:
for(auto &item : evalues->second) for(auto &item : evalues->second)
{ {
@ -559,19 +554,16 @@ bool json_event_filter_check::compare(gen_event *evt)
} }
} }
return true; return true;
break;
case CO_INTERSECTS: case CO_INTERSECTS:
std::set_intersection(evalues->second.begin(), evalues->second.end(), std::set_intersection(evalues->second.begin(), evalues->second.end(),
m_values.begin(), m_values.end(), m_values.begin(), m_values.end(),
std::inserter(setvals, setvals.begin())); std::inserter(setvals, setvals.begin()));
return (setvals.size() > 0); return (!setvals.empty());
break;
case CO_LT: case CO_LT:
return (evalues->first.size() == 1 && return (evalues->first.size() == 1 &&
m_values.size() == 1 && m_values.size() == 1 &&
evalues->first.at(0).ptype() == m_values.begin()->ptype() && evalues->first.at(0).ptype() == m_values.begin()->ptype() &&
evalues->first.at(0) < *(m_values.begin())); evalues->first.at(0) < *(m_values.begin()));
break;
case CO_LE: case CO_LE:
return (evalues->first.size() == 1 && return (evalues->first.size() == 1 &&
m_values.size() == 1 && m_values.size() == 1 &&
@ -589,11 +581,9 @@ bool json_event_filter_check::compare(gen_event *evt)
evalues->first.at(0).ptype() == m_values.begin()->ptype() && evalues->first.at(0).ptype() == m_values.begin()->ptype() &&
(evalues->first.at(0) > *(m_values.begin()) || (evalues->first.at(0) > *(m_values.begin()) ||
evalues->first.at(0) == *(m_values.begin()))); evalues->first.at(0) == *(m_values.begin())));
break;
case CO_EXISTS: case CO_EXISTS:
return (evalues->first.size() == 1 && return (evalues->first.size() == 1 &&
(evalues->first.at(0) != json_event_filter_check::no_value)); (evalues->first.at(0) != json_event_filter_check::no_value));
break;
default: default:
throw falco_exception("filter error: unsupported comparison operator"); throw falco_exception("filter error: unsupported comparison operator");
} }

3
userspace/engine/json_evt.h
View File

@ -193,7 +193,6 @@ public:
const values_t &extracted_values(); const values_t &extracted_values();
protected: protected:
// Subclasses can override this method, calling // Subclasses can override this method, calling
// add_extracted_value to add extracted values. // add_extracted_value to add extracted values.
virtual bool extract_values(json_event *jevt); virtual bool extract_values(json_event *jevt);
@ -293,7 +292,7 @@ public:
jevt_filter_check(); jevt_filter_check();
virtual ~jevt_filter_check(); virtual ~jevt_filter_check();
int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) final; int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) final;
json_event_filter_check *allocate_new(); json_event_filter_check *allocate_new();