github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-06 19:29:09 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/falco): use mutable proto fields where applicable

Browse Source 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2020-02-06 22:22:40 +00:00 committed by poiana
parent 738d757b08
commit b3171dbae1
1 changed files with 36 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
userspace/falco/falco_outputs.cpp
View File

@ -35,15 +35,14 @@ const static struct luaL_reg ll_falco_outputs [] =
{NULL, NULL} {NULL, NULL}
}; };
falco_outputs::falco_outputs(falco_engine *engine) falco_outputs::falco_outputs(falco_engine *engine):
: m_falco_engine(engine), m_falco_engine(engine),
m_initialized(false), m_initialized(false),
m_buffered(true), m_buffered(true),
m_json_output(false), m_json_output(false),
m_time_format_iso_8601(false), m_time_format_iso_8601(false),
m_hostname("") m_hostname("")
{ {
} }
falco_outputs::~falco_outputs() falco_outputs::~falco_outputs()
@ -135,7 +134,6 @@ void falco_outputs::add_output(output_config oc)
const char *lerr = lua_tostring(m_ls, -1); const char *lerr = lua_tostring(m_ls, -1);
throw falco_exception(string(lerr)); throw falco_exception(string(lerr));
} }
} }
void falco_outputs::handle_event(gen_event *ev, string &rule, string &source, void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
@ -245,7 +243,6 @@ void falco_outputs::handle_msg(uint64_t now,
{ {
throw falco_exception("No function " + m_lua_output_msg + " found in lua compiler module"); throw falco_exception("No function " + m_lua_output_msg + " found in lua compiler module");
} }
} }
void falco_outputs::reopen_outputs() void falco_outputs::reopen_outputs()
@ -291,7 +288,8 @@ int falco_outputs::handle_http(lua_State *ls)
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
if(res != CURLE_OK) { if(res != CURLE_OK)
{
falco_logger::log(LOG_ERR, "libcurl error: " + string(curl_easy_strerror(res))); falco_logger::log(LOG_ERR, "libcurl error: " + string(curl_easy_strerror(res)));
} }
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
@ -322,11 +320,12 @@ int falco_outputs::handle_grpc(lua_State *ls)
// time // time
gen_event *evt = (gen_event *)lua_topointer(ls, 1); gen_event *evt = (gen_event *)lua_topointer(ls, 1);
auto& timestamp = *grpc_res.mutable_time(); auto timestamp = grpc_res.mutable_time();
timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(evt->get_ts()); *timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(evt->get_ts());
// rule // rule
grpc_res.set_rule((char *)lua_tostring(ls, 2)); auto rule = grpc_res.mutable_rule();
*rule = (char *)lua_tostring(ls, 2);
// source // source
falco::schema::source s = falco::schema::source::SYSCALL; falco::schema::source s = falco::schema::source::SYSCALL;
@ -349,20 +348,23 @@ int falco_outputs::handle_grpc(lua_State *ls)
grpc_res.set_priority(p); grpc_res.set_priority(p);
// output // output
grpc_res.set_output((char *)lua_tostring(ls, 5)); auto output = grpc_res.mutable_output();
*output = (char *)lua_tostring(ls, 5);
// output fields // output fields
auto &fields = *grpc_res.mutable_output_fields(); auto &fields = *grpc_res.mutable_output_fields();
lua_pushnil(ls); // so that lua_next removes it from stack and puts (k, v) on it lua_pushnil(ls); // so that lua_next removes it from stack and puts (k, v) on it
while (lua_next(ls, 6) != 0) { while(lua_next(ls, 6) != 0)
{
fields[lua_tostring(ls, -2)] = lua_tostring(ls, -1); fields[lua_tostring(ls, -2)] = lua_tostring(ls, -1);
lua_pop(ls, 1); // remove value, keep key for lua_next lua_pop(ls, 1); // remove value, keep key for lua_next
} }
lua_pop(ls, 1); // pop table lua_pop(ls, 1); // pop table
// hostname // hostname
grpc_res.set_hostname((char* )lua_tostring(ls, 7)); auto host = grpc_res.mutable_hostname();
*host = (char *)lua_tostring(ls, 7);
falco::output::queue::get().push(grpc_res); falco::output::queue::get().push(grpc_res);