github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 10:56:47 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/falco): use mutable proto fields where applicable

Browse Source 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2020-02-06 22:22:40 +00:00 committed by poiana
parent 738d757b08
commit b3171dbae1
1 changed files with 36 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
userspace/falco/falco_outputs.cpp
View File

@ -32,18 +32,17 @@ const static struct luaL_reg ll_falco_outputs [] =
{ {
{"handle_http", &falco_outputs::handle_http}, {"handle_http", &falco_outputs::handle_http},
{"handle_grpc", &falco_outputs::handle_grpc}, {"handle_grpc", &falco_outputs::handle_grpc},
{NULL,NULL} {NULL, NULL}
}; };
falco_outputs::falco_outputs(falco_engine *engine) falco_outputs::falco_outputs(falco_engine *engine):
: m_falco_engine(engine), m_falco_engine(engine),
m_initialized(false), m_initialized(false),
m_buffered(true), m_buffered(true),
m_json_output(false), m_json_output(false),
m_time_format_iso_8601(false), m_time_format_iso_8601(false),
m_hostname("") m_hostname("")
{ {
} }
falco_outputs::~falco_outputs() falco_outputs::~falco_outputs()
@ -64,7 +63,7 @@ falco_outputs::~falco_outputs()
if(lua_pcall(m_ls, 0, 0, 0) != 0) if(lua_pcall(m_ls, 0, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(m_ls, -1); const char *lerr = lua_tostring(m_ls, -1);
falco_logger::log(LOG_ERR, std::string("lua_pcall failed, err: ") + lerr); falco_logger::log(LOG_ERR, std::string("lua_pcall failed, err: ") + lerr);
assert(nullptr == "lua_pcall failed in ~falco_outputs"); assert(nullptr == "lua_pcall failed in ~falco_outputs");
} }
@ -77,7 +76,7 @@ void falco_outputs::init(bool json_output,
bool time_format_iso_8601, string hostname) bool time_format_iso_8601, string hostname)
{ {
// The engine must have been given an inspector by now. // The engine must have been given an inspector by now.
if(! m_inspector) if(!m_inspector)
{ {
throw falco_exception("No inspector provided"); throw falco_exception("No inspector provided");
} }
@ -118,12 +117,12 @@ void falco_outputs::add_output(output_config oc)
lua_pushnumber(m_ls, (m_time_format_iso_8601 ? 1 : 0)); lua_pushnumber(m_ls, (m_time_format_iso_8601 ? 1 : 0));
// If we have options, build up a lua table containing them // If we have options, build up a lua table containing them
if (oc.options.size()) if(oc.options.size())
{ {
nargs = 4; nargs = 4;
lua_createtable(m_ls, 0, oc.options.size()); lua_createtable(m_ls, 0, oc.options.size());
for (auto it = oc.options.cbegin(); it != oc.options.cend(); ++it) for(auto it = oc.options.cbegin(); it != oc.options.cend(); ++it)
{ {
lua_pushstring(m_ls, (*it).second.c_str()); lua_pushstring(m_ls, (*it).second.c_str());
lua_setfield(m_ls, -2, (*it).first.c_str()); lua_setfield(m_ls, -2, (*it).first.c_str());
@ -132,10 +131,9 @@ void falco_outputs::add_output(output_config oc)
if(lua_pcall(m_ls, nargs, 0, 0) != 0) if(lua_pcall(m_ls, nargs, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(m_ls, -1); const char *lerr = lua_tostring(m_ls, -1);
throw falco_exception(string(lerr)); throw falco_exception(string(lerr));
} }
} }
void falco_outputs::handle_event(gen_event *ev, string &rule, string &source, void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
@ -162,7 +160,7 @@ void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
if(lua_pcall(m_ls, 7, 0, 0) != 0) if(lua_pcall(m_ls, 7, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(m_ls, -1); const char *lerr = lua_tostring(m_ls, -1);
string err = "Error invoking function output: " + string(lerr); string err = "Error invoking function output: " + string(lerr);
throw falco_exception(err); throw falco_exception(err);
} }
@ -177,7 +175,7 @@ void falco_outputs::handle_msg(uint64_t now,
falco_common::priority_type priority, falco_common::priority_type priority,
std::string &msg, std::string &msg,
std::string &rule, std::string &rule,
std::map<std::string,std::string> &output_fields) std::map<std::string, std::string> &output_fields)
{ {
std::string full_msg; std::string full_msg;
@ -186,9 +184,9 @@ void falco_outputs::handle_msg(uint64_t now,
nlohmann::json jmsg; nlohmann::json jmsg;
// Convert the time-as-nanoseconds to a more json-friendly ISO8601. // Convert the time-as-nanoseconds to a more json-friendly ISO8601.
time_t evttime = now/1000000000; time_t evttime = now / 1000000000;
char time_sec[20]; // sizeof "YYYY-MM-DDTHH:MM:SS" char time_sec[20]; // sizeof "YYYY-MM-DDTHH:MM:SS"
char time_ns[12]; // sizeof ".sssssssssZ" char time_ns[12]; // sizeof ".sssssssssZ"
string iso8601evttime; string iso8601evttime;
strftime(time_sec, sizeof(time_sec), "%FT%T", gmtime(&evttime)); strftime(time_sec, sizeof(time_sec), "%FT%T", gmtime(&evttime));
@ -236,7 +234,7 @@ void falco_outputs::handle_msg(uint64_t now,
if(lua_pcall(m_ls, 3, 0, 0) != 0) if(lua_pcall(m_ls, 3, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(m_ls, -1); const char *lerr = lua_tostring(m_ls, -1);
string err = "Error invoking function output: " + string(lerr); string err = "Error invoking function output: " + string(lerr);
throw falco_exception(err); throw falco_exception(err);
} }
@ -245,7 +243,6 @@ void falco_outputs::handle_msg(uint64_t now,
{ {
throw falco_exception("No function " + m_lua_output_msg + " found in lua compiler module"); throw falco_exception("No function " + m_lua_output_msg + " found in lua compiler module");
} }
} }
void falco_outputs::reopen_outputs() void falco_outputs::reopen_outputs()
@ -258,7 +255,7 @@ void falco_outputs::reopen_outputs()
if(lua_pcall(m_ls, 0, 0, 0) != 0) if(lua_pcall(m_ls, 0, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(m_ls, -1); const char *lerr = lua_tostring(m_ls, -1);
throw falco_exception(string(lerr)); throw falco_exception(string(lerr));
} }
} }
@ -277,8 +274,8 @@ int falco_outputs::handle_http(lua_State *ls)
lua_error(ls); lua_error(ls);
} }
string url = (char *) lua_tostring(ls, 1); string url = (char *)lua_tostring(ls, 1);
string msg = (char *) lua_tostring(ls, 2); string msg = (char *)lua_tostring(ls, 2);
curl = curl_easy_init(); curl = curl_easy_init();
if(curl) if(curl)
@ -291,8 +288,9 @@ int falco_outputs::handle_http(lua_State *ls)
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
if(res != CURLE_OK) { if(res != CURLE_OK)
falco_logger::log(LOG_ERR,"libcurl error: " + string(curl_easy_strerror(res))); {
falco_logger::log(LOG_ERR, "libcurl error: " + string(curl_easy_strerror(res)));
} }
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
curl = NULL; curl = NULL;
@ -321,12 +319,13 @@ int falco_outputs::handle_grpc(lua_State *ls)
response grpc_res = response(); response grpc_res = response();
// time // time
gen_event* evt = (gen_event*)lua_topointer(ls, 1); gen_event *evt = (gen_event *)lua_topointer(ls, 1);
auto& timestamp = *grpc_res.mutable_time(); auto timestamp = grpc_res.mutable_time();
timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(evt->get_ts()); *timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(evt->get_ts());
// rule // rule
grpc_res.set_rule((char *)lua_tostring(ls, 2)); auto rule = grpc_res.mutable_rule();
*rule = (char *)lua_tostring(ls, 2);
// source // source
falco::schema::source s = falco::schema::source::SYSCALL; falco::schema::source s = falco::schema::source::SYSCALL;
@ -349,20 +348,23 @@ int falco_outputs::handle_grpc(lua_State *ls)
grpc_res.set_priority(p); grpc_res.set_priority(p);
// output // output
grpc_res.set_output((char *)lua_tostring(ls, 5)); auto output = grpc_res.mutable_output();
*output = (char *)lua_tostring(ls, 5);
// output fields // output fields
auto& fields = *grpc_res.mutable_output_fields(); auto &fields = *grpc_res.mutable_output_fields();
lua_pushnil(ls); // so that lua_next removes it from stack and puts (k, v) on it lua_pushnil(ls); // so that lua_next removes it from stack and puts (k, v) on it
while (lua_next(ls, 6) != 0) { while(lua_next(ls, 6) != 0)
{
fields[lua_tostring(ls, -2)] = lua_tostring(ls, -1); fields[lua_tostring(ls, -2)] = lua_tostring(ls, -1);
lua_pop(ls, 1); // remove value, keep key for lua_next lua_pop(ls, 1); // remove value, keep key for lua_next
} }
lua_pop(ls, 1); // pop table lua_pop(ls, 1); // pop table
// hostname // hostname
grpc_res.set_hostname((char* )lua_tostring(ls, 7)); auto host = grpc_res.mutable_hostname();
*host = (char *)lua_tostring(ls, 7);
falco::output::queue::get().push(grpc_res); falco::output::queue::get().push(grpc_res);