mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-05 19:06:44 +00:00
update(userspace/falco): use mutable proto fields where applicable
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato
poiana
parent
738d757b08
commit
b3171dbae1
@ -32,18 +32,17 @@ const static struct luaL_reg ll_falco_outputs [] =
|
|||||||
{
|
{
|
||||||
{"handle_http", &falco_outputs::handle_http},
|
{"handle_http", &falco_outputs::handle_http},
|
||||||
{"handle_grpc", &falco_outputs::handle_grpc},
|
{"handle_grpc", &falco_outputs::handle_grpc},
|
||||||
{NULL,NULL}
|
{NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
falco_outputs::falco_outputs(falco_engine *engine)
|
falco_outputs::falco_outputs(falco_engine *engine):
|
||||||
: m_falco_engine(engine),
|
m_falco_engine(engine),
|
||||||
m_initialized(false),
|
m_initialized(false),
|
||||||
m_buffered(true),
|
m_buffered(true),
|
||||||
m_json_output(false),
|
m_json_output(false),
|
||||||
m_time_format_iso_8601(false),
|
m_time_format_iso_8601(false),
|
||||||
m_hostname("")
|
m_hostname("")
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
falco_outputs::~falco_outputs()
|
falco_outputs::~falco_outputs()
|
||||||
@ -64,7 +63,7 @@ falco_outputs::~falco_outputs()
|
|||||||
|
|
||||||
if(lua_pcall(m_ls, 0, 0, 0) != 0)
|
if(lua_pcall(m_ls, 0, 0, 0) != 0)
|
||||||
{
|
{
|
||||||
const char* lerr = lua_tostring(m_ls, -1);
|
const char *lerr = lua_tostring(m_ls, -1);
|
||||||
falco_logger::log(LOG_ERR, std::string("lua_pcall failed, err: ") + lerr);
|
falco_logger::log(LOG_ERR, std::string("lua_pcall failed, err: ") + lerr);
|
||||||
assert(nullptr == "lua_pcall failed in ~falco_outputs");
|
assert(nullptr == "lua_pcall failed in ~falco_outputs");
|
||||||
}
|
}
|
||||||
@ -77,7 +76,7 @@ void falco_outputs::init(bool json_output,
|
|||||||
bool time_format_iso_8601, string hostname)
|
bool time_format_iso_8601, string hostname)
|
||||||
{
|
{
|
||||||
// The engine must have been given an inspector by now.
|
// The engine must have been given an inspector by now.
|
||||||
if(! m_inspector)
|
if(!m_inspector)
|
||||||
{
|
{
|
||||||
throw falco_exception("No inspector provided");
|
throw falco_exception("No inspector provided");
|
||||||
}
|
}
|
||||||
@ -118,12 +117,12 @@ void falco_outputs::add_output(output_config oc)
|
|||||||
lua_pushnumber(m_ls, (m_time_format_iso_8601 ? 1 : 0));
|
lua_pushnumber(m_ls, (m_time_format_iso_8601 ? 1 : 0));
|
||||||
|
|
||||||
// If we have options, build up a lua table containing them
|
// If we have options, build up a lua table containing them
|
||||||
if (oc.options.size())
|
if(oc.options.size())
|
||||||
{
|
{
|
||||||
nargs = 4;
|
nargs = 4;
|
||||||
lua_createtable(m_ls, 0, oc.options.size());
|
lua_createtable(m_ls, 0, oc.options.size());
|
||||||
|
|
||||||
for (auto it = oc.options.cbegin(); it != oc.options.cend(); ++it)
|
for(auto it = oc.options.cbegin(); it != oc.options.cend(); ++it)
|
||||||
{
|
{
|
||||||
lua_pushstring(m_ls, (*it).second.c_str());
|
lua_pushstring(m_ls, (*it).second.c_str());
|
||||||
lua_setfield(m_ls, -2, (*it).first.c_str());
|
lua_setfield(m_ls, -2, (*it).first.c_str());
|
||||||
@ -132,10 +131,9 @@ void falco_outputs::add_output(output_config oc)
|
|||||||
|
|
||||||
if(lua_pcall(m_ls, nargs, 0, 0) != 0)
|
if(lua_pcall(m_ls, nargs, 0, 0) != 0)
|
||||||
{
|
{
|
||||||
const char* lerr = lua_tostring(m_ls, -1);
|
const char *lerr = lua_tostring(m_ls, -1);
|
||||||
throw falco_exception(string(lerr));
|
throw falco_exception(string(lerr));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
|
void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
|
||||||
@ -162,7 +160,7 @@ void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
|
|||||||
|
|
||||||
if(lua_pcall(m_ls, 7, 0, 0) != 0)
|
if(lua_pcall(m_ls, 7, 0, 0) != 0)
|
||||||
{
|
{
|
||||||
const char* lerr = lua_tostring(m_ls, -1);
|
const char *lerr = lua_tostring(m_ls, -1);
|
||||||
string err = "Error invoking function output: " + string(lerr);
|
string err = "Error invoking function output: " + string(lerr);
|
||||||
throw falco_exception(err);
|
throw falco_exception(err);
|
||||||
}
|
}
|
||||||
@ -177,7 +175,7 @@ void falco_outputs::handle_msg(uint64_t now,
|
|||||||
falco_common::priority_type priority,
|
falco_common::priority_type priority,
|
||||||
std::string &msg,
|
std::string &msg,
|
||||||
std::string &rule,
|
std::string &rule,
|
||||||
std::map<std::string,std::string> &output_fields)
|
std::map<std::string, std::string> &output_fields)
|
||||||
{
|
{
|
||||||
std::string full_msg;
|
std::string full_msg;
|
||||||
|
|
||||||
@ -186,7 +184,7 @@ void falco_outputs::handle_msg(uint64_t now,
|
|||||||
nlohmann::json jmsg;
|
nlohmann::json jmsg;
|
||||||
|
|
||||||
// Convert the time-as-nanoseconds to a more json-friendly ISO8601.
|
// Convert the time-as-nanoseconds to a more json-friendly ISO8601.
|
||||||
time_t evttime = now/1000000000;
|
time_t evttime = now / 1000000000;
|
||||||
char time_sec[20]; // sizeof "YYYY-MM-DDTHH:MM:SS"
|
char time_sec[20]; // sizeof "YYYY-MM-DDTHH:MM:SS"
|
||||||
char time_ns[12]; // sizeof ".sssssssssZ"
|
char time_ns[12]; // sizeof ".sssssssssZ"
|
||||||
string iso8601evttime;
|
string iso8601evttime;
|
||||||
@ -236,7 +234,7 @@ void falco_outputs::handle_msg(uint64_t now,
|
|||||||
|
|
||||||
if(lua_pcall(m_ls, 3, 0, 0) != 0)
|
if(lua_pcall(m_ls, 3, 0, 0) != 0)
|
||||||
{
|
{
|
||||||
const char* lerr = lua_tostring(m_ls, -1);
|
const char *lerr = lua_tostring(m_ls, -1);
|
||||||
string err = "Error invoking function output: " + string(lerr);
|
string err = "Error invoking function output: " + string(lerr);
|
||||||
throw falco_exception(err);
|
throw falco_exception(err);
|
||||||
}
|
}
|
||||||
@ -245,7 +243,6 @@ void falco_outputs::handle_msg(uint64_t now,
|
|||||||
{
|
{
|
||||||
throw falco_exception("No function " + m_lua_output_msg + " found in lua compiler module");
|
throw falco_exception("No function " + m_lua_output_msg + " found in lua compiler module");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void falco_outputs::reopen_outputs()
|
void falco_outputs::reopen_outputs()
|
||||||
@ -258,7 +255,7 @@ void falco_outputs::reopen_outputs()
|
|||||||
|
|
||||||
if(lua_pcall(m_ls, 0, 0, 0) != 0)
|
if(lua_pcall(m_ls, 0, 0, 0) != 0)
|
||||||
{
|
{
|
||||||
const char* lerr = lua_tostring(m_ls, -1);
|
const char *lerr = lua_tostring(m_ls, -1);
|
||||||
throw falco_exception(string(lerr));
|
throw falco_exception(string(lerr));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -277,8 +274,8 @@ int falco_outputs::handle_http(lua_State *ls)
|
|||||||
lua_error(ls);
|
lua_error(ls);
|
||||||
}
|
}
|
||||||
|
|
||||||
string url = (char *) lua_tostring(ls, 1);
|
string url = (char *)lua_tostring(ls, 1);
|
||||||
string msg = (char *) lua_tostring(ls, 2);
|
string msg = (char *)lua_tostring(ls, 2);
|
||||||
|
|
||||||
curl = curl_easy_init();
|
curl = curl_easy_init();
|
||||||
if(curl)
|
if(curl)
|
||||||
@ -291,8 +288,9 @@ int falco_outputs::handle_http(lua_State *ls)
|
|||||||
|
|
||||||
res = curl_easy_perform(curl);
|
res = curl_easy_perform(curl);
|
||||||
|
|
||||||
if(res != CURLE_OK) {
|
if(res != CURLE_OK)
|
||||||
falco_logger::log(LOG_ERR,"libcurl error: " + string(curl_easy_strerror(res)));
|
{
|
||||||
|
falco_logger::log(LOG_ERR, "libcurl error: " + string(curl_easy_strerror(res)));
|
||||||
}
|
}
|
||||||
curl_easy_cleanup(curl);
|
curl_easy_cleanup(curl);
|
||||||
curl = NULL;
|
curl = NULL;
|
||||||
@ -321,12 +319,13 @@ int falco_outputs::handle_grpc(lua_State *ls)
|
|||||||
response grpc_res = response();
|
response grpc_res = response();
|
||||||
|
|
||||||
// time
|
// time
|
||||||
gen_event* evt = (gen_event*)lua_topointer(ls, 1);
|
gen_event *evt = (gen_event *)lua_topointer(ls, 1);
|
||||||
auto& timestamp = *grpc_res.mutable_time();
|
auto timestamp = grpc_res.mutable_time();
|
||||||
timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(evt->get_ts());
|
*timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(evt->get_ts());
|
||||||
|
|
||||||
// rule
|
// rule
|
||||||
grpc_res.set_rule((char *)lua_tostring(ls, 2));
|
auto rule = grpc_res.mutable_rule();
|
||||||
|
*rule = (char *)lua_tostring(ls, 2);
|
||||||
|
|
||||||
// source
|
// source
|
||||||
falco::schema::source s = falco::schema::source::SYSCALL;
|
falco::schema::source s = falco::schema::source::SYSCALL;
|
||||||
@ -349,20 +348,23 @@ int falco_outputs::handle_grpc(lua_State *ls)
|
|||||||
grpc_res.set_priority(p);
|
grpc_res.set_priority(p);
|
||||||
|
|
||||||
// output
|
// output
|
||||||
grpc_res.set_output((char *)lua_tostring(ls, 5));
|
auto output = grpc_res.mutable_output();
|
||||||
|
*output = (char *)lua_tostring(ls, 5);
|
||||||
|
|
||||||
// output fields
|
// output fields
|
||||||
auto& fields = *grpc_res.mutable_output_fields();
|
auto &fields = *grpc_res.mutable_output_fields();
|
||||||
|
|
||||||
lua_pushnil(ls); // so that lua_next removes it from stack and puts (k, v) on it
|
lua_pushnil(ls); // so that lua_next removes it from stack and puts (k, v) on it
|
||||||
while (lua_next(ls, 6) != 0) {
|
while(lua_next(ls, 6) != 0)
|
||||||
|
{
|
||||||
fields[lua_tostring(ls, -2)] = lua_tostring(ls, -1);
|
fields[lua_tostring(ls, -2)] = lua_tostring(ls, -1);
|
||||||
lua_pop(ls, 1); // remove value, keep key for lua_next
|
lua_pop(ls, 1); // remove value, keep key for lua_next
|
||||||
}
|
}
|
||||||
lua_pop(ls, 1); // pop table
|
lua_pop(ls, 1); // pop table
|
||||||
|
|
||||||
// hostname
|
// hostname
|
||||||
grpc_res.set_hostname((char* )lua_tostring(ls, 7));
|
auto host = grpc_res.mutable_hostname();
|
||||||
|
*host = (char *)lua_tostring(ls, 7);
|
||||||
|
|
||||||
falco::output::queue::get().push(grpc_res);
|
falco::output::queue::get().push(grpc_res);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user